Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
thnThe Hacker NewsTHN:4C7AFC631CA584C1EACB3938ACA67462
HistoryMay 30, 2024 - 6:52 a.m.

Okta Warns of Credential Stuffing Attacks Targeting Customer Identity Cloud

2024-05-3006:52:00
The Hacker News
thehackernews.com
5
okta
credential stuffing
customer identity cloud
cross-origin authentication
iam services
cyber attack
tenant logs
breached password detection
credential guard
weak passwords
phishing resistant authentication
passkeys
uptick in attacks

AI Score

7.6

Confidence

Low

JSON

Okta is warning that a cross-origin authentication feature in Customer Identity Cloud (CIC) is susceptible to credential stuffing attacks orchestrated by threat actors.

“We observed that the endpoints used to support the cross-origin authentication feature being attacked via credential stuffing for a number of our customers,” the Identity and access management (IAM) services provider said.

The suspicious activity commenced on April 15, 2024, with the company noting that it “proactively” informed customers that had the feature enabled. It did not disclose how many customers were impacted by the attacks.

Credential stuffing is a type of cyber attack in which adversaries attempt to sign in to online services using an already available list of usernames and passwords obtained either from previous data breaches, or from phishing and malware campaigns.

Cybersecurity

As recommended actions, users are being asked to review tenant logs for any signs of unexpected login events – failed cross-origin authentication (fcoa), success cross-origin authentication (scoa), and breached password (pwd_leak) – rotate credentials, and restrict or disable cross-origin authentication for tenants.

Tenants are likely to have been targeted in a credential stuffing attack regardless of whether cross-origin authentication is used or not if scoa or fcoa events are present in event logs and if there is an increase in the failure-to-success events.

Other mitigations include enabling breached password detection or Credential Guard, prohibiting users from choosing weak passwords, and enrolling them in passwordless, phishing resistant authentication using new standards such as passkeys.

The development arrives a month after the company alerted of an uptick in the “frequency and scale” of credential stuffing attacks aimed at online services that’s facilitated using residential proxy services.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

AI Score

7.6

Confidence

Low

JSON