Cyber Security Today, April 29, 2024 – Credential stuffing attacks are hitting firms using Okta ID management solutions, and more

Credential stuffing attacks are hitting firms using Okta ID management solutions, and more.

Welcome to Cyber Security Today. It’s Monday, April 29, 2024. I’m Howard Solomon.

Credential stuffing attacks on organizations that use Okta’s identity and access management solutions have spiked in the last nine days. The company issued that warning on Saturday. It comes after Cisco Systems warned last week that it is seeing large scale brute force attacks on a number of gateways and web application authentication services. These are attacks where hackers try to sign-in using large lists of usernames and passwords collected from data breaches, phishing or malware campaigns. The attacks use anatomizing tactics like being routed through TOR networks or residential proxies. Regardless of where the attacks come from, IT administrators have to take defensive steps. These include turning on security features in cloud-based authentication services for logins, insisting employees use phishing resistant multifactor authentication or passwordless authentication and creating network zones to block login requests from countries where your organization doesn’t operate.

Anyone looking online for a job should be careful they aren’t taken in by a scam. That includes software developers, who are being tricked into downloading malware under the guise of proving their coding abilities. That’s the warning from researchers at Securonix. Threat actors possibly from North Korea are setting up fake online job postings and interviews from legitimate-looking companies. To test their skills applicants are asked to download software from places that appear legitimate, like the GitHub open source code repository. However, what they download is malware that can steal information from developers’ computers. It’s been said before: Be careful answering job ads on the internet.

Kaiser Permanente, which operates hospitals and clinics across eight states and the District of Columbia, says information on about 13.4 million current and former members and patients was recently leaked. How? Through third-party data trackers installed on its websites and mobile platforms. The admission was made to the Bleeping Computer news service. The data was collected by Google, Microsoft Bing and X social media platform. The data would have IP addresses, names and details about searches. But it didn’t include passwords or financial information. Bleeping Computer notes usually tracker data is shared with advertisers and data brokers.

An American debt collection agency is notifying almost 2 million people about a data breach. Financial Business and Consumer Solutions says its IT system was hacked in February. Data stolen included names, Social Security numbers, dates of birth and individuals’ account information.

An accounting and consulting firm that does analytics for healthcare providers is notifying just over 1 million Americans of a data breach at its IT provider. Berry, Dunn, McNeil & Parker says that last fall a hacker got into the system of Reliable Networks of Maine, the managed service provider of the analytics unit. Data stolen included names, addresses, drivers licences and non-driver identification card numbers.

Twenty-three staff members of the Los Angeles County Health Services agency fell for a phishing scam in February that resulted in the theft of patient data. In a letter sent to affected people last week, the county said a hacker was able to get hold of the login credentials of 23 employees who clicked on a link in an email message. The notice doesn’t say how many people were victims. What the thief got was data that could have included names, dates of birth, home addresses, phone number(s), e-mail addresses and personal medical information.

A new Android malware that steals bank login information from smartphones has been discovered. Researchers at ThreatFabric call it Brokewell. It’s getting distributed by ads claiming to be an update for the Chrome browser. When you want to update any browser — or any application — don’t click on an ad, a text message or a popup claiming to be an update. Update only through the application’s settings.

Finally, should people and companies who provide cybersecurity services be licenced? Earlier this month Malaysia passed legislation requiring cybersecurity professionals and service providers to be licenced. Regulations on which providers of services will need to be licenced haven’t been worked out yet. But Malaysia follows Singapore and Ghana to require a licencing scheme. Ghana requires not only businesses but cybersecurity pros providing managed services, penetration testing and vulnerability assessments to be licenced. The news site Dark Reading quotes one expert worrying that licencing is a way to control researchers and journalists who want to blow the whistle on lax cybersecurity in businesses and government. Another expert says it could help develop cybersecurity specialists. A commentator with the SANS Institute notes that the idea is to help weed out unqualified people from being hired for cybersecurity work. But it will depend on what knowledge cyber pros are supposed to have.

Follow Cyber Security Today on Apple Podcasts, Spotify or add us to your Flash Briefing on your smart speaker.