Identity and access management (IAM) specialist Okta has recently found itself on the receiving end of another security breach after a threat actor was able to access a stolen credential.  Okta said an adversary used the credential to access its support case management system.  The threat actor was able to view files uploaded by certain Okta customers as part of recent support cases.  The company noted that it should known that the Okta support case management system is separate from the production Okta service, which is fully operational and has not been impacted.

A team of digital security researchers at the University of Wisconsin-Madison discovered that some widely used websites are vulnerable to browser extensions capable of extracting sensitive information from HTML code, including passwords, credit card numbers, and social security numbers. About 15 percent of the more than 7,000 websites examined by the researchers retain sensitive information as plain text in their HTML source code.

The International Criminal Court (ICC) has recently revealed that a September cyberattack on its IT systems was a highly targeted espionage attempt, although attribution thus far remains elusive.  The ICC noted that based on the forensic analysis carried out, the court has already taken and will continue to take all necessary steps to address any compromise to data belonging to individuals, organizations, and states.  Should evidence be found that specific data entrusted to the court has been compromised, those affected would be contacted immediately and directly by the court.

Polytechnique Montréal has announced a cybersecurity project to prevent insider threats. Through the Multidisciplinary Institute for Cybersecurity and Cyber Resilience (IMC2), experts from Polytechnique Montréal, HEC Montréal, and Université de Montréal will develop a solution for this issue. Every employee, consultant, and third party with access to a company's computer systems represents a potential entry point for a cyberattack or intrusion. Whether malicious, careless, or simply unaware, these users increasingly serve as the entry point for cybercriminals.

Kevin McSheehan, an ethical hacker, took over a Central Intelligence Agency (CIA) Telegram channel used to receive intelligence by exploiting a flaw in how X, formerly Twitter, truncates URLs. He discovered the issue after hovering over the link to the CIA's Telegram channel displayed on its X social media profile. Shortly after September 27, when the CIA updated its profile, the Telegram link shortened, cutting off part of the full username, which allowed McSheehan to register the new, unregistered handle.

According to FIDO Alliance, consumers want stronger, more user-friendly alternatives to passwords despite their continued widespread use. Manually entering a password without any form of additional authentication was the most commonly used authentication method among the use cases followed, including accessing work computers and accounts (37 percent), streaming services (25 percent), social media (26 percent), and smart home devices (17 percent). Consumers enter a password manually about four times every day or around 1,280 times yearly.

According to researchers, Iran-backed hackers spent eight months inside the systems of a Middle East government, stealing emails and files. Symantec attributed the campaign to a group it calls Crambus, but is also known as APT34, OilRig, or MuddyWater. The intrusion lasted from February to September, and although the researchers did not name the targeted country, Crambus had previously been observed in Saudi Arabia, Israel, the United Arab Emirates, Iraq, Jordan, Lebanon, Kuwait, Qatar, Albania, the US, and Turkey.

ExelaStealer, a new information stealer, has joined the field of off-the-shelf malware designed to steal sensitive data from compromised Windows systems. James Slaughter, a researcher at Fortinet FortiGuard Labs, noted that ExelaStealer is a primarily open-source infostealer that offers paid customizations. It is written in Python and supports JavaScript. The infostealer is equipped to steal passwords, Discord tokens, credit cards, cookies, keystrokes, clipboard content, and more. This article continues to discuss findings regarding the ExelaStealer infostealer.

The analysis of over 1.8 million pages identified as admin portals found that 40,000 of them used "admin" as its password, making it the most common credential used by Information Technology (IT) administrators. Between January and September of 2023, a team of researchers with Outpost24 analyzed passwords and discovered an increased dependence on default passwords. This article continues to discuss the top passwords discovered by the analysis. 

The BlackCat/ALPHV ransomware operation is now applying a new tool named Munchkin, which uses Virtual Machines (VMs) to stealthily launch encryptors on network devices. Munchkin allows BlackCat to execute on remote systems or encrypt Server Message Block (SMB) or Common Internet File (CIFS) network shares. Adding Munchkin to BlackCat's extensive and sophisticated arsenal makes the Ransomware-as-a-Service (RaaS) more appealing to cybercriminals seeking to work with the ransomware.