Suspicious activity has been identified by widely used password manager 1Password in an Okta instance leveraged for employee-facing app management, which has been confirmed to be related to the compromise of Okta's customer support management system, reports Ars Technica.
After being sent fraudulent emails purporting as a request for a list of users with admin rights to the Okta instance on Sept. 29, 1Password's IT team immediately notified its security response team and promptly modified its Okta tenant's configuration settings to prevent logins from identity providers other than Okta. Despite modifying and activating an existing IDP linked to the Google environment of 1Password, the password manager's immediate removal of the IDP thwarted attempted access by the attackers on Oct. 2.
"We immediately terminated the activity, investigated, and found no compromise of user data or other sensitive systems, either employee-facing or user-facing," said 1Password Chief Technology Officer Pedro Canahuati.
Vulnerable SSH servers could be compromised to secure private RSA host keys through a new passive attack method that involves the observation of computational faults during the signing process that exposes the private keys, The Hacker News reports.
SecurityWeek reports that threat actors could leverage critical vulnerabilities impacting open-source file-sharing software ownCloud to facilitate sensitive data exposure and authentication and validation compromise.