Okta has reported a new vulnerability in OpenSSL, dubbed HollowByte, which allows remote attackers to exploit a flaw that can lead to memory exhaustion on servers. This specific vulnerability is only 11 bytes long, and when exploited, it can cause a server to allocate up to 131 KB of memory. As a result, this could trigger denial-of-service attacks, rendering the affected servers unable to respond to legitimate requests. Organizations using affected versions of OpenSSL should prioritize patching this vulnerability to protect their systems from potential exploitation. The risk is significant, as attackers can exploit this flaw without needing authentication, making it easier for malicious actors to disrupt services.
A recently discovered vulnerability in OpenSSL, dubbed the HollowByte flaw, can cause unpatched servers to reserve up to 131 KB of memory for a tiny 11-byte TLS request that never arrives. This issue can lead to a denial-of-service condition, where the server's memory is tied up until the process is restarted. The problem was identified by Okta's Red Team, which reported it without a CVE or formal advisory. OpenSSL issued a fix for this vulnerability in June, but the lack of documentation means many users may remain unaware of the risk. As a result, organizations running affected OpenSSL versions should ensure they apply the update to avoid potential service disruptions.
Hackread – Cybersecurity News, Data Breaches, AI and More
Actively Exploited
Hackers identified as UNC6783 are targeting corporations by impersonating support staff and creating fake Okta login pages. They use social engineering techniques to trick employees into providing access to corporate systems, leading to the theft of sensitive data. This tactic raises concerns for companies relying on Okta for identity management, as it demonstrates how attackers can exploit trust and established processes. Organizations need to enhance their security awareness training and implement stronger verification measures to protect against such deceptive practices. The implications of these breaches could be severe, affecting not just the companies involved but also their customers and partners.
Despite the widespread implementation of multi-factor authentication (MFA) in organizations, many still fall victim to credential theft. Attackers are exploiting valid usernames and passwords to gain unauthorized access to networks, particularly in Windows environments. The problem isn't with MFA itself, but rather with how comprehensively it is enforced through identity providers like Microsoft Entra ID and Okta. If MFA isn't applied consistently across all access points, attackers can bypass these security measures. This situation emphasizes the need for companies to ensure that MFA is enforced everywhere, not just in select areas, to truly safeguard their systems from credential abuse.
As organizations increasingly rely on Okta for identity management, misconfigurations can unintentionally compromise security. Nudge Security has identified six specific settings in Okta that many teams overlook, which can lead to vulnerabilities in their SaaS environments. These settings, if not properly configured, could weaken the overall identity security and increase the risk of unauthorized access. The article emphasizes the importance of regularly reviewing and adjusting these settings to ensure that security measures keep pace with evolving threats. For businesses that utilize Okta, addressing these overlooked configurations is crucial to safeguarding user identities and sensitive data.
Okta has reported a new type of vishing attack where scammers impersonate IT support teams to steal user credentials. These attackers create fake login pages in real-time using phishing kits, which makes it challenging for victims to detect the fraud. This method allows them to bypass multi-factor authentication (MFA), a security measure that many organizations use to protect sensitive information. Users who fall for this trick may unknowingly provide their login details, putting their accounts and sensitive data at risk. Companies should remain vigilant and educate employees about these tactics to prevent successful attacks.
Okta has issued a warning about a new wave of attacks targeting its Single Sign-On (SSO) accounts through voice phishing, or vishing. Attackers are using custom phishing kits designed specifically for these social engineering tactics to trick users into revealing their Okta SSO credentials. This breach affects organizations that rely on Okta for secure login processes, potentially exposing sensitive data if attackers gain access. As these attacks are currently active, users are urged to remain vigilant and verify any requests for sensitive information they receive via phone. This situation emphasizes the need for enhanced security measures and user education on recognizing vishing attempts.