We interrupt our regularly scheduled newsletter to bring you some news in cybersecurity this week. Lots of security professionals, including myself, were scrambling trying to make sense of some of the news this week, in addition to our regular responsibilities of course!
Part of the week was trying to make sense of everything, the other was trying to put the matter in perspective and keep everyone calm.
Below are four main stories you should know about with tons of supporting links.
Okta Security Incident By LAPSUS$
This week a hacking group called LAPSUS$ leaked pictures of internal Okta systems. For the uninitiated, Okta is an identity company used to facilitate authentication and authorization into applications.
Here are some links:
Recommend you take steps 3, 4, and possibly 5 (depending on search results)
Here’s a quick Mindmap I put together…
Additional Thoughts:
Okta is a public company and considered a security company, so they’ll of course choose their words wisely, as they should.
Statement by President Biden on our Nation’s Cybersecurity
The Whitehouse released a statement this week on getting ready for cybersecurity attacks across the US. It’s all interesting timing.
Below are links referred to in the statement that you can take to improve your security. If you’ve been reading this blog, you should know it already, but great to see in different ways:
Actual actionable things you can do in your organization
Microsoft Security Incident By LAPSUS$
Microsoft was another large enterprise allegedly affected by LAPSUS$ this week.
Lots of ACTIONABLE information in this post
Several Suspected LAPSUS$ Arrested
WIRED: https://www.wired.com/story/russian-hackers-lapsus-north-korea/
I loved Wired’s cybersecurity coverage btw, they’re awesome