Okta hasn’t had a very good run of security headlines lately, and the latest is a breach that resulted in the theft of session tokens of several customers from Okta’s customer support system. Though the number of customers was relatively low, the unauthorized access went undetected for over two weeks. The root cause seems to have come from an employee logging into their personal Google account and saving a username and password with the Chrome browser.
0:42 – ZEDEDA Deploys Kubernetes at The Edge
ZEDEDA is ready to bring Kubernetes to the edge. Their Edge Kubernetes Service is a new offering for distributed environments that utilizes the existing orchestration system. The company, which presented at Edge Field Day 1, mentioned in the press release that 80% of customer workloads at the edge will be running in containers by 2028. Already that number is close to 70%. ZEDEDA is working with Avassa, Red Hat, and VMware to bring their vision of edge containerization to life.
Read More: Seamlessly Deploy Kubernetes at the Edge?
Last Thursday, Cloudflare ran into a series of unfortunate events that led to a nearly two day outage of parts of their control plane and anaytics services. The outage started with an unscheduled maintenance on one of the data center power feeds, but what really caused the problem was a series of unexpected failures that subverted the planned redundancies.
Read More: Post Mortem on Cloudflare Control Plane and Analytics Outage
6:04 – Palo Alto Buys Talon Cyber Security
Palo Alto Networks is looking to increase their SASE coverage with a pickup this week. They’ve announced they are purchasing Talon Cyber Security for $600 million. The compay, founded in Israel in 2021, has taken in about $147 million in funding so far. Their aim is to use an enterprise browser to raise the security posture of unmanaged devices to prevent attacks like data exfiltration. Talon Cyber Security is going to be integrated into the Primsa SASE offering upon completion of the acquisition.
Read More: Palo Alto Networks amplifies SASE with $600M acquisition of Talon Cyber Security
9:49 – Using Google Calendar for Command and Control
You might want to check your calendar for malware. Specifically, Google has learned that attackers have found a way to use a Google calendar entry as command and control for malware. The novel implmentation uses the event descriptions in a given calendar entry. Google is warning about this find because all it requires is a free GMail account.
Read More: Attackers Use Google Calendar Rat to Abuse Calendar Service as C2 Infrastructure
12:58 – Updated Security Frameworks (CVSS 4.0 and MITRE ATT&CK 14)
Security frameworks are getting an update this week. CVSS has announced version 4.0, the first major updates since 2019. The vulnerability scoring system is trying to include metrics in specific subsections to help make the overall ranking number more user-friendly instead of just being an aggregate score. The MITRE ATT&CK framework has also been updated to version 14. This newest version expands detection nots and analytics and emphasizes relationships between data sources and detections as well as mitigations. MITRE is also highlighting the increased amount of social engineering attacks that include impersonation and voice phishing.
Read More: MITRE Releases ATT&CK v14 With Improvements to Detections, ICS, Mobile
Read More: FIRST Announces CVSS 4.0 – New Vulnerability Scoring System
18:12 – Okta Breach Blamed on User’s Personal Google Login
Okta hasn’t had a very good run of security headlines lately, and the latest is a breach that resulted in the theft of session tokens of several customers from Okta’s customer support system. Though the number of customers was relatively low, the unauthorized access went undetected for over two weeks. The root cause seems to have come from an employee logging into their personal Google account and saving a username and password with the Chrome browser.
Read More: Okta Hack Blamed on Employee Using Personal Google Account on Company Laptop
Read More: Unauthorized Access to Okta’s Support Case Management System: Root Cause and Remediation
28:27 – The Weeks Ahead
Security Field Day 10 – November 8, 2023
Mobility Field Day 10 – November 15-16, 2023
AWS re:invent – November 27-31, 2023
The Gestalt IT Rundown is a live weekly look at the IT news of the week. Be sure to subscribe to Gestalt IT on YouTube for even more weekly video content.
