Laremy Legel

You may have heard about a vulnerability called, “nOAuth”, where, per Microsoft, “use of the email claim from access tokens for authorization can lead to an escalation of privilege.” What is this vulnerability, how can Okta help, and what are the mitigation steps and strategies to keep your own environment nOAuth free? Let’s break it down! What is nOAuth? Discovered in April of 2023, by researchers at descope , the nOAuth vulnerability relies on user accounts being merged by an Microsoft Azure...

Social engineering is a hacking technique older than the internet itself, and it's tempting to think you've already seen it all. But recently, we've noted a trend among threat actors pursuing more sophisticated and aggressive techniques to trick, or even threaten, users into performing their desired actions. Their campaigns are convincing, brazen, and at times alarming. In this blog post, we want to talk about some of the techniques we've seen (or been made aware of) and provide...

Okta Security is pleased to announce another collaboration with our friends at Splunk - our security teams have joined forces to come up with a range of Okta-relevant scenarios for this year’s “Boss of the SOC'' competition at Splunk .conf23 . Per Splunk, “Boss of the SOC (BOTS) is a blue-team capture the flag-esque competition. As a contestant, you will explore and investigate realistic event data in Splunk Enterprise and Splunk Enterprise Security. The questions in BOTS range from...