Okta

During a security incident, it's critical that SOC analysts (or Okta admins) can rapidly identify all activity associated with a suspicious session, user or IP.  We are often asked to provide some sort of "cheat sheet" for new analysts that are unfamiliar with the extensive library of events available in Okta's Event Library. The following blog post re-publishes a support article that offers a few of these shortcuts. Okta Security has also published a range of platform and bespoke detections...

SUMMARY: In alignment with our core value of transparency, we are sharing context and details around a recent security event affecting Okta code repositories. There is no impact to any customers, including any HIPAA, FedRAMP or DoD customers. No action is required by customers. SCOPE: The security event detailed below pertains to Okta Workforce Identity Cloud (WIC) code repositories. It does not pertain to any Auth0 (Customer Identity Cloud) products. EVENT: In early December 2022, GitHub...

The OpenSSL Project has announced the availability of a security update (version 3.07) that addresses a vulnerability affecting OpenSSL versions 3.0 and above (3.0.0 - 3.0.6). The two CVE’s are listed below: CVE-2022-3602 CVE-2022-3786 Response Okta’s engineering teams have applied patches and other mitigations, where required. Customer Guidance For both CVEs, the severity level has been listed as “high” and the following information has been made available: OpenSSL versions 3.0.0 to...