We interrupt our regularly scheduled newsletter to bring you some news in cybersecurity this week. Lots of security professionals, including myself, were scrambling trying to make sense of some of the news this week, in addition to our regular responsibilities of course!

Part of the week was trying to make sense of everything, the other was trying to put the matter in perspective and keep everyone calm.

Below are four main stories you should know about with tons of supporting links.

Okta Security Incident By LAPSUS$

This week a hacking group called LAPSUS$ leaked pictures of internal Okta systems. For the uninitiated, Okta is an identity company used to facilitate authentication and authorization into applications.

Here are some links:

• Screenshots by LAPSUS$

• Original statement by Okta

• Updated Statement by Okta with detailed timeline

• FAQ’s by Okta

• Excellent writeup by Cloudflare regarding their response to the incident

  • Recommend you take steps 3, 4, and possibly 5 (depending on search results)

Here’s a quick Mindmap I put together…

Additional Thoughts:

• Okta is a public company and considered a security company, so they’ll of course choose their words wisely, as they should.

Statement by President Biden on our Nation’s Cybersecurity

The Whitehouse released a statement this week on getting ready for cybersecurity attacks across the US. It’s all interesting timing.

Below are links referred to in the statement that you can take to improve your security. If you’ve been reading this blog, you should know it already, but great to see in different ways:

• Specific guidance from the Whitehouse on securing your infrastructure

  • Actual actionable things you can do in your organization

• Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) recommendations for security

Microsoft Security Incident By LAPSUS$

Microsoft was another large enterprise allegedly affected by LAPSUS$ this week.

• Microsoft investigates Lapsus$'s boasts of Bing, Cortana code heist

• DEV-0537 criminal actor targeting organizations for data exfiltration and destruction

  • Lots of ACTIONABLE information in this post

Several Suspected LAPSUS$ Arrested

• Lapsus$: Oxford teen accused of being multi-millionaire cyber-criminal

• KREBS: A Closer Look at the LAPSUS$ Data Extortion Group

• WIRED: https://www.wired.com/story/russian-hackers-lapsus-north-korea/

  • I loved Wired’s cybersecurity coverage btw, they’re awesome