A statement by Okta confirms the possibility of cross-origin authentication. It warns customers that they might become victims of this Customer Identity Cloud (CIC) vulnerability, which could promote credential-stuffing attacks by cybercriminals. Further details about the situation reveal that Okta has started warning customers with the features turned on since April 15, 2024.
“We observed that the endpoints used to support the cross-origin authentication feature are being attacked via credential stuffing for a number of our customers.”
Okta advised all users to look for signs of unexpected login events and breached passwords in tenant logs and then disable cross-origin authentication for tenants. It includes failed cross-origin authentication (fcoa), rotate credentials, and successful cross-origin authentication (scoa).
Actions by Europol Results the shutdown of Over 100+ Servers Linked to IcedID, TrickBot, and other Malware
In operation tagged Operation Endgame, conducted by Europol between May 27 and May 29, the agency has confirmed shutting down several infrastructures linked with IcedID, SystemBC, PikaBot, SmokeLoader, TrickBot and Bumblebee malware loader operations and the arrest of four people (one in Armenia and three in Ukraine) out of the regions involved the activity (Armenia, Netherlands, Portugal, and Ukraine). In one of the statements issued by Europol,
“The actions focused on disrupting criminal services through arresting High-Value Targets, taking down the criminal infrastructures and freezing illegal proceeds. The agency further confirmed, “The malware facilitated attacks with ransomware and other malicious software.”
Further details about the operation revealed that the destroyed servers reside in Canada, Germany, the Netherlands, Bulgaria, Romania, Ukraine, Switzerland, the United States, and the United Kingdom. Although no information was provided about the total amount of money involved, the main suspect was confirmed to have made at least $74.6 million from renting out criminal infrastructure sites to deploy ransomware.
After Over 19 Million Device Infections, U.S. Dismantles World’s Largest 911 S5 Botnet
The United States Department of Justice claimed responsibility for dismantling the botnet called 911 S5, acting as a residential proxy service with a footprint in over 190 countries. According to the agency, the botnet is “Likely the world’s largest botnet ever”, consisting of over 19 million infected devices leased to other cybercriminals for nefarious activities. The activities surrounding the dismantling of the botnets also resulted in the arrest of YunHe Wang, a 35 years old Chinese alleged to be the primary administrator of the platform.
An anonymous statement claimed, “Wang and others are alleged to have created and disseminated malware to compromise and amass a network of millions of residential Windows computers worldwide.”
The Department of Justice (DoJ) claimed the botnet aided cyber attacks, identity theft, child exploitation, harassment, financial fraud, export violation and bomb threats.
