Info

Security Weekly Podcast Network (Video)

Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and breaking news on the latest hacking techniques, vulnerabilities, and industry trends. Stay informed and secure with the most trusted voices in cybersecurity!
RSS Feed Subscribe in Apple Podcasts
Security Weekly Podcast Network (Video)
2024
October
September
August
July
June
May
April
March
February
January


2023
December
November
October
September
August
July
June
May
April
March
February
January


2022
December
November
October
September
August
July
June
May
April
March
February
January


2021
December
November
October
September
August
July
June
May
April
March
February
January


2020
December
November
October
September
August
July
June
May
April
March
February
January


2019
December
November
October
September
August
July
June
May
April
March
February
January


2018
December
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February
January


2015
December
November
October
September
August
July
June
May
April
March
February
January


2014
December
November
October
September
August
July
June
May
April
March
February
January


2013
December
November
October
September
August
July
June


Categories

All Episodes
Archives
Categories
Now displaying: Page 1
Nov 17, 2023

We regularly cover significant breaches on this podcast, but it is rare that we have enough information about a major breach to cover in enough detail to devote an entire segment to. Today, we dive into lessons learned from the breach of Okta's customer support system that targeted some other major security vendors.

This is part of a troubling trend, where the target of an attack only serves as a jumping off point to other organizations. China's 2023 attack of Microsoft is an example of this. It was easier to attack Microsoft 365, one of the world's largest business SaaS platforms, than to go after each of the 25 individual targets these Chinese actors needed access to.

Traditionally, we've thought of lateral movement as something that happens within a network segment, or even within a single organization. Now, we're seeing lateral movement between SaaS platforms, between clouds, from third party vendors to customer, and even from open source project to open source adopters.

In this segment, we'll cover five key lessons learned from Okta's breach, from information shared by Okta and three of its customers: 1Password, Cloudflare, and BeyondTrust.

  1. Protect Your Session Tokens
  2. Monitor for Unusual Behavior
  3. SaaS Vendors Are Common Targets
  4. Zero Trust Principles Work
  5. MFA Isn't a Binary (on or off) Control

Segment Resources

Show Notes: https://securityweekly.com/esw-340

0 Comments
Adding comments is not available at this time.