CyberSec Roundup
A synopsis of the Latest Cybersecurity News

LAPSUS$ strikes again, against Microsoft & Okta

Microsoft confirmed that the LAPSUS$ group compromised one of their employee accounts with low-level access. The group stole and published 37GB of source code stolen from Microsoft’s Azure DevOps server relating to their Bing, Cortana and Maps projects. However, no customer code or information was stolen during the attack.

Okta also fell victim to a more significant breach at the hands of the extortion group. The threat actors had access to one of the company’s administrative accounts, via a third-party support engineer’s compromised laptop. During a 5-day window in January, the hackers had access to approximately 400 of Okta’s customers. Okta has taken corrective action and apologized for not disclosing the breach earlier.

Morgan Stanley Breach

Morgan Stanley’s wealth and asset management division disclosed that some of their customers’ accounts were recently compromised as a result of voice phishing attacks. The scammers impersonated Morgan Stanley staff in voice calls and tricked them to reveal their online account credentials. The threat actors used the access to initiate unauthorized Zelle payments, however, no customer information was compromised.

By: David Pinder
IT & Security Consultant
Certified Ethical Hacker (Master)