This Risk & Repeat podcast episode examines two high-profile breaches by emerging threat group Lapsus$ and how Microsoft and Okta responded to these attacks.
This week's Risk & Repeat podcast discusses the emerging threat group Lapsus$, its hacks against Microsoft and Okta, and the persistence of poor breach disclosures.
Lapsus$ is a relatively new threat group that gained prominence when it publicly took credit for attacks against Nvidia and Samsung earlier this month. This prominence escalated when, this week, the gang claimed to have hacked authentication vendor Okta and tech giant Microsoft. All four companies confirmed breaches had occurred.
Microsoft's and Okta's breaches specifically raised questions and criticisms about how organizations disclose attacks. Microsoft placed its breach disclosure toward the bottom of a technical post about Lapsus$, while Okta released several statements and disclosures two months after an intrusion was initially detected at a third-party partner.
SearchSecurity editors Rob Wright and Alex Culafi discuss the latest news surrounding Lapsus$ in this episode.
Alexander Culafi is a writer, journalist and podcaster based in Boston.