Support ThreatWire → https://www.patreon.com/threatwire
@endingwithali  Twitch → https://twitch.tv/endingwithali 

[!!] ThreatWire Patreon has moved to https://www.patreon.com/threatwire - thanks for your support!

0:00 - Intro
0:27 - Windows Fingerprint Sensors are Spoofable
1:41 - Okta oopsie turns into a big mess
2:59 - Citrix Netscaler causing issues across the board
4:00 - Outro

LINKS

https://blackwinghq.com/blog/posts/a-touch-of-pwn-part-i/
https://arstechnica.com/gadgets/2023/11/researchers-beat-windows-hello-fingerprint-sensors-with-raspberry-pi-and-linux/
https://www.computerworld.com/article/3244347/what-is-windows-hello-microsofts-biometrics-security-system-explained.html

https://www.darkreading.com/application-security/otka-breach-widens-entire-customer-base
https://sec.okta.com/harfiles
https://sec.okta.com/articles/2023/11/unauthorized-access-oktas-support-case-management-system-root-cause
https://www.reuters.com/technology/cybersecurity/okta-says-hackers-stole-data-all-customer-support-users-cyber-breach-2023-11-29/
https://techcrunch.com/2023/11/29/okta-admits-hackers-accessed-data-on-all-customers-during-recent-breach/?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce_referrer_sig=AQAAAAuidLSeCn9R8nNTjiKKHMgPEcnprYT0tAjYnx4iH7XP2IBiO4Th079erwec0SE5woM5Nl5kCukXt3j0V_GE2q6ty46bv6vUA3h8GcD8mT54hJfZvR1ikotQyAzzjS4bG61jkl8gKAghckJSn-N1tAoo2AJnuHlltxAUFcCGj3I1
https://www.malwarebytes.com/blog/news/2023/11/okta-breach-happened-after-employee-logged-into-personal-google-account

https://www.assetnote.io/resources/research/citrix-bleed-leaking-session-tokens-with-cve-2023-4966
https://www.bleepingcomputer.com/news/security/us-health-dept-urges-hospitals-to-patch-critical-citrix-bleed-bug/
https://siliconangle.com/2023/12/04/new-citrix-bleed-ransomware-threat-hits-many-credit-unions/
https://doublepulsar.com/what-it-means-citrixbleed-ransom-group-woes-grow-as-over-60-credit-unions-hospitals-47766a091d4f
https://therecord.media/hhs-warns-of-citrix-bleed-bug
https://siliconangle.com/2023/12/04/new-citrix-bleed-ransomware-threat-hits-many-credit-unions/
https://dashboard.shadowserver.org/statistics/combined/time-series/?date_range=7&source=http_vulnerable&source=http_vulnerable6&tag=cve-2023-4966%2B&group_by=geo&style=stacked


____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.