The number of Layer 7 DDoS attacks of 500,000 requests per second increased 81% in the past year. In 2022 the frequency and attack sizes increased over 2021’s records. The largest attack in 2022 was 4.5x larger than the biggest attack in 20221. The DDoS attacks over 2022 averaged 240,000 requests per second.
Comcast Xfinity accounts hacked in 2FA bypass attacks
Comcast Xfinity customers report their accounts being hacked in widespread attacks that bypass two-factor authentication. These compromised accounts are then used to reset passwords for other services, such as Coinbase and Gemini crypto exchanges. This attack was first seen on the 19th of December. Numerous Xfinity email users began receiving notifications that their account information had been changed. However, when attempting to access the accounts, they could not log in as the password had been changed.
The attackers used a disposable email service yopmail to be the secondary email on the compromised xfinity accounts, Xfinity allows customers to configure a secondary email address for account updates and password resets.
It’s reported that attackers are using a privately circulated OTP bypass for the Xfinity site that allows them to forge successful 2FA verification requests.
Okta’s source code stolen after GitHub repositories hacked
Early In December GitHub notified Okta of suspicious access to Okta’s code repositories. Upon investigation it was confirmed by David Bradbury the Chief Security Offices (CSO) in an email sent out to it’s security contacts. Okta confirmed that no customer information was accessed as the company claims it “does not rely on the confidentiality of it’s source code as a means to secure its services”
At the time of BleepingComputer’s report the incident appears to only affect the Okta Workforce Identity Cloud code repositories, but not the Auth0 Customer Identity Cloud Product.