One Article Review
| Source |  Cyble |
|---|---|
| Identifiant | 8642107 |
| Date de publication | 2025-01-22 08:12:57 (vue: 2025-01-24 16:05:22) |
| Titre | Cyble Finds Thousands of Security Vendor Credentials on Dark Web |
| Texte | >
Overview
Account credentials from some of the largest cybersecurity vendors can be found on the dark web, a result of the growing problem of infostealers, according to an analysis of Cyble threat intelligence data.
The credentials – available for as little as $10 in cybercrime marketplaces – span internal accounts and customer access across web and cloud environments, including internal security company enterprise and development environments that could pose substantial risks.
The accounts ideally would have been protected by multifactor authentication (MFA), which would have made any attack more difficult. However, the leaked credentials underscore the importance of dark web monitoring as an early warning system for keeping such leaks from becoming much bigger cyberattacks.
Leaked Security Company Credentials
Leaked credentials have an inherent time value – the older the credentials, the more likely the password has been changed – so Cyble researchers looked only at credentials leaked since the start of the year.
Cyble looked at 13 of the largest enterprise security vendors-along with some of the bigger consumer security companies-and found credentials from all of them on the dark web. The credentials were likely pulled from info stealer logs and then sold in bulk on cybercrime marketplaces.
Most of the credentials appear to be customer credentials that protect access to sensitive management and account interfaces, but all the security vendors Cyble examined had access to internal systems leaked on the dark web, too.
Security vendors had credentials leaked to potentially critical internal systems such as Okta, Jira, GitHub, AWS, Microsoft Online, Salesforce, SolarWinds, Box, WordPress, Oracle, and Zoom, plus several other password managers, authentication systems, and device management platforms.
Cyble did not attempt to determine whether any of the credentials were valid, but many were for easily accessible web console interfaces, SSO logins, and other web-facing account access points.
The vendors Cyble looked at included a range of network and cloud security providers, including some of the biggest makers of SIEM systems, EDR tools, and firewalls.
All have had data exposures just since the start of the year that ideally were addressed quickly, or at least required additional authentication steps for access.
One of the largest security vendors Cyble looked at may have more sensitive accounts exposed, as company email addresses are listed among the credentials for |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | $10 and vulnerability 1:18 2025: about access accessible according account accounts across actors additional addressed addresses affected aid all along also among analysis any appear are attack attacks attempt authentication available aws basic cybersecurity practices becoming been before big bigger biggest box breaches bulk but can changed cloud come companies company concerning conclusion: conduct confidentiality console consumer cost could credential credentials critical customer cyberattacks cybercrime cybersecurity cyble dark data decision depending determine developer development device did difficult early easily edr effective email enterprise environments even everyone examined exploit exposed exposure exposures facing finds firewalls found frequently from from info further github give giving granted growing hacker hackers had has have help hit how however idea ideally importance important incidents include included including info information infostealers inherent intelligence interfaces internal january jira just keep keeping largest leaked leaks learning least like likely listed little locations logins logs looked made makers management managers many marketplaces may means mfa microsoft minimizing monitor monitoring more most much multifactor names network not okta older one online only oracle organization other overview password platforms plus points pose potential potentially preserve prevent preventing privileges problem product protect protected providers public pulled quickly range ransomware reason: recon reconnaissance redact required researchers result risks salesforce security segmentation sensitive several siem since solarwinds sold some span sso start stealer stealers steps stokers substantial such system systems target them then those thousands threat time too tool tools trust underappreciated underscore unknown update urls uses utc valid value vendor vendors very vulnerabilities warning web whether which wordpress would year zero zoom |
| Tags | Ransomware Tool Vulnerability Threat Cloud |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.