What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-01-18 16:35:00 | Anomali Cyber Watch: FortiOS Zero-Day Has Been Exploited by an APT, Two RATs Spread by Four Types of JAR Polyglot Files, Promethium APT Continued Android Targeting (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, DDoS, Polyglot, RATs, Russia, Skimmers, Trojanized apps, and Ukraine. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Malicious ‘Lolip0p’ PyPi Packages Install Info-Stealing Malware
(published: January 16, 2023)
On January 10, 2023, Fortinet researchers detected actor Lolip0p offering malicious packages on the Python Package Index (PyPI) repository. The packages came with detailed, convincing descriptions pretending to be legitimate HTTP clients or, in one case, a legitimate improvement for a terminal user interface. Installation of the libraries led to infostealing malware targeting browser data and authentication (Discord) tokens.
Analyst Comment: Free repositories such as PyPI become increasingly abused by threat actors. Before adding a package, software developers should review its author and reviews, and check the source code for any suspicious or malicious intent.
MITRE ATT&CK: [MITRE ATT&CK] T1204 - User Execution | [MITRE ATT&CK] T1555 - Credentials From Password Stores
Tags: actor:Lolip0p, Malicious package, malware-type:Infostealer, Discord, PyPi, Social engineering, Windows
Analysis of FG-IR-22-398 – FortiOS - Heap-Based Buffer Overflow in SSLVPNd
(published: January 11, 2023)
In December 2022, the Fortinet network security company fixed a critical, heap-based buffer overflow vulnerability (FG-IR-22-398, CVE-2022-42475) in FortiOS SSL-VPN. The vulnerability was exploited as a zero-day by an advanced persistent threat (APT) actor who was customizing a Linux implant specifically for FortiOS of relevant FortiGate hardware versions. The targeting was likely aimed at governmental or government-related targets. The attribution is not clear, but the compilation timezone UTC+8 may point to China, Russia, and some other countries.
Analyst Comment: Users of the affected products should make sure that the December 2022 FortiOS security updates are implemented. Zero-day based attacks can sometimes be detected by less conventional methods, such as behavior analysis, and heuristic and machine learning based detection systems. Network defenders are advised to monitor for suspicious traffic, such as suspicious TCP sessions with Get request for payloads.
MITRE ATT&CK: [MITRE ATT&CK] T1622 - Debugger Evasion | [MITRE ATT&CK] T1190 - Exploit Public-Facing Application | [MITRE ATT&CK] T1105 - Ingress Tool Transfer | [MITRE ATT&CK] T1090 - Proxy | [MITRE ATT&CK] T1070 - Indicator Removal On Host
Tags: FG-IR-22-398, CVE-2022-42 |
Malware Tool Vulnerability Threat Guideline | LastPass | ★★ |
 |
2023-01-17 14:00:00 | What is the Future of Password Managers? (lien direct) | >In November 2022, LastPass had its second security breach in four months. Although company CEO Karim Toubba assured customers they had nothing to worry about, the incident didn’t inspire confidence in the world’s leading password manager application. Password managers have one vital job: keep your sensitive login credentials secret, so your accounts remain secure. When hackers […] | Guideline | LastPass | ★★ |
|
2022-08-30 15:01:00 | Anomali Cyber Watch: First Real-Life Video-Spoofing Attack, MagicWeb Backdoors via Non-Standard Key Identifier, LockBit Ransomware Blames Victim for DDoSing Back, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: Authentication, DDoS, Fingerprinting, Iran, North Korea, Ransomware, and Russia. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
LastPass Hackers Stole Source Code
(published: August 26, 2022)
In August 2022, an unidentified threat actor gained access to portions of the password management giant LastPass development environment. LastPass informed that it happened through a single compromised developer account and the attacker took portions of source code and some proprietary LastPass technical information. The company claims that this incident did not affect customer data or encrypted password vaults.
Analyst Comment: This incident doesn’t seem to have an immediate impact on LastPass users. Still, organizations relying on LastPass should raise the concern in their risk assessment since “white-box hacking” (when source code of the attacking system is known) is easier for threat actors. Organizations providing public-facing software should take maximum measures to block threat actors from their development environment and establish robust and transparent security protocols and practices with all third parties involved in their code development.
Tags: LastPass, Password manager, Data breach, Source code
Mercury Leveraging Log4j 2 Vulnerabilities in Unpatched Systems to Target Israeli
(published: August 25, 2022)
Starting in July 2022, a new campaign by Iran-sponsored group Static Kitten (Mercury, MuddyWater) was detected targeting Israeli organizations. Microsoft researchers detected that this campaign was leveraging exploitation of Log4j 2 vulnerabilities (CVE-2021-45046 and CVE-2021-44228) in SysAid applications (IT management tools). For persistence Static Kitten was dropping webshells, creating local administrator accounts, stealing credentials, and adding their tools in the startup folders and autostart extensibility point (ASEP) registry keys. Overall the group was heavily using various open-source and built-in operating system tools: eHorus remote management software, Ligolo reverse tunneling tool, Mimikatz credential theft tool, PowerShell programs, RemCom remote service, Venom proxy tool, and Windows Management Instrumentation (WMI).
Analyst Comment: Network defenders should monitor for alerts related to web shell threats, suspicious RDP sessions, ASEP registry anomaly, and suspicious account creation. Similarly, SysAid users can monitor for webshells and abnormal processes related to SysAisServer instance. Even though Static Kitten was observed leveraging the Log4Shell vulnerabilities in the past (targeting VMware apps), most of their attacks still start with spearphishing, often from a compromised email account.
MITRE ATT&CK: [MITRE ATT&CK] Exploit Public-Facing Application - T1190 | [MITRE ATT&CK] OS Credential Dumping - T1003 | [MITRE ATT&CK] Phishing - T1566 | |
Ransomware Hack Tool Vulnerability Threat Guideline Cloud | APT 37 APT 29 LastPass | |
 |
2022-08-29 20:48:52 | Password Manager With 25 Million Users Confirms Breach, Expert Weighs In (lien direct) | One of the world’s leading password managers with 25 million users, LastPass, has confirmed that it has been hacked. While it’s good news that customer data was not compromised in this latest incident, the fact that the intruder accessed source code and ‘proprietary technical information’ is worrying. | Guideline | LastPass | |
|
2022-02-23 13:27:48 | Identity And Access Management Survey Finds 45% Of Organisations Have Deployed An Enterprise Password Management Solution (lien direct) | Includes large enterprises that wish to provide an extra layer of protection and user convenience, and SMBs with limited security budgets LastPass, the global leader in password management, today released the findings of an IDC Global Survey on Identity and Access Management by LastPass. The survey revealed that “balancing company security requirements and the employee […] | Guideline | LastPass | |
 |
2020-02-24 12:30:00 | As Cyber Attacks Mount, Small Businesses seek Authentication Fix (lien direct) | Small and medium-sized businesses find themselves in the cross hairs of sophisticated hacking groups. Improved identity and access management (IAM) tools are critical to keeping hackers at bay. But what do SMBs want? A LastPass survey of IT leaders has some valuable clues. The post As Cyber Attacks Mount, Small Businesses seek Authentication...Read the whole entry... _!fbztxtlnk!_ https://feeds.feedblitz.com/~/618965882/0/thesecurityledger -->» | Guideline | LastPass | |
 |
2020-01-23 10:54:30 | LastPass Mistakenly Removes Extension from Chrome Store, Causes Outage (lien direct) | An accidental outage was caused by LastPass yesterday by mistakenly removing the LastPass extension from the Chrome Web Store, leading to users seeing 404 errors when trying to download and install it on their devices. [...] | Guideline | LastPass | |
 |
2019-10-08 16:29:00 | More companies use multi-factor authentication, but security still weak from poor password habits (lien direct) | Users still have to juggle far too many passwords, which leads to password sharing, reuse, and other bad habits, according to a new report from password manager LastPass. | Guideline | LastPass | |
 |
2019-09-10 13:00:00 | Should small business owners concern themselves with business espionage? (lien direct) |
As technological developments have helped turn the world into a global village, they have also made it easier to steal, extract, and communicate confidential information – leading to an increased frequency of corporate espionage.
Take Apple for example; despite deploying leading security measures and monitoring activities, the tech giant has had two espionage attempts in one year, foiled just as the convicts were departing the country.
In fact, a 2014 report estimated the global cost of industrial espionage to be $445 billion. Considering how the economy has shaped up since then, the figure may well be over the $1 trillion mark.
Should small businesses be concerned?
It’s not only the Silicon Valley giants who have to face espionage. Rather, smaller businesses have more to lose. With 31% of all cyber-espionage attacks aimed at small businesses, the loss of important information can leave them facing bankruptcy.
Source: https://www.freepik.com/free-photo/hacker-with-laptop_3361105.htm
Indeed, according to the U.S National Cyber Security Alliance, 60% of Small Medium Enterprises (SMEs) shut down within six months after a cyber-attack. What’s more, it costs approximately $690,000 and $1million for such businesses to clean up after an attack.
As Jody Westby, CEO of Global Cyber Risk says, “it is the data that makes a business attractive, not the size – especially if it is delicious data, such as lots of customer contact info, credit card data, health data, or valuable intellectual property.”
Why Are Small Businesses Targeted?
Smaller businesses are easy targets of corporate espionage, as they tend to have weaker security compared to large corporations.
The Internet Security Threat Report shows, for instance, that while 58% of small businesses show awareness and concern about a possible attack, 51% of them still have no budget allocated to prevent it.
It seems, also, that the problem is getting worse, as outlined by cyber-security experts in PwC’s Global State of Information Security Survey: small organizations, with annual revenue of under $100 million, have reduced their security budget by 20%, even as large organizations are spending 5% more on security.
Indeed, as large organizations are getting better at defending themselves against different types of espionage, criminals are “moving down the business food chain.” For example, cyber-attacks to steal information from small businesses have increased by 64% in a span of four years, as large businesses have adopted more robust security protocols.
As a result, all kinds of small |
Guideline | LastPass | |
|
2018-09-17 13:00:00 | People and Passwords (lien direct) |
In today's world, the Internet is a vast place filled with websites, services, and other content. Most content along with computers and other technology requires a password. The number of passwords a person has to know continues to grow. While it’s safe to say we use passwords to keep your accounts confidential, they can also be very frustrating and inconvenient to create and remember. The outcome is the use of simple, common passwords, same password on different accounts, and habits such as writing passwords.
Weak passwords are common
For example, reports from Techspot.com, Fortune.com, and USAToday.com show, that in 2017, passwords like 123456 and football were two of the top ten most used passwords. Why are such passwords still being used? They are easy to remember. People will often add weak passwords into simple variations where the alpha and number (numeric) strings combined with special characters. For instance, Football and 123456 become Football123456!, a memorable yet easily guessed password.
Current practices require complex passwords
Various companies have released their own best practices. Symantec’s how-to article, for instance, states a secure password is at least eight characters in length, has an uppercase, lowercase, and a number. Take [Football] for example. You can replace the “o” for a “0” and “a” for “@” resulting in F00tb@ll. Here, the updated password meets most policies enforced by many web applications such as Google and Outlook. It has an uppercase (F), a lowercase (tball), a number (00), a special character (@), and meets a minimum length of eight characters. Microsoft, however, takes this a step further in some of their guidelines. They state it must not be in the dictionary or incorporate the name of a person or computer. Guidelines such as those in place, demand a complex password. For example, W#T24.ro5*&F is complex yet painful to memorize.
There is a problem with difficult passwords
People, out of convenience and frustration, will try to circumvent password policies the mentioned. This becomes more prevalent as the policies get stricter. It is hard enough to remember a password like W#T24.ro5*&F. By the time you’ve memorized it, the time has come to change it and you can’t repeat the last 8 passwords. So what do people do? They add or change one or two characters (i.e. W#T24.ro5*&F turns into W#T24.ro5*&F1 or W#T24.ro5*&F123 and F00tb@ll turns into F00tb@ll123 or F00tb@ll321). While password expiration policies are arguably a best practice, they are not common outside an enterprise environment. Many websites, such as banks, do not require you to change your password regularly and those that do, might not have a decent policy on repeating passw |
Tool Guideline | LastPass | |
 |
2017-04-04 08:23:27 | Password managers don\'t have to be perfect, they just have to be better than not having one (lien direct) | LastPass had an issue the other day, a rather nasty one by all accounts that under certain (undisclosed) circumstances, it looks like it could lead to someone's password (or possibly passwords) being disclosed by virtue of a remote code execution vulnerability. This is not a good thing - nobody wants | Guideline | LastPass |
1
We have: 11 articles.
We have: 11 articles.
To see everything:
Our RSS (filtrered)
