What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-02-28 13:50:41 | LastPass says attacker hacked employee\'s home computer to access corporate vault (lien direct) |  Password management service LastPass now says a well-publicized 2022 incident stemmed from an intrusion on one engineer's home computer |
LastPass | ★★★ | |
 |
2023-02-28 11:46:00 | LastPass Reveals Second Attack Resulting in Breach of Encrypted Password Vaults (lien direct) | LastPass, which in December 2022 disclosed a severe data breach that allowed threat actors to access encrypted password vaults, said it happened as a result of the same adversary launching a second attack on its systems. The company said one of its DevOps engineers had their personal home computer breached and infected with a keylogger as part of a sustained cyber attack that exfiltrated | Data Breach Threat | LastPass | ★ |
 |
2023-02-28 09:42:43 | LastPass DevOps Engineer Breached To Steal Password Vault Data (lien direct) | LastPass DevOps engineers were compromised because they had access to the decryption keys. LastPass detailed an “organized second attack” in which a threat actor took data from Amazon AWS cloud storage servers for two months. Threat actors obtained partially encrypted password vault data and customer data from LastPass in December. The well-known password manager LastPass […] | Threat Cloud | LastPass | ★ |
 |
2023-02-28 07:45:00 | LastPass attack saw employee\'s home computer hacked (lien direct) | LastPass DevOps engineers were compromised because they had access to the decryption keys. LastPass detailed an “organized second attack” in which a threat actor took data from Amazon AWS cloud storage servers for two months. Threat actors obtained partially encrypted password vault data and customer data from LastPass in December. The well-known password manager LastPass […] | LastPass | ★ | |
 |
2023-02-28 02:23:16 | LastPass: The crooks used a keylogger to crack a corporatre password vault (lien direct) | Seems the crooks implanted a keylogger via a vulnerable media app (LastPass politely didn't say which one!) on a developer's home computer. | LastPass | ★★ | |
 |
2023-02-28 01:01:59 | LastPass says employee\'s home computer was hacked and corporate vault taken (lien direct) | Already smarting from a breach that stole customer vaults, LastPass has more bad news. | LastPass | ★ | |
 |
2023-02-27 20:40:56 | LastPass: DevOps engineer hacked to steal password vault data in 2022 breach (lien direct) | LastPass revealed more information on a "coordinated second attack," where a threat actor accessed and stole data from the Amazon AWS cloud storage servers for over two months. [...] | Threat Cloud | LastPass | ★★ |
 |
2023-02-27 20:40:16 | LastPass Says DevOps Engineer Home Computer Hacked (lien direct) | >LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud storage resources. | Malware Cloud | LastPass | ★ |
 |
2023-02-20 14:01:00 | Despite Breach, LastPass Demonstrates the Power of Password Management (lien direct) | What's scarier than keeping all of your passwords in one place and having that place raided by hackers? Maybe reusing insecure passwords. | LastPass | ★★★ | |
 |
2023-01-26 08:40:44 | LastPass piraté : la maison mère GoTo aussi (lien direct) | Le piratage de LastPass impliquait un espace de stockage partagé avec GoTo... qui vient d'annoncer avoir lui aussi été touché. | LastPass | ★★ | |
|
2023-01-25 19:35:00 | GoTo Encrypted Backups Stolen in LastPass Breach (lien direct) | Encrypted backups for several GoTo remote work tools were exfiltrated from LastPass, along with encryption keys. | LastPass | ★★ | |
|
2023-01-25 13:13:00 | LastPass Parent Company GoTo Suffers Data Breach, Customers\' Backups Compromised (lien direct) | LastPass-owner GoTo (formerly LogMeIn) on Tuesday disclosed that unidentified threat actors were able to steal encrypted backups of some customers' data along with an encryption key for some of those backups in a November 2022 incident. The breach, which targeted a third-party cloud storage service, impacted Central, Pro, join.me, Hamachi, and RemotelyAnywhere products, the company said. "The | Threat | LastPass | ★★ |
 |
2023-01-18 16:35:00 | Anomali Cyber Watch: FortiOS Zero-Day Has Been Exploited by an APT, Two RATs Spread by Four Types of JAR Polyglot Files, Promethium APT Continued Android Targeting (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, DDoS, Polyglot, RATs, Russia, Skimmers, Trojanized apps, and Ukraine. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Malicious ‘Lolip0p’ PyPi Packages Install Info-Stealing Malware
(published: January 16, 2023)
On January 10, 2023, Fortinet researchers detected actor Lolip0p offering malicious packages on the Python Package Index (PyPI) repository. The packages came with detailed, convincing descriptions pretending to be legitimate HTTP clients or, in one case, a legitimate improvement for a terminal user interface. Installation of the libraries led to infostealing malware targeting browser data and authentication (Discord) tokens.
Analyst Comment: Free repositories such as PyPI become increasingly abused by threat actors. Before adding a package, software developers should review its author and reviews, and check the source code for any suspicious or malicious intent.
MITRE ATT&CK: [MITRE ATT&CK] T1204 - User Execution | [MITRE ATT&CK] T1555 - Credentials From Password Stores
Tags: actor:Lolip0p, Malicious package, malware-type:Infostealer, Discord, PyPi, Social engineering, Windows
Analysis of FG-IR-22-398 – FortiOS - Heap-Based Buffer Overflow in SSLVPNd
(published: January 11, 2023)
In December 2022, the Fortinet network security company fixed a critical, heap-based buffer overflow vulnerability (FG-IR-22-398, CVE-2022-42475) in FortiOS SSL-VPN. The vulnerability was exploited as a zero-day by an advanced persistent threat (APT) actor who was customizing a Linux implant specifically for FortiOS of relevant FortiGate hardware versions. The targeting was likely aimed at governmental or government-related targets. The attribution is not clear, but the compilation timezone UTC+8 may point to China, Russia, and some other countries.
Analyst Comment: Users of the affected products should make sure that the December 2022 FortiOS security updates are implemented. Zero-day based attacks can sometimes be detected by less conventional methods, such as behavior analysis, and heuristic and machine learning based detection systems. Network defenders are advised to monitor for suspicious traffic, such as suspicious TCP sessions with Get request for payloads.
MITRE ATT&CK: [MITRE ATT&CK] T1622 - Debugger Evasion | [MITRE ATT&CK] T1190 - Exploit Public-Facing Application | [MITRE ATT&CK] T1105 - Ingress Tool Transfer | [MITRE ATT&CK] T1090 - Proxy | [MITRE ATT&CK] T1070 - Indicator Removal On Host
Tags: FG-IR-22-398, CVE-2022-42 |
Malware Tool Vulnerability Threat Guideline | LastPass | ★★ |
 |
2023-01-17 14:22:28 | Action1 Provides Free Tool to Eliminate Organizations\' Exposure to Compromise after LastPass Breach (lien direct) | Action1 Provides Free Tool to Eliminate Organizations' Exposure to Compromise after LastPass Breach Action1's free offering enables IT teams to gain visibility into all browsers on which LastPass extension is installed, helping them mitigate the risks to their environments posed by the infamous breach. - Product Reviews | Tool | LastPass | ★★★ |
 |
2023-01-17 14:00:00 | What is the Future of Password Managers? (lien direct) | >In November 2022, LastPass had its second security breach in four months. Although company CEO Karim Toubba assured customers they had nothing to worry about, the incident didn’t inspire confidence in the world’s leading password manager application. Password managers have one vital job: keep your sensitive login credentials secret, so your accounts remain secure. When hackers […] | Guideline | LastPass | ★★ |
 |
2023-01-16 11:30:11 | For password protection, dump LastPass for open source Bitwarden (lien direct) | After the security breach last summer, staying put is playing with fire Opinion For better or worse, we still need passwords, and to protect and organize them, I recommend the open source Bitwarden password manager.… | LastPass | ★★★ | |
|
2023-01-13 18:03:04 | CircleCI, LastPass, Okta, and Slack: Cyberattackers Pivot to Target Core Enterprise Tools (lien direct) | High-profile software provider compromises in the past few months show that threat actors are actively targeting the services underpinning corporate infrastructure. Here's what to do about it. | Threat | LastPass | ★★★★ |
 |
2023-01-11 14:00:00 | LastPass breach exposes how US breach notification laws can leave consumers in the lurch (lien direct) | >The U.S. famously does not have a federal privacy law and instead relies on 50 different state laws governing breach notification. | LastPass | ★★ | |
 |
2023-01-11 02:00:00 | Timeline of the latest LastPass data breaches (lien direct) | On November 30, 2022, password manager LastPass informed customers of a cybersecurity incident following unusual activity within a third-party cloud storage service. While LastPass claims that users' passwords remain safely encrypted, it admitted that certain elements of customers' information have been exposed. The security incident was the latest to affect the service in recent times in the wake of unauthorized access to its development environment in August last year, serious vulnerabilities in 2017, a phishing attack in 2016, and a data breach in 2015.To read this article in full, please click here | LastPass | ★★★ | |
 |
2023-01-07 03:08:58 | Last Call for LastPass (lien direct) | We examine the flaws endemic to LastPass' product, and their bungled response to and disclosure of their recent compromise. | LastPass | ★★★★ | |
|
2023-01-05 16:21:00 | Mitigate the LastPass Attack Surface in Your Environment with this Free Tool (lien direct) | The latest breach announced by LastPass is a major cause for concern to security stakeholders. As often occurs, we are at a security limbo – on the one hand, as LastPass has noted, users who followed LastPass best practices would be exposed to practically zero to extremely low risk. However, to say that password best practices are not followed is a wild understatement. The reality is that there | Tool | LastPass | ★★★ |
 |
2023-01-05 11:35:01 | Roblox Prison, 3DS RCE, Puckungfu, Google Home Wiretaps, & Lastpass Hack - PSW #768 (lien direct) | The latest breach announced by LastPass is a major cause for concern to security stakeholders. As often occurs, we are at a security limbo – on the one hand, as LastPass has noted, users who followed LastPass best practices would be exposed to practically zero to extremely low risk. However, to say that password best practices are not followed is a wild understatement. The reality is that there | Hack | LastPass | ★ |
|
2023-01-04 16:30:00 | Anomali Cyber Watch: Machine Learning Toolkit Targeted by Dependency Confusion, Multiple Campaigns Hide in Google Ads, Lazarus Group Experiments with Bypassing Mark-of-the-Web (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Backdoors, Data breaches, North Korea, Phishing, and Typosquatting. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
PyTorch Discloses Malicious Dependency Chain Compromise Over Holidays
(published: January 1, 2023)
Between December 25th and December 30th, 2022, users who installed PyTorch-nightly were targeted by a malicious library. The malicious torchtriton dependency on PyPI uses the dependency confusion attack by having the same name as the legitimate one on the PyTorch repository (PyPI takes precedence unless excluded). The actor behind the malicious library claims that it was part of ethical research and that he alerted some affected companies via HackerOne programs (Facebook was allegedly alerted). At the same time the library’s features are more aligned with being a malware than a research project. The code is obfuscated, it employs anti-VM techniques and doesn’t stop at fingerprinting. It exfiltrates passwords, certain files, and the history of Terminal commands. Stolen data is sent to the C2 domain via encrypted DNS queries using the wheezy[.]io DNS server.
Analyst Comment: The presence of the malicious torchtriton binary can be detected, and it should be uninstalled. PyTorch team has renamed the 'torchtriton' library to 'pytorch-triton' and reserved the name on PyPI to prevent similar attacks. Opensource repositories and apps are a valuable asset for many organizations but adoption of these must be security risk assessed, appropriately mitigated and then monitored to ensure ongoing integrity.
MITRE ATT&CK: [MITRE ATT&CK] T1195.001 - Supply Chain Compromise: Compromise Software Dependencies And Development Tools | [MITRE ATT&CK] T1027 - Obfuscated Files Or Information | [MITRE ATT&CK] Picus: The System Information Discovery Technique Explained - MITRE ATT&CK T1082 | [MITRE ATT&CK] T1003.008 - OS Credential Dumping: /Etc/Passwd And /Etc/Shadow | [MITRE ATT&CK] T1041 - Exfiltration Over C2 Channel
Tags: Dependency confusion, Dependency chain compromise, PyPI, PyTorch, torchtriton, Facebook, Meta AI, Exfiltration over DNS, Linux
Linux Backdoor Malware Infects WordPress-Based Websites
(published: December 30, 2022)
Doctor Web researchers have discovered a new Linux backdoor that attacks websites based on the WordPress content management system. The latest version of the backdoor exploits 30 vulnerabilities in outdated versions of WordPress add-ons (plugins and themes). The exploited website pages are injected with a malicious JavaScript that intercepts all users clicks on the infected page to cause a malicious redirect.
Analyst Comment: Owners of WordPress-based websites should keep all the components of the platform up-to-date, including third-party add-ons and themes. Use |
Malware Tool Vulnerability Threat Patching Medical | APT 38 LastPass | ★★ |
 |
2023-01-04 14:30:00 | CyberheistNews Vol 13 #01 [Heads Up] Giant LastPass Breach Can Supercharge Spear Phishing Attacks (lien direct) |
|
LastPass | ★★ | |
|
2023-01-04 02:00:00 | Why it might be time to consider using FIDO-based authentication devices (lien direct) | Every business needs a secure way to collect, manage, and authenticate passwords. Unfortunately, no method is foolproof. Storing passwords in the browser and sending one-time access codes by SMS or authenticator apps can be bypassed by phishing. Password management products are more secure, but they have vulnerabilities as shown by the recent LastPass breach that exposed an encrypted backup of a database of saved passwords. For organizations with high security requirements, that leaves hardware-based login options such as FIDO devices.To read this article in full, please click here | LastPass | ★★ | |
|
2023-01-03 10:03:59 | LastPass piraté : comment réagit la concurrence ? (lien direct) | Des incitations chez certains, des ressources de migration globalement très hétérogènes... Comment les concurrents de LastPass se positionnent-ils après le piratage de ce dernier ? | LastPass | ★★★ | |
 |
2022-12-30 07:49:32 | " Mensonges éhontés ", " chiffrement de merde " : LastPass est violemment critiqué pour ses déclarations et sa sécurité (lien direct) |  Une semaine après l'annonce que des hackers ont pu accéder aux coffres-forts de ses utilisateurs, de nombreux experts critiquent ouvertement la communication de LastPass, jugée mensongère, lénifiante, et sa sécurité insuffisante. |
LastPass | ★★ | |
 |
2022-12-28 19:53:16 | LastPass Data Breach: It\'s Time to Ditch This Password Manager (lien direct) | The password manager's most recent data breach is so concerning, users need to take immediate steps to protect themselves. | Data Breach | LastPass | ★★ |
|
2022-12-28 19:27:36 | [Heads Up] LastPass Attack Could Supercharge Spear Phishing Attacks (lien direct) |
![[Heads Up] LastPass Attack Could Supercharge Spear Phishing Attacks](https://blog.knowbe4.com/hubfs/Roger-Grimes-HD_Cutout.png)
|
LastPass | ★★ | |
 |
2022-12-26 15:09:29 | 26th December – Threat Intelligence Report (lien direct) | >For the latest discoveries in cyber research for the week of 26th December, please download our Threat_Intelligence Bulletin TOP ATTACKS AND BREACHES LastPass revealed that it has been breached for the second time this year, an event that resulted in attackers stealing customer encrypted password vaults and additional account information. The breach was achieved after […] | Threat | LastPass | ★★★ |
 |
2022-12-26 12:06:18 | LastPass Breach (lien direct) | Last August, LastPass reported a security breach, saying that no customer information—or passwords—were compromised. Turns out the full story is worse: While no customer data was accessed during the August 2022 incident, some source code and technical information were stolen from our development environment and used to target another employee, obtaining credentials and keys which were used to access and decrypt some storage volumes within the cloud-based storage service. […] To date, we have determined that once the cloud storage access key and dual storage container decryption keys were obtained, the threat actor copied information from backup that contained basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service... | Threat | LastPass | ★★★ |
|
2022-12-23 17:58:52 | LastPass finally admits: They did steal your password vaults after all (lien direct) | The crooks now know who you are, where you live, which computers are yours... and they got those password vaults, too. | LastPass | ★ | |
|
2022-12-23 17:39:00 | LastPass Cops to Massive Breach Including Customer Vault Data (lien direct) | The follow-on attack from August's source-code breach could fuel future campaigns against LastPass customers. | LastPass | ★ | |
|
2022-12-23 11:48:55 | LastPass Latest Data Breach Exposes Customer Password Vaults (lien direct) | Yet again, password management firm LastPass has announced that they have been hacked for the second time this year. If you recall, in August 2022, they had a data breach that stole a significant amount of customer data, including password vault data that was exposed through brute-forcing or guessing master passwords. The data breach, which […] | Data Breach | LastPass | ★ |
|
2022-12-23 10:08:05 | LastPass piraté : finalement, c\'est du sérieux (lien direct) | Des données volées à LastPass en août ont permis à des tiers de remonter jusqu'aux coffres-forts de mots de passe des utilisateurs finaux. | LastPass | ★ | |
 |
2022-12-23 10:00:00 | LastPass: Customer Vault Data Was Taken (lien direct) | Most data was encrypted in cloud storage | LastPass | ★ | |
|
2022-12-23 09:37:00 | LastPass Admits to Severe Data Breach, Encrypted Password Vaults Compromised (lien direct) | The August 2022 security breach of LastPass may have been more severe than previously disclosed by the company. The popular password management service on Thursday revealed that malicious actors obtained a trove of personal information belonging to its customers that include their encrypted password vaults using data siphoned from the break-in. Also stolen is "basic customer account information | LastPass | ★ | |
|
2022-12-23 07:06:49 | Vous utilisez LastPass ? Les hackers ont maintenant vos mots de passe (lien direct) |  LastPass, un des gestionnaires de mot de passe les plus populaires au monde, a déclaré que de nombreuses informations personnelles de ses utilisateurs sont aujourd'hui entre les mains de hackers. Les mots de passes cryptées et autres données stockées dans les coffres-forts des clients sont aussi concernés. |
LastPass | ★★★★ | |
|
2022-12-23 06:35:07 | LastPass admits attackers have a copy of customers\' password vaults (lien direct) | Thankfully a well encrypted copy that could take an eon to crack, unless users practiced bad password hygiene Password locker LastPass has warned customers that the August 2022 attack on its systems saw unknown parties copy encrypted files that contains the passwords to their accounts.… | LastPass | ★★ | |
 |
2022-12-22 22:43:39 | LastPass users: Your info and password vault data are now in hackers\' hands (lien direct) | Password manager says breach it disclosed in August was much worse than thought. | LastPass | ★★ | |
|
2022-12-22 21:07:44 | LastPass Says Password Vault Data Stolen in Data Breach (lien direct) | Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that could be exposed by brute-forcing or guessing master passwords. | Data Breach | LastPass | ★ |
|
2022-12-22 16:12:09 | Lastpass: Hackers stole customer vault data in cloud storage breach (lien direct) | LastPass revealed today that attackers stole customer vault data after breaching its cloud storage earlier this year using information stolen during an August 2022 incident. [...] | LastPass | ★ | |
|
2022-12-03 14:00:00 | China\'s Police State Targets Zero-Covid Protesters (lien direct) | Plus: ICE accidentally doxes asylum seekers, Google fails to uphold a post-Roe promise, and LastPass suffers the second breach this year. | LastPass | ★★ | |
|
2022-12-02 12:09:45 | LastPass Security Breach (lien direct) | The company was hacked, and customer information accessed. No passwords were compromised. | Data Breach | LastPass | ★★★ |
|
2022-12-02 01:10:59 | LastPass admits to customer data breach caused by previous breach (lien direct) | Seems that the developer account that the crooks breached last time gave indirect access to customer data this time round. | Data Breach | LastPass | ★★★ |
|
2022-12-01 15:05:00 | LastPass Suffers Another Security Breach; Exposed Some Customers Information (lien direct) | Popular password management service LastPass said it's investigating a second security incident that involved attackers accessing some of its customer information. "We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo," LastPass CEO Karim Toubba said. GoTo, formerly called LogMeIn, acquired LastPass | LastPass | ★★ | |
|
2022-12-01 13:15:28 | LastPass : une nouvelle faille de sécurité expose les données des utilisateurs (lien direct) |  Dans un article de blog, la société éditrice du gestionnaire de mot de passe LastPass annonce que des pirates ont eu accès au service de stockage dans le cloud utilisé par l'entreprise. Les hackers auraient eu accès à certaines données utilisateurs. |
LastPass | ★★★ | |
|
2022-12-01 11:47:33 | GoTo, LastPass Notify Customers of New Data Breach Related to Previous Incident (lien direct) | LastPass, the company known for its popular password manager, and its affiliate, GoTo, are informing customers about a new data breach that appears to be related to a cybersecurity incident disclosed a few months ago. | Data Breach | LastPass | ★★ |
 |
2022-12-01 07:33:53 | Lastpass discloses the second security breach this year (lien direct) | >LastPass disclosed a new security breach, threat actors had access to its cloud storage using information stolen in the August 2022 breach. Password management solution LastPass disclosed a new security breach, the attackers had access to a third-party cloud storage service using information stolen in the August 2022 breach. The impacted cloud storage service is […] | Threat | LastPass | ★★★★ |
 |
2022-10-13 09:15:34 | This top-rated password manager is just $2/month (lien direct) | >Take advantage of this limited-time offer on LastPass. A LastPass Premium membership is now available for only $2 per month. | LastPass |
To see everything:
Our RSS (filtrered)
