What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-09-19 16:59:05 | LastPass source code breach – incident response report released (lien direct) | Wondering how you'd handle a data breach report if the worst happened to you? Here's a useful example. | Data Breach | LastPass | |
 |
2022-09-19 10:47:33 | LastPass Found No Code Injection Attempts Following August Data Breach (lien direct) | Password management software provider LastPass says its investigation into the August 2022 data breach has not revealed any attempts to inject malicious code into LastPass software. | Data Breach | LastPass | |
 |
2022-09-17 18:11:10 | LastPass revealed that intruders had internal access for four days during the August hack (lien direct) | >The Password management solution LastPass revealed that the threat actors had access to its systems for four days during the August hack. Password management solution LastPass shared more details about the security breach that the company suffered in August 2022. The company revealed that the threat actor had access to its network for four days […] | Hack Threat | LastPass | |
 |
2022-09-17 08:17:00 | Hackers Had Access to LastPass\'s Development Systems for Four Days (lien direct) | Password management solution LastPass shared more details pertaining to the security incident last month, disclosing that the threat actor had access to its systems for a four-day period in August 2022. "There is no evidence of any threat actor activity beyond the established timeline," LastPass CEO Karim Toubba said in an update shared on September 15, adding, "there is no evidence that this | Threat | LastPass | |
 |
2022-09-16 15:30:30 | LastPass says hackers had internal access for four days (lien direct) | LastPass says the attacker behind the August security breach had internal access to the company's systems for four days until they were detected and evicted. [...] | LastPass | ||
|
2022-09-01 16:55:43 | S3 Ep98: The LastPass saga – should we stop using password managers? [Audio + Text] (lien direct) | Latest episode - listen now! | LastPass | ||
 |
2022-08-30 15:01:00 | Anomali Cyber Watch: First Real-Life Video-Spoofing Attack, MagicWeb Backdoors via Non-Standard Key Identifier, LockBit Ransomware Blames Victim for DDoSing Back, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: Authentication, DDoS, Fingerprinting, Iran, North Korea, Ransomware, and Russia. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
LastPass Hackers Stole Source Code
(published: August 26, 2022)
In August 2022, an unidentified threat actor gained access to portions of the password management giant LastPass development environment. LastPass informed that it happened through a single compromised developer account and the attacker took portions of source code and some proprietary LastPass technical information. The company claims that this incident did not affect customer data or encrypted password vaults.
Analyst Comment: This incident doesn’t seem to have an immediate impact on LastPass users. Still, organizations relying on LastPass should raise the concern in their risk assessment since “white-box hacking” (when source code of the attacking system is known) is easier for threat actors. Organizations providing public-facing software should take maximum measures to block threat actors from their development environment and establish robust and transparent security protocols and practices with all third parties involved in their code development.
Tags: LastPass, Password manager, Data breach, Source code
Mercury Leveraging Log4j 2 Vulnerabilities in Unpatched Systems to Target Israeli
(published: August 25, 2022)
Starting in July 2022, a new campaign by Iran-sponsored group Static Kitten (Mercury, MuddyWater) was detected targeting Israeli organizations. Microsoft researchers detected that this campaign was leveraging exploitation of Log4j 2 vulnerabilities (CVE-2021-45046 and CVE-2021-44228) in SysAid applications (IT management tools). For persistence Static Kitten was dropping webshells, creating local administrator accounts, stealing credentials, and adding their tools in the startup folders and autostart extensibility point (ASEP) registry keys. Overall the group was heavily using various open-source and built-in operating system tools: eHorus remote management software, Ligolo reverse tunneling tool, Mimikatz credential theft tool, PowerShell programs, RemCom remote service, Venom proxy tool, and Windows Management Instrumentation (WMI).
Analyst Comment: Network defenders should monitor for alerts related to web shell threats, suspicious RDP sessions, ASEP registry anomaly, and suspicious account creation. Similarly, SysAid users can monitor for webshells and abnormal processes related to SysAisServer instance. Even though Static Kitten was observed leveraging the Log4Shell vulnerabilities in the past (targeting VMware apps), most of their attacks still start with spearphishing, often from a compromised email account.
MITRE ATT&CK: [MITRE ATT&CK] Exploit Public-Facing Application - T1190 | [MITRE ATT&CK] OS Credential Dumping - T1003 | [MITRE ATT&CK] Phishing - T1566 | |
Ransomware Hack Tool Vulnerability Threat Guideline Cloud | APT 37 APT 29 LastPass | |
 |
2022-08-30 14:57:52 | LastPass : code source dérobé | Commentaires Tanium de Jérôme Warot, VP Technical Account Management (lien direct) | LastPass a récemment annoncé avoir détecté " une activité inhabituelle dans certaines parties de l'environnement de développement LastPass " sur son blog. Un compte développeur aurait été compromis et des morceaux du code source et des informations techniques de LastPass auraient été subtilisés. Les commentaires de Jérôme Warot, Vice-président Technical Account Management, South EMEA chez Tanium sur ce que nous enseigne cette compromission, en particulier en matière de gestion des mots de passe. - Malwares | LastPass | ||
 |
2022-08-30 08:15:00 | LastPass breach limited in scale and well-managed, say experts (lien direct) | LastPass a récemment annoncé avoir détecté " une activité inhabituelle dans certaines parties de l'environnement de développement LastPass " sur son blog. Un compte développeur aurait été compromis et des morceaux du code source et des informations techniques de LastPass auraient été subtilisés. Les commentaires de Jérôme Warot, Vice-président Technical Account Management, South EMEA chez Tanium sur ce que nous enseigne cette compromission, en particulier en matière de gestion des mots de passe. - Malwares | LastPass | ||
 |
2022-08-29 20:48:52 | Password Manager With 25 Million Users Confirms Breach, Expert Weighs In (lien direct) | One of the world’s leading password managers with 25 million users, LastPass, has confirmed that it has been hacked. While it’s good news that customer data was not compromised in this latest incident, the fact that the intruder accessed source code and ‘proprietary technical information’ is worrying. | Guideline | LastPass | |
|
2022-08-29 16:59:25 | LastPass source code breach – do we still recommend password managers? (lien direct) | What does the recent LastPass breach mean for password managers? Just a bump in the road, or a reason to ditch them entirely? | LastPass | ||
 |
2022-08-26 19:54:39 | The number of companies caught up in the Twilio hack keeps growing (lien direct) | 2FA provider Authy, password manager LastPass, and DoorDash all experienced breaches. | Hack | LastPass | |
 |
2022-08-26 17:37:45 | LastPass Suffers Data Breach, Source Code Stolen (lien direct) | Researchers warned that cyberattackers will be probing the code for weaknesses to exploit later. | LastPass | ||
 |
2022-08-26 15:58:34 | LastPass : une alerte cyber pour rien ? (lien direct) | LastPass déclare avoir identifié "une activité inhabituelle dans certaines parties de [son] environnement de développement." | LastPass | ||
|
2022-08-26 14:40:00 | Hackers Breach LastPass Developer System to Steal Source Code (lien direct) | Password management service LastPass confirmed a security incident that resulted in the theft of certain source code and technical information. The security breach is said to have occurred two weeks ago, targeting its development environment. No customer data or encrypted passwords were accessed. “An unauthorized party gained access to portions of the LastPass development | LastPass | ||
 |
2022-08-26 14:03:07 | LastPass attackers steal source code, no evidence users\' passwords compromised (lien direct) | LastPass, the popular password manager used by millions of people around the world, has announced that it suffered a security breach two weeks ago that saw attackers break into its systems and steal information. But don’t panic just yet – that doesn’t mean that all of your passwords are now in the hands of internet […]… Read More | LastPass | ||
 |
2022-08-26 13:34:00 | Password manager LastPass reveals intrusion into development system (lien direct) | LastPass, maker of a popular password management application, revealed Thursday that an unauthorized party gained access to its development environment through a compromised developer account and stole some source code and proprietary technical information. An initial probe of the incident has revealed no evidence that customer data or encrypted password vaults were accessed by the intruder, CEO Karim Toubba stated in a company blog post.Toubba explained that the master passwords of the company's users are protected by a zero-knowledge architecture, which prevents LastPass from knowing or accessing those passwords.To read this article in full, please click here | LastPass | ||
 |
2022-08-26 10:00:00 | Source code of password manager LastPass stolen by attacker (lien direct) | >Categories: NewsTags: LastPass Tags: source code Tags: MFA Tags: random Tags: password manager LastPass let the public know that an unauthorized party gained access to portions of the LastPass development environment (Read more...) | LastPass | ||
 |
2022-08-26 08:30:00 | LastPass Hackers Stole Source Code (lien direct) | Password management firm reveals incident in early August | LastPass | ||
|
2022-08-25 23:18:15 | LastPass data breach: threat actors stole a portion of source code (lien direct) | >Password management software firm LastPass has suffered a data breach, threat actors have stole source code and other data. Password management software firm LastPass disclosed a security breach, threat actors had access to portions of the company development environment through a single compromised developer account and stole portions of source code and some proprietary technical […] | Threat | LastPass | |
|
2022-08-25 20:05:19 | LastPass Says Source Code Stolen in Data Breach (lien direct) | Password management software firm LastPass has suffered a data breach that led to the theft of source code and proprietary technical information. | Data Breach | LastPass | |
|
2022-08-25 16:59:05 | LastPass developer systems hacked to steal source code (lien direct) | Password management firm LastPass was hacked last week, allowing threat actors to steal the company's source code and proprietary technical information. [...] | Threat | LastPass | |
 |
2022-06-28 17:41:21 | How to transfer data from LastPass to 1Password (lien direct) | >Transferring data between password managers is a serious undertaking. Learn how to safely transfer data from LastPass to 1Password. | LastPass | ||
|
2022-06-27 13:54:30 | How to transfer LastPass to Bitwarden (lien direct) | >Jack Wallen walks you through the process of migrating your password vault from LastPass to Bitwarden. | LastPass | ||
|
2022-06-23 18:35:50 | How to transfer passwords from LastPass to Dashlane (lien direct) | >LastPass and Dashlane are both password managers, but they do things differently. Here's how to transfer passwords from one to the other. | LastPass | ||
|
2022-06-10 13:35:14 | Bitwarden vs LastPass: Compare top password managers (lien direct) | >If you're like most people, you may become overwhelmed by the number of passwords created, used and remembered in your everyday life. Password managers like Bitwarden and LastPass make those tasks easier. | LastPass | ||
|
2022-06-03 17:21:33 | Keeper vs LastPass: Which password manager is better for your business? (lien direct) | >Compare key features of password managers Keeper and LastPass, including zero trust and user authentication capabilities. | LastPass | ||
|
2022-02-23 13:27:48 | Identity And Access Management Survey Finds 45% Of Organisations Have Deployed An Enterprise Password Management Solution (lien direct) | Includes large enterprises that wish to provide an extra layer of protection and user convenience, and SMBs with limited security budgets LastPass, the global leader in password management, today released the findings of an IDC Global Survey on Identity and Access Management by LastPass. The survey revealed that “balancing company security requirements and the employee […] | Guideline | LastPass | |
|
2022-01-20 17:00:01 | Secure your passwords and access them anywhere with LastPass (lien direct) | LastPass's Premium Plan keeps your digital life secure and at your fingertips with management for an unlimited number of passwords and seamless access across all of your devices. | LastPass | ||
|
2022-01-05 19:55:00 | Anomali Cyber Watch: $5 Million Breach Extortion, APTs Using DGA Subdomains, Cyberespionage Group Incorporates A New Tool, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Cyberespionage, Data breach, DGA, Infostealer, Phishing, Rootkit, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Fintech Firm Hit by Log4j Hack Refuses to Pay $5 Million Ransom
(published: December 29, 2021)
The Vietnamese crypto trading, ONUS, was breached by unknown threat actor(s) by exploiting the Log4Shell (CVE-2021-44228) vulnerability between December 11 and 13. The exploited target was an AWS server running Cyclos, which is a point-of-sale software provider, and the server was only intended for sandbox purposes. Actors were then able to steal information via the misconfigured AWS S3 buckets containing information on approximately two million customers. Threat actors then attempted to extort five million dollars (USD).
Analyst Comment: Although Cyclos issued a warning to patch on December 13, the threat actors had already gained illicit access. Even though Log4Shell provided initial access to the compromised server, it was the misconfigured buckets the actors took advantage of to steal data.
MITRE ATT&CK: [MITRE ATT&CK] Exploitation for Client Execution - T1203
Tags: ONUS, Log4Shell, CVE-2021-44228,
Strategically Aged Domain Detection: Capture APT Attacks With DNS Traffic Trends
(published: December 29, 2021)
Palo Alto Networks Unit42 researchers have published a report based on their tracking of strategically-aged malicious domains (registered but not used until a specific time) and their domain generation algorithm (DGA) created subdomains. Researchers found two Pegasus spyware command and control domains that were registered in 2019 and were not active until July 2021. A phishing campaign using DGA subdomains that were similar to those used during the SolarWinds supply chain attack was also identified.
Analyst Comment: Monitor your networks for abnormal DNS requests, and have bandwidth limitations in place, if possible, to prevent numerous connections to DGA domains. Knowing which DGAs are most active in the wild will allow you to build a proactive defense by detecting any DGA that is in use. Anomali can detect DGA algorithms used by malware to assist in defending against these types of threats.
MITRE ATT&CK: [MITRE ATT&CK] Dynamic Resolution - T1568 | [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] Application Layer Protocol - T1071
Tags: DGA , Pegasus, Phishing
Implant.ARM.iLOBleed.a
(published: December 28, 2021)
Amnpardaz researchers discovered a new rootkit that has been targeting Hewlett-Packard Enterprise’s Integrated Lights-Out (iLO) server managemen |
Malware Hack Tool Vulnerability Threat | LastPass | |
|
2021-12-29 17:44:14 | LastPass Automated Warnings Linked to \'Credential Stuffing\' Attack (lien direct) | Users of the popular LastPass password manager are being targeted in so-called “credential stuffing” attacks that use email addresses and passwords obtained from third-party breaches. | LastPass | ★★★ | |
|
2021-12-28 21:52:55 | LastPass investigated recent reports of blocked login attempts (lien direct) | Password manager app LastPass confirmed that threat actors have launched a credential stuffing attack against its users. While LastPass says that it is not aware that some of its accounts were compromised in the recent credential stuffing attacks that started on Monday, numerous LastPass users claim that their master passwords have been compromised after receiving […] | Threat | LastPass | |
|
2021-12-28 12:27:44 | LastPass users warned their master passwords are compromised (lien direct) | Many LastPass users report that their master passwords have been compromised after receiving email warnings that someone tried to use it to log into their accounts from unknown locations. [...] | LastPass | ||
|
2021-12-14 19:09:00 | LastPass to Become Standalone Company (lien direct) | LogMeIn to set up password manager LastPass as an independent business | LastPass | ★★★★★ | |
 |
2021-05-06 10:00:00 | Password security tips and best practices for enterprises (lien direct) | In honor of World Password Day, we’re doing our part to help keep your business secure by discussing the good, the bad, the ugly and the critical about passwords. Let’s face it: between all the logins we need for work and all the accounts we use in our personal lives, there are too many passwords to remember. So many of us do what seems natural—use the same password for multiple accounts. After all, especially with corporate password policies, most employees use strong passwords with a mix of numbers, lowercase and uppercase letters, and special characters. Still, what about all those sticky notes we have “secretly” hidden in locations probably not far away from our devices? That security risk is only the tip of the iceberg. Because according to a 2019 Lastpass survey, US employees working in mid-sized corporate businesses must manage approximately 75 passwords for work. Unsurprisingly, employees recycle passwords 13 times on average. In other words, employees are using the same passwords over and over. And in many cases, especially for corporate applications and resources that lack strong password requirements, some passwords just aren’t strong enough. Cybercriminals know this, and it’s why breaches happen. If hackers get access to your trusted data, the ramifications can be dire. The costs of a data breach go well beyond financial, and include damage to your company’s brand, trust and reputation. Why do we need stronger and longer passwords? As malware, phishing, and ransomware continue to skyrocket, we must understand that the password is the primary method for attackers to gain access to corporate systems. Phishing passwords may be the easiest method, but passwords can also be cracked. The stronger the password, the harder it is for cybercriminals to decode. In a typical attack—the brute force password attack—attackers will use software that quickly attempts every possible password combination of numbers, letters, and symbols. These software programs get better as computing power increases. For example, an eight-character strong password was not long ago considered secure and difficult to crack. Today, it can be cracked in eight hours. But if we tack on two more characters to make it ten-character, cracking the password can take approximately five years. Why do we need unique passwords for every login? As mentioned above, phishing is one of the simplest ways for hackers to steal our passwords. If you think your company has been victimized by phishing, malware, or ransomware, perhaps you’ve taken steps to reset those passwords. But the security risk here is if employees are using the same passwords for different apps, sites or resources. Have you heard about credential stuffing? With credential stuffing, attackers take username and password combinations they already know (which have been stolen or paid for on the dark web) and try them everywhere they can. Use of credential stuffing is escalating, and businesses of all sizes should take note. This type of attack is only successful if and when employees use the same password for different logins. What about password managers? Managing all those passwords doesn’t have to be complicated. A password management system is software that keeps an up-to-date list of all your passwords and logins, using a master password to access the password “vault”. That master password is the only one you need to remember. What if a hacker accesses your vault? Isn’t that riskier? Sure, there is undoubtedly an element of risk, but it’s critical to think in terms of relative safety. As a general rule, using some type of password | Ransomware Data Breach Hack | LastPass | |
|
2021-04-08 13:33:11 | How password anxiety is impacting individuals and organizations (lien direct) | A majority of people said they'd avoid using certain websites or accounts where they've forgotten their password, says LastPass. | LastPass | ||
 |
2021-03-13 13:00:00 | How to Export Your Passwords From LastPass (lien direct) | The popular security service is severely limiting its free tier starting March 16. If you'd like to move your passwords to another manager, here's how. | LastPass | ||
 |
2021-03-08 16:04:42 | Demand for fee to use password app LastPass sparks backlash (lien direct) | Pay up or face restrictions on access, say new private-equity owners. | LastPass | ||
 |
2021-03-01 16:21:48 | Popular password manager in the spotlight over web trackers (lien direct) | While the trackers in LastPass' Android app don't collect any personal data, the news may not sit well with some privacy-minded users | LastPass | ||
 |
2021-02-26 03:29:00 | LastPass : l\'appli Android du gestionnaire de mots de passe vous espionne à votre insu (lien direct) | Le gestionnaire de mots de passe transmet tout un tas d'informations à des tiers. Il partage notamment la catégorie de chaque nouveau mot de passe créé, ce qui est assez intrusif.  |
LastPass | ||
|
2021-02-22 14:07:14 | Free password manager alternatives to LastPass (lien direct) | With the free version of LastPass now limiting where you can sync your passwords, here are a few other options. | LastPass | ||
|
2021-02-20 15:21:52 | Sites Have a Sneaky New Way to Track You Across the Web (lien direct) | Plus: A LastPass rate change, Clubhouse concerns, and more of the week's top security news. | LastPass | ||
|
2021-02-17 21:23:00 | LastPass: A cheat sheet (lien direct) | This comprehensive guide covers everything you need to know about password management app LastPass, including its newly announced free cross-platform access. | LastPass | ||
|
2021-02-17 08:11:25 | LastPass limite l\'usage gratuit de son gestionnaire de mots de passe (lien direct) | La version gratuite de LastPass ne fonctionnera bientôt que sur les terminaux mobiles ou sur les ordinateurs, mais pas les deux à la fois.  |
LastPass | ||
|
2021-02-16 10:57:08 | LastPass Free to force users to choose between mobile, desktop (lien direct) | Starting next month, LastPass will no longer allow a free account to be used on multiple types of devices (computers and mobile) at the same time. [...] | LastPass | ||
 |
2021-01-08 17:13:04 | Episode 199 COVID\'s Other Legacy: Data Theft and Enterprise Insecurity (lien direct) | In this episode of the podcast (#199), sponsored by LastPass, we talk with Sareth Ben of Securonix about how massive layoffs that have resulted from the COVID pandemic put organizations at far greater risk of data theft. In our second segment, we're joined by Barry McMahon, a Senior Global Product Marketing Manager at LogMeIn, to talk about data...Read the whole entry... _!fbztxtlnk!_ https://feeds.feedblitz.com/~/641211904/0/thesecurityledger -->»
|
LastPass | ||
|
2020-12-18 17:55:57 | Episode 197: The Russia Hack Is A 5 Alarm Fire | Also: Shoppers Beware! (lien direct) | In this podcast, sponsored by LastPass, former U.S. CISO Greg Touhill joins us to talk about news of a vast hack of U.S. government networks, which he calls a "five alarm fire" reportedly set by Russia. The post Episode 197: The Russia Hack Is A 5 Alarm Fire | Also: Shoppers Beware! | Hack | LastPass | |
 |
2020-11-05 10:20:09 | Smashing Security podcast #203: Testing times, naming names, and the bald truth about AI (lien direct) | Students are being spied on as they do online exams, how did a televised football match reveal the truth about artificial intelligence, and what on earth is the Canny Lumpsucker vulnerability? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Thom Langford from The Host Unknown podcast. Plus don't miss the second part of our featured interview with LastPass's Dalia Hamzeh. | LastPass | ||
|
2020-10-29 12:00:03 | Smashing Security podcast #202: The Wu-Tang Clan are Among Us (lien direct) | Voting machines are under the microscope, scammers are posing as rap stars, and American politician AOC isn't the only one who's been getting into the Among Us game. All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by James Thomson. Plus don't miss the first part of our featured interview with LastPass's Dalia Hamzeh. | LastPass | ||
|
2020-10-11 18:30:06 | Episode 190: 20 Years, 300 CVEs. Also: COVID\'s Lasting Security Lessons (lien direct) | In this episode of the podcast (#190), sponsored by LastPass, Larry Cashdollar of Akamai joins us to talk about how finding his first CVE vulnerability, more than 20 years ago, nearly got him fired. Also: Katie Petrillo of LastPass joins us to talk about how some of the security adjustments we've made for COVID might not go away any time soon.
...Read the whole entry... _!fbztxtlnk!_ https://feeds.feedblitz.com/~/636683234/0/thesecurityledger -->»
|
LastPass |
To see everything:
Our RSS (filtrered)
