What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-03-13 10:00:00 | 25 conseils essentiels de cybersécurité et meilleures pratiques pour votre entreprise 25 Essential Cybersecurity tips and best practices for your business (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Cybercrime is quickly becoming one of the biggest threats worldwide, impacting businesses across all sectors. To avoid the risk of a damaging security breach, it\'s crucial to stay updated on the latest cybersecurity tips and practices. Protecting yourself or your business from cyberattacks can be tough. But there are several cybersecurity tips that can help defend against attacks. We\'ve gathered a list of 25 most effective tips for you to adopt and share with others. Top 25 cybersecurity tips for your business 1. Keep your software up to date To stay safe from cyber threats like ransomware, it\'s essential to regularly update your software, including your operating system and applications. Updates often contain crucial security patches that fix vulnerabilities exploited by hackers. Enable automatic updates for your device and web browser, and ensure plugins like Flash and Java are also kept up to date. | Ransomware Malware Tool Vulnerability Mobile Cloud | LastPass | ★★ |
 |
2023-04-19 16:02:00 | Découvrir (et comprendre) les risques cachés des applications SaaS Uncovering (and Understanding) the Hidden Risks of SaaS Apps (lien direct) |
Les violations de données récentes entre Circleci, Lastpass et Okta soulignent un thème commun: les piles de SaaS Enterprise connectées à ces applications de pointe peuvent être très risquées de compromis.
Circleci, par exemple, joue un rôle intégral et SaaS-SAAS pour le développement d'applications SaaS.De même, des dizaines de milliers d'organisations comptent sur les rôles de sécurité Okta et LastPass pour l'identité et l'accès SaaS
Recent data breaches across CircleCI, LastPass, and Okta underscore a common theme: The enterprise SaaS stacks connected to these industry-leading apps can be at serious risk for compromise. CircleCI, for example, plays an integral, SaaS-to-SaaS role for SaaS app development. Similarly, tens of thousands of organizations rely on Okta and LastPass security roles for SaaS identity and access |
Cloud | LastPass LastPass | ★★ |
 |
2023-02-28 22:32:00 | LastPass DevOps Engineer Targeted for Cloud Decryption Keys in Latest Breach Revelation (lien direct) | The adversaries obtained a decryption key to a LastPass database containing multifactor authentication and federation information as well as customer vault data, company says. | Cloud | LastPass | ★★ |
 |
2023-02-28 09:42:43 | LastPass DevOps Engineer Breached To Steal Password Vault Data (lien direct) | LastPass DevOps engineers were compromised because they had access to the decryption keys. LastPass detailed an “organized second attack” in which a threat actor took data from Amazon AWS cloud storage servers for two months. Threat actors obtained partially encrypted password vault data and customer data from LastPass in December. The well-known password manager LastPass […] | Threat Cloud | LastPass | ★ |
 |
2023-02-27 20:40:56 | LastPass: DevOps engineer hacked to steal password vault data in 2022 breach (lien direct) | LastPass revealed more information on a "coordinated second attack," where a threat actor accessed and stole data from the Amazon AWS cloud storage servers for over two months. [...] | Threat Cloud | LastPass | ★★ |
 |
2023-02-27 20:40:16 | LastPass Says DevOps Engineer Home Computer Hacked (lien direct) | >LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud storage resources. | Malware Cloud | LastPass | ★ |
 |
2022-08-30 15:01:00 | Anomali Cyber Watch: First Real-Life Video-Spoofing Attack, MagicWeb Backdoors via Non-Standard Key Identifier, LockBit Ransomware Blames Victim for DDoSing Back, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: Authentication, DDoS, Fingerprinting, Iran, North Korea, Ransomware, and Russia. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
LastPass Hackers Stole Source Code
(published: August 26, 2022)
In August 2022, an unidentified threat actor gained access to portions of the password management giant LastPass development environment. LastPass informed that it happened through a single compromised developer account and the attacker took portions of source code and some proprietary LastPass technical information. The company claims that this incident did not affect customer data or encrypted password vaults.
Analyst Comment: This incident doesn’t seem to have an immediate impact on LastPass users. Still, organizations relying on LastPass should raise the concern in their risk assessment since “white-box hacking” (when source code of the attacking system is known) is easier for threat actors. Organizations providing public-facing software should take maximum measures to block threat actors from their development environment and establish robust and transparent security protocols and practices with all third parties involved in their code development.
Tags: LastPass, Password manager, Data breach, Source code
Mercury Leveraging Log4j 2 Vulnerabilities in Unpatched Systems to Target Israeli
(published: August 25, 2022)
Starting in July 2022, a new campaign by Iran-sponsored group Static Kitten (Mercury, MuddyWater) was detected targeting Israeli organizations. Microsoft researchers detected that this campaign was leveraging exploitation of Log4j 2 vulnerabilities (CVE-2021-45046 and CVE-2021-44228) in SysAid applications (IT management tools). For persistence Static Kitten was dropping webshells, creating local administrator accounts, stealing credentials, and adding their tools in the startup folders and autostart extensibility point (ASEP) registry keys. Overall the group was heavily using various open-source and built-in operating system tools: eHorus remote management software, Ligolo reverse tunneling tool, Mimikatz credential theft tool, PowerShell programs, RemCom remote service, Venom proxy tool, and Windows Management Instrumentation (WMI).
Analyst Comment: Network defenders should monitor for alerts related to web shell threats, suspicious RDP sessions, ASEP registry anomaly, and suspicious account creation. Similarly, SysAid users can monitor for webshells and abnormal processes related to SysAisServer instance. Even though Static Kitten was observed leveraging the Log4Shell vulnerabilities in the past (targeting VMware apps), most of their attacks still start with spearphishing, often from a compromised email account.
MITRE ATT&CK: [MITRE ATT&CK] Exploit Public-Facing Application - T1190 | [MITRE ATT&CK] OS Credential Dumping - T1003 | [MITRE ATT&CK] Phishing - T1566 | |
Ransomware Hack Tool Vulnerability Threat Guideline Cloud | APT 37 APT 29 LastPass |
1
We have: 7 articles.
We have: 7 articles.
To see everything:
Our RSS (filtrered)
