What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-04-18 10:56:41 | Les cybercriminels se présentent en tant que personnel de LastPass pour pirater les voûtes de mot de passe Cybercriminals pose as LastPass staff to hack password vaults (lien direct) |
Lastpass précède une campagne malveillante ciblant ses utilisateurs avec le kit de phishing Cryptochameleon associé au vol de crypto-monnaie.[...]
LastPass is warning of a malicious campaign targeting its users with the CryptoChameleon phishing kit that is associated with cryptocurrency theft. [...] |
Hack | LastPass | ★★ |
 |
2023-03-13 14:32:01 | CISA Warns of Plex Vulnerability Linked to LastPass Hack (lien direct) | >CISA has added vulnerabilities in Plex Media Server and VMware NSX-V to its Known Exploited Vulnerabilities catalog. | Hack Vulnerability | LastPass LastPass | ★★★ |
 |
2023-03-04 14:00:00 | The LastPass Hack Somehow Gets Worse (lien direct) | Plus: The US Marshals disclose a “major” cybersecurity incident, T-Mobile has gotten pwned so much, and more. | Hack | LastPass LastPass | ★★★ |
 |
2023-01-05 11:35:01 | Roblox Prison, 3DS RCE, Puckungfu, Google Home Wiretaps, & Lastpass Hack - PSW #768 (lien direct) | Plus: The US Marshals disclose a “major” cybersecurity incident, T-Mobile has gotten pwned so much, and more. | Hack | LastPass | ★ |
 |
2022-09-17 18:11:10 | LastPass revealed that intruders had internal access for four days during the August hack (lien direct) | >The Password management solution LastPass revealed that the threat actors had access to its systems for four days during the August hack. Password management solution LastPass shared more details about the security breach that the company suffered in August 2022. The company revealed that the threat actor had access to its network for four days […] | Hack Threat | LastPass | |
 |
2022-08-30 15:01:00 | Anomali Cyber Watch: First Real-Life Video-Spoofing Attack, MagicWeb Backdoors via Non-Standard Key Identifier, LockBit Ransomware Blames Victim for DDoSing Back, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: Authentication, DDoS, Fingerprinting, Iran, North Korea, Ransomware, and Russia. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
LastPass Hackers Stole Source Code
(published: August 26, 2022)
In August 2022, an unidentified threat actor gained access to portions of the password management giant LastPass development environment. LastPass informed that it happened through a single compromised developer account and the attacker took portions of source code and some proprietary LastPass technical information. The company claims that this incident did not affect customer data or encrypted password vaults.
Analyst Comment: This incident doesn’t seem to have an immediate impact on LastPass users. Still, organizations relying on LastPass should raise the concern in their risk assessment since “white-box hacking” (when source code of the attacking system is known) is easier for threat actors. Organizations providing public-facing software should take maximum measures to block threat actors from their development environment and establish robust and transparent security protocols and practices with all third parties involved in their code development.
Tags: LastPass, Password manager, Data breach, Source code
Mercury Leveraging Log4j 2 Vulnerabilities in Unpatched Systems to Target Israeli
(published: August 25, 2022)
Starting in July 2022, a new campaign by Iran-sponsored group Static Kitten (Mercury, MuddyWater) was detected targeting Israeli organizations. Microsoft researchers detected that this campaign was leveraging exploitation of Log4j 2 vulnerabilities (CVE-2021-45046 and CVE-2021-44228) in SysAid applications (IT management tools). For persistence Static Kitten was dropping webshells, creating local administrator accounts, stealing credentials, and adding their tools in the startup folders and autostart extensibility point (ASEP) registry keys. Overall the group was heavily using various open-source and built-in operating system tools: eHorus remote management software, Ligolo reverse tunneling tool, Mimikatz credential theft tool, PowerShell programs, RemCom remote service, Venom proxy tool, and Windows Management Instrumentation (WMI).
Analyst Comment: Network defenders should monitor for alerts related to web shell threats, suspicious RDP sessions, ASEP registry anomaly, and suspicious account creation. Similarly, SysAid users can monitor for webshells and abnormal processes related to SysAisServer instance. Even though Static Kitten was observed leveraging the Log4Shell vulnerabilities in the past (targeting VMware apps), most of their attacks still start with spearphishing, often from a compromised email account.
MITRE ATT&CK: [MITRE ATT&CK] Exploit Public-Facing Application - T1190 | [MITRE ATT&CK] OS Credential Dumping - T1003 | [MITRE ATT&CK] Phishing - T1566 | |
Ransomware Hack Tool Vulnerability Threat Guideline Cloud | APT 37 APT 29 LastPass | |
 |
2022-08-26 19:54:39 | The number of companies caught up in the Twilio hack keeps growing (lien direct) | 2FA provider Authy, password manager LastPass, and DoorDash all experienced breaches. | Hack | LastPass | |
|
2022-01-05 19:55:00 | Anomali Cyber Watch: $5 Million Breach Extortion, APTs Using DGA Subdomains, Cyberespionage Group Incorporates A New Tool, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Cyberespionage, Data breach, DGA, Infostealer, Phishing, Rootkit, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Fintech Firm Hit by Log4j Hack Refuses to Pay $5 Million Ransom
(published: December 29, 2021)
The Vietnamese crypto trading, ONUS, was breached by unknown threat actor(s) by exploiting the Log4Shell (CVE-2021-44228) vulnerability between December 11 and 13. The exploited target was an AWS server running Cyclos, which is a point-of-sale software provider, and the server was only intended for sandbox purposes. Actors were then able to steal information via the misconfigured AWS S3 buckets containing information on approximately two million customers. Threat actors then attempted to extort five million dollars (USD).
Analyst Comment: Although Cyclos issued a warning to patch on December 13, the threat actors had already gained illicit access. Even though Log4Shell provided initial access to the compromised server, it was the misconfigured buckets the actors took advantage of to steal data.
MITRE ATT&CK: [MITRE ATT&CK] Exploitation for Client Execution - T1203
Tags: ONUS, Log4Shell, CVE-2021-44228,
Strategically Aged Domain Detection: Capture APT Attacks With DNS Traffic Trends
(published: December 29, 2021)
Palo Alto Networks Unit42 researchers have published a report based on their tracking of strategically-aged malicious domains (registered but not used until a specific time) and their domain generation algorithm (DGA) created subdomains. Researchers found two Pegasus spyware command and control domains that were registered in 2019 and were not active until July 2021. A phishing campaign using DGA subdomains that were similar to those used during the SolarWinds supply chain attack was also identified.
Analyst Comment: Monitor your networks for abnormal DNS requests, and have bandwidth limitations in place, if possible, to prevent numerous connections to DGA domains. Knowing which DGAs are most active in the wild will allow you to build a proactive defense by detecting any DGA that is in use. Anomali can detect DGA algorithms used by malware to assist in defending against these types of threats.
MITRE ATT&CK: [MITRE ATT&CK] Dynamic Resolution - T1568 | [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] Application Layer Protocol - T1071
Tags: DGA , Pegasus, Phishing
Implant.ARM.iLOBleed.a
(published: December 28, 2021)
Amnpardaz researchers discovered a new rootkit that has been targeting Hewlett-Packard Enterprise’s Integrated Lights-Out (iLO) server managemen |
Malware Hack Tool Vulnerability Threat | LastPass | |
 |
2021-05-06 10:00:00 | Password security tips and best practices for enterprises (lien direct) | In honor of World Password Day, we’re doing our part to help keep your business secure by discussing the good, the bad, the ugly and the critical about passwords. Let’s face it: between all the logins we need for work and all the accounts we use in our personal lives, there are too many passwords to remember. So many of us do what seems natural—use the same password for multiple accounts. After all, especially with corporate password policies, most employees use strong passwords with a mix of numbers, lowercase and uppercase letters, and special characters. Still, what about all those sticky notes we have “secretly” hidden in locations probably not far away from our devices? That security risk is only the tip of the iceberg. Because according to a 2019 Lastpass survey, US employees working in mid-sized corporate businesses must manage approximately 75 passwords for work. Unsurprisingly, employees recycle passwords 13 times on average. In other words, employees are using the same passwords over and over. And in many cases, especially for corporate applications and resources that lack strong password requirements, some passwords just aren’t strong enough. Cybercriminals know this, and it’s why breaches happen. If hackers get access to your trusted data, the ramifications can be dire. The costs of a data breach go well beyond financial, and include damage to your company’s brand, trust and reputation. Why do we need stronger and longer passwords? As malware, phishing, and ransomware continue to skyrocket, we must understand that the password is the primary method for attackers to gain access to corporate systems. Phishing passwords may be the easiest method, but passwords can also be cracked. The stronger the password, the harder it is for cybercriminals to decode. In a typical attack—the brute force password attack—attackers will use software that quickly attempts every possible password combination of numbers, letters, and symbols. These software programs get better as computing power increases. For example, an eight-character strong password was not long ago considered secure and difficult to crack. Today, it can be cracked in eight hours. But if we tack on two more characters to make it ten-character, cracking the password can take approximately five years. Why do we need unique passwords for every login? As mentioned above, phishing is one of the simplest ways for hackers to steal our passwords. If you think your company has been victimized by phishing, malware, or ransomware, perhaps you’ve taken steps to reset those passwords. But the security risk here is if employees are using the same passwords for different apps, sites or resources. Have you heard about credential stuffing? With credential stuffing, attackers take username and password combinations they already know (which have been stolen or paid for on the dark web) and try them everywhere they can. Use of credential stuffing is escalating, and businesses of all sizes should take note. This type of attack is only successful if and when employees use the same password for different logins. What about password managers? Managing all those passwords doesn’t have to be complicated. A password management system is software that keeps an up-to-date list of all your passwords and logins, using a master password to access the password “vault”. That master password is the only one you need to remember. What if a hacker accesses your vault? Isn’t that riskier? Sure, there is undoubtedly an element of risk, but it’s critical to think in terms of relative safety. As a general rule, using some type of password | Ransomware Data Breach Hack | LastPass | |
 |
2020-12-18 17:55:57 | Episode 197: The Russia Hack Is A 5 Alarm Fire | Also: Shoppers Beware! (lien direct) | In this podcast, sponsored by LastPass, former U.S. CISO Greg Touhill joins us to talk about news of a vast hack of U.S. government networks, which he calls a "five alarm fire" reportedly set by Russia. The post Episode 197: The Russia Hack Is A 5 Alarm Fire | Also: Shoppers Beware! | Hack | LastPass | |
|
2019-09-25 16:32:50 | Episode 162: Have We missed Electric Grid Cyber Attacks for Years? Also: Breaking Bad Security Habits (lien direct) | In this episode of the podcast #162: according to the non profit that oversees it, the first disruptive hack of the U.S. grid happened in March of this year. Our guest, Joe Weiss, said it really happened more than a decade ago and that hundreds more like it have been overlooked or mis-classified. Also: Rachel Stockton of the firm LastPass* joins...Read the whole entry... _!fbztxtlnk!_ https://feeds.feedblitz.com/~/607155916/0/thesecurityledger -->»
|
Hack | LastPass |
1
We have: 11 articles.
We have: 11 articles.
To see everything:
Our RSS (filtrered)
