Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Cyber Security Incidents. Show all posts

LastPass Hacked, Customer Data and Vaults Secure

The password manager, LastPass recently unveiled that the attackers who breached its security in August 2020 also had access to its network for four days. 
 
As per the latest statements by LastPass, the company suffered from the interference of cyber attackers for four days in august 2022. Luckily, the company was able to detect and remove malicious actors during this period. 

With regards to the investigation updates concerning the security breach, the CEO of LastPass, Karim Toubba published a notice, stating, “We have completed the investigation and forensics process in partnership with Mandiant.” 
 
Furtermore, the company also stated, “There is no evidence of any threat actor activity beyond the established timeline. We can also confirm that there is no evidence that this incident involved any access to customer data or encrypted password vaults.” 
 
During the investigation, the company found that the malicious actors got access to the development environment by compromising a developer’s endpoint. After the developer completed its multi-factor authentication, the cyber attackers used their persistent access in imitating the developer and entered the development environment. 
 
However, the company commented that the system design and controls of the developer environment prevented threat actors from meddling with customer data or coded password vaults. 
 
The security measures of LastPass include a master password, which is required to access the vaults and decrypt the data. However, LastPass does not store that master password, which invalidates any other attempt of accessing other than by the user himself. In essence, LastPass does not have access to its users' master passwords. 

In an analysis of source code and production, it was found that as LastPass does not allow any developer from the development environment to push source code into a production environment without a fixed process, the threat actors were also unable to inject any code-poisoning or malicious code. 
 
In order to extend support to LastPass’s customers, Toubab further assured in the notice that they "have deployed enhanced security controls including additional endpoint security controls and monitoring.” The company has worked jointly with Mandiant, an American cybersecurity firm and a subsidiary of Google – to conclude that no sensitive data has been compromised. 

In 2015, the company witnessed a security incident that impacted email addresses, authentication hashes, and password reminders along with other data. Today, LastPass has approximately 33 million customers, thus a similar security breach would have a more jarring impact and hence is a matter of utmost concern. LastPass persuaded customers that their private data and passwords are safe with them as there was no evidence suggesting that any customer data was compromised. 


Gloucestershire Council's Website is Being Disrupted due to a Cyber Attack

 

Since the incident on December 20, Gloucester City Council has been attempting to repair some of its online services. The council's online revenue and benefits areas, as well as planning and customer service, are all affected. It pleaded for patience while the services were restored and invited users to email it directly if they had any problems. In addition, the council is collaborating with the National Crime Agency (NCA) and the National Cyber Security Centre (NCSC) to resolve the problem. 

Gloucester City Council is the city authority for the city of Gloucester, which is divided into 18 wards and has 39 councilors elected to serve on the City Council. There were 22 Conservative councilors, 10 Labour councilors, and 7 Liberal Democrat councilors following the 2016 election. The current composition consists of 18 Conservatives, 9 Liberal Democrats, 8 Labour, and 1 independent. 

Residents are also unable to use interactive online application forms used to claim housing benefits, council tax support, test and track support payments, or discretionary housing payments. The problem appears to be so significant that other councils in Gloucestershire, as well as government organizations, are said to have blocked emails from the city council. According to the Local Democracy Reporting Service, the council's planning application website is also unavailable as a result of the attack. 

Those checking in are presently unable to read planning application details or submit comments via the online portal, and the council is unable to email or post plans to customers. The council claims it is doing everything possible to ensure that customers can still contact them, with the primary focus being on dealing with urgent customer matters. Meanwhile, work is being done to bring systems back online once it is deemed safe to do so. 

A spokesperson from Gloucester City Council said: “Through the course of December 20, we became aware that some of our IT systems had been affected by a cyber incident. As a result of the incident, there is currently disruption to some systems and services. We are doing all we can to make sure customers can still contact us but we do ask people to be patient."

"We have been actively working with the National Cyber Security Centre and the National Crime Agency to understand more about the nature of the attack and minimize the impact," he added. Our priority for the next several days will be to handle critical customer issues and to continue working with national agencies to bring our systems back online as fast and safely as possible, he concluded.

Group-IB specialists confirmed the fact of hacking The Bell portal

On October 8, experts from the cybersecurity company Group-IB reported that the criminals on September 2 really hacked The Bell website and sent a newsletter on behalf of the publication.

The Group-IB Computer Forensics and Malware Research Laboratory found out that on the evening of August 29, hackers began sending requests in an attempt to exploit a vulnerability that allows remote code execution. The next day, the program for checking for a number of web application vulnerabilities Burp Suite started to scan the website.

On August 30, the attackers gained access to the administrative panel of the publication's website. This allowed hackers to send a fake newsletter on September 2.

On the morning of September 2, the editorial board of The Bell reported the hacking of the email account, before that subscribers received a newsletter calling for a boycott of the elections to the Duma of Russia and to go on pickets on election day. The text of the letter and the design were stylized for the daily newsletter of the publication. 

The general director of the publication Elizaveta Ossetinskaya called the newsletter a provocation, “the purpose of which is to accuse us of political activity, which we have not engaged in, are not engaged in and were not going to engage in.”

In addition, earlier, it was reported that unknown people tried to hack the phone of The Bell journalist Irina Pankratova. They ordered the details of her calls and SMS messages using a fake notarial power of attorney in the office of MegaFon.

It is worth noting that Group-IB cooperates with Interpol, Europol and the OSCE. The organization provides assistance to Russian special services and law enforcement agencies in operations against hacker groups.

Earlier, CySecurity News reported that on September 29, the head of Group-IB Ilya Sachkov was arrested for two months. The Investigative Committee charged him with high treason.