LastPass, which in December 2022 disclosed a severe data breach that allowed threat actors to access encrypted password vaults, said it happened as a result of the same adversary launching a second attack on its systems.
The company said one of its DevOps engineers had their personal home computer hacked and infected with a keylogger as part of a sustained cyber attack that exfiltrated sensitive data from its Amazon AWS cloud storage servers.
“The threat actor leveraged information stolen during the first incident, information available from a third-party data breach, and a vulnerability in a third-party media software package to launch a coordinated second attack,” the password management service said.
This intrusion targeted the company’s infrastructure, resources, and the aforementioned employee from August 12, 2022, to October 26, 2022. The original incident, on the other hand, ended on August 12, 2022.
The August breach saw the intruders accessing source code and proprietary technical information from its development environment by means of a single compromised employee account.
In December 2022, LastPass revealed that the threat actor leveraged the stolen information to access a cloud-based storage environment and get hold of “certain elements of our customers’ information.”
Later in the same month, the unknown attacker was disclosed as having obtained access to a backup of customer vault data that it said was protected using 256-bit AES encryption. It did not divulge how recent the backup was.
GoTo, the parent company of LastPass, also fessed up to a breach last month stemming from unauthorized access to the third-party cloud storage service.
Now according to the company, the threat actor engaged in a new series of “reconnaissance, enumeration, and exfiltration activities” aimed at its cloud storage service between August and October 2022.
“Specifically, the threat actor was able to leverage valid credentials stolen from a senior DevOps engineer to access a shared cloud storage environment,” LastPass said, adding the engineer “had access to the decryption keys needed to access the cloud storage service.”
This allowed the malicious actor to obtain access to the AWS S3 buckets that housed backups of LastPass customer and encrypted vault data, it further noted.
The employee’s passwords are said to have been siphoned by targeting the individual’s home computer and leveraging a “vulnerable third-party media software package” to achieve remote code execution and plant a keylogger software.
“The threat actor was able to capture the employee’s master password as it was entered, after the employee authenticated with MFA, and gain access to the DevOps engineer’s LastPass corporate vault,” LastPass said.
LastPass did not reveal the name of the third-party media software used, but indications are that it could be Plex based on the fact that it suffered a breach of its own in late August 2022.
In the aftermath of the incident, LastPass said it upgraded its security posture by rotating critical and high privilege credentials and reissuing certificates obtained by the threat actor, and that it applied extra S3 hardening measures to put in place logging and alerting mechanisms.
LastPass users are highly recommended to change their master passwords and all the passwords stored in their vaults to mitigate potential risks, if not done already.
Plex shared the following statement with The Hacker News after the publication of the story –
We have not been contacted by LastPass so we cannot speak to the specifics of their incident. We take security issues very seriously, and frequently work with external parties who report issues big or small using our guidelines and bug bounty program. When vulnerabilities are reported following responsible disclosure we address them swiftly and thoroughly, and we’ve never had a critical vulnerability published for which there wasn’t already a patched version released. And when we’ve had incidents of our own, we’ve always chosen to communicate them quickly. We are not aware of any unpatched vulnerabilities, and as always, we invite people to disclose issues to us following the guidelines linked above. Given recent articles about the LastPass incident, although we are not aware of any unpatched vulnerabilities, we have reached out to LastPass to be sure.
Sign up for free and start receiving your daily dose of cybersecurity news, insights and tips.
Category: Uncategorized
-
LastPass Reveals Second Attack Resulting in Breach of Encrypted Password Vaults – The Hacker News
-
DPS sent at least 3000 driver's licenses to organized crime group … – The Texas Tribune
A Chinese crime operation bypassed the password clues of Texas.gov by using stolen identity information to fraudulently obtain replacement driver’s licenses.
Sign up for The Brief, The Texas Tribune’s daily newsletter that keeps readers up to speed on the most essential Texas news.
The Texas Department of Public Safety was duped into shipping at least 3,000 Texas driver’s licenses to a Chinese organized crime group that targeted Asian Texans, DPS Director Steve McCraw told a Texas House committee on Monday.
The organization was then selling the licenses, obtained using the personal information of Texas drivers, to people in the country illegally, McCraw said.
The fraudsters worked through the state’s government portal, Texas.gov. The agency, which discovered the scheme in December, will begin notifying victims in letters to be sent out this week, the DPS chief said. More victims are still being identified, he said.
“We’re not happy at all, I can tell you that, one bit,” McCraw said in testimony to a House Appropriations subcommittee. “They should have had — controls should have been in place, and they never should have happened.”
The crime organization, which McCraw did not name, was able to get its hands on the Texas driver’s licenses by first pulling personal data on individuals with Asian surnames from the “dark web” and other underground data-trading portals.
That info, including previous addresses and family names, allowed thieves to correctly answer password security questions on the Texas.gov site and use stolen credit cards to order duplicate copies of active licenses — such as those ordered by people who misplace their licenses or report them stolen. A replacement license costs $11.
The state-run Texas.gov site is the central portal for Texans wanting to renew licenses, obtain driving records and registration, and obtain birth and death certificates, among other things.
The investigation into the stolen driver’s licenses spans at least four states and also involves fraudulent licenses duplicated from victims in other states as well as Texas. The FBI and the Department of Homeland Security are also investigating, according to the DPS letter to lawmakers.
House Appropriations Vice Chair Mary González, an El Paso Democrat, blasted DPS agency chiefs for letting so much time lapse while Texans were unaware that their identities were being used fraudulently.
“Somebody could be going around as Mary González right now for two months, and nobody’s been notified, I [wouldn’t have been] notified,” González said.
DPS officials are not calling the incident a “data breach” because they say no hacking was involved and vast amounts of data were not being stolen. Instead, the crime group used data obtained from underground sources to bypass a simple password security system — laying bare a security vulnerability that “should never have happened,” McCraw said.
Texas.gov is operated not by DPS, but by the Texas Department of Information Resources.
DPS officials declined to provide details about the security loophole that left the site open to fraud but told lawmakers that it had been closed.
DIR spokesperson Brittney Booth Paylor dismissed the notion that the incident was a cybersecurity breach, calling it “a case of fraudulent criminal activity based on factors unrelated to state systems.”
In an email to The Texas Tribune, Paylor explained that before the fraudulent activity took place, state agencies had the option to require the security (CVV) code and ZIP code for every credit card transaction that goes to their agency on Texas.gov.
She stopped short of saying that was the weak spot used by the criminals and declined to specify whether the DPS had put the practice in place. DPS officials declined to comment further, citing the investigation.
DPS declined to discuss specific details of the investigation in the hearing, including whether arrests had been made in connection with the Texas thefts, but in a letter to lawmakers, McCraw said “several subjects have been identified in this criminal enterprise.”
The criminal operation had not been made public before Monday’s hearing.
DPS officials also did not specify or speculate whether the thieves could have used the password login scheme to obtain other things, like birth certificates.
The problem was first detected in December when a third-party Texas.gov payment vendor “alerted DPS to an increase in customers challenging credit card charges for online transactions,” according to a February letter sent to lawmakers from the DPS. The credit cards used to buy the fraudulent copies were also stolen, authorities said.
Before investigators shut down the operation, McCraw said, the license thieves were able to use the site, billed as “the official website of the State of Texas,” to obtain driver’s licenses that are “Real ID compliant” — not cheap copies, McCraw said.
These stolen licenses can pass verification methods and be used fraudulently all over the country because they are real driver’s licenses being used by people who can pass for the photo on the original card, McCraw said.
González also asked whether the fact that Asian Americans were being targeted would constitute a hate crime.
McCraw, without committing either way, said they appeared to be targeted because their names and photos would most closely resemble the people the syndicate would be selling the licenses to, according to what the agency’s investigation has uncovered so far.
Letters set to go out to affected Texans this week explain that if they suspect their ID is being used fraudulently, their cases will be given priority status. Also, the department will send affected licensees replacement licenses free of charge.
kharper@texastribune.org
@kbrooksharper
Perhaps it goes without saying — but producing quality journalism isn’t cheap. At a time when newsroom resources and revenue across the country are declining, The Texas Tribune remains committed to sustaining our mission: creating a more engaged and informed Texas with every story we cover, every event we convene and every newsletter we send. As a nonprofit newsroom, we rely on members to help keep our stories free and our events open to the public. Do you value our journalism? Show us with your support.
Loading content …
Loading content … -
How the Ukraine War Opened a Fault Line in Cybercrime, Possibly … – Dark Reading
Russia’s war in Ukraine has shaken cyberspace at every level, from nation-state advanced persistent threats (APTs) on down to low-grade carders on Dark Web forums.
A new report from Recorded Future highlights the many effects that the Russian invasion of Ukraine, now one year past, has had in cyberspace. Threat actors have been pulled away from their computers. Allies have become enemies. Cybercrime activity has shifted and power structures have been reorganized, not least because people have been physically moving.
It all amounts to a kind of grand, multifaceted dissolution. A breakdown of the cybercrime state of affairs. Will the digital underworld ever be the same again?
The Internet breaks down barriers. Even thousands of miles can’t prevent a hacker in Russia or Ukraine from breaching the database of a corporation in France or Canada. And yet, physical movement in the wake of the war has had lasting impacts on how cybercriminals are operating.
On one hand, of course, Ukrainians have emigrated from their country en masse.
“We believe that some threat actor groups based in Ukraine also fled when the war began, similar to their Russian counterparts,” Alex Leslie, associate threat intelligence analyst at Recorded Future, tells Dark Reading.
The report refers to the case of Mark Sokolovsky, core developer for Raccoon Stealer — an information-stealing malware — who fled Ukraine to avoid conscription.
“While this is only one case study,” Leslie says, “we believe it is indicative of a larger trend in which threat actors have fled Russia, Ukraine, and even Belarus to avoid conflict.”
Meanwhile, Russia has been experiencing, as the authors say, a “brain drain,” with IT and cybersecurity professionals leaving the country for neighboring Georgia, Kazakhstan, Finland, and Estonia. Further, the drafting of young men of fighting age has led threat actors from behind screens to the front lines.
As a result, the country “has begun to deplete its hacker reserves,” Leslie explains. “What we identify is that the overall volume of activities, particularly on Russian cybercriminal forums, marketplaces, and social media channels, has decreased dramatically in waves. These waves being immediately before and after the war began, during waves of mobilization, and coinciding with Russians leaving the country.”
The reordering of so many lives has led to “a bit more decentralization, both geographically and in terms of hegemonic groups and sources of activity,” Leslie says.
Cybercriminals come from every corner of the world, but no corner more than in Russia and Eastern Europe. Many of the great cyberattacks of history have come courtesy of criminals in Russia and Ukraine. Russian APTs have become notorious for their attacks against Ukraine but this represents a change: Russian cybercriminals have historically worked hand-in-hand with their comrades across the border.
This kumbaya attitude was quashed on Feb. 24, 2022, when Russia invaded Ukraine and those on both sides were inspired to pledge allegiances. Most famously, the Conti group fully backed the Putin regime, then retracted, then halfway retracted its retraction. This support for the invasion was perhaps uncoincidentally attended by a giant leak of the Conti source code, tipping over a slow demise for Russia’s most prominent ransomware gang.
“We do not believe that Conti’s dissolution was a direct result of the leaks,” the authors wrote, “but rather that the leaks catalyzed the dissolution of an already fracturing threat group.”
Far beyond just Conti, cybercrime elements which once worked together have since split over political differences, according to Recorded Future. The authors wrote that “the so-called ‘brotherhood’ of Russian-speaking threat actors located in the CIS [Commonwealth of Independent States] has been damaged by insider leaks and group splintering, due to declarations of nation-state allegiance both in support of and opposed to Russia’s war against Ukraine.”
All the uprooting and fighting has caused fractures in the very structure of the cybercrime underground, researchers concluded.
“Russian-language Dark Web marketplaces have taken a major hit,” Leslie claims. “These marketplaces have also fractured and become more diffuse,” a trend compounded by the seizure of the world’s No. 1 cybercrime forum, Hydra.
He adds, “We speculate that the epicenter of cybercrime may shift to English-speaking Dark Web forums, shops, and marketplaces over the next year.”Copyright © 2023 Informa PLC Informa UK Limited is a company registered in England and Wales with company number 1072954 whose registered office is 5 Howick Place, London, SW1P 1WG.
-
How Does a Data Breach Take Place in an Organization? – Security Boulevard
The Home of the Security Bloggers Network
Home » Security Bloggers Network »
Recent incidents of data breaches have become a great concern for organizations. Regardless of the organization’s size, threat actors are targeting every business type. Threat actors have also started targeting medical organizations. The latest incidents with Medibank have shown how worse it can be. As per the reports, 9.7 million people (Medibank customers) were affected by the data breach and the data was worth 200GB.
Breached data is exposed to the public. And this data leak can result in the loss of billions of confidential records and impacts not merely the breached organization but also the individuals whose private data may have been stolen by cybercriminals. However, the risk of such data breaches can be mitigated using proactive strategies.
To stop such cyber-attacks, we have to understand the root cause of such incidents, like how threat actors operate, what loopholes they target, and how they monitor activity. We will discuss all these methods and try to understand how such data breaches happened.
We are going to discuss every cause step by step and will understand how threat actors use them to attack an organization.
Application vulnerability is the major cause of data breaches in an organization. If we look at the data, we can see that most attacks were successful because of the vulnerable application running by the organization. Although there are so many application bugs that can cause highly severe vulnerabilities, we will talk about the simplest bugs which can cause some big impact.
To prevent data breaches, businesses need to oversee high-risk application vulnerabilities like –
During our pentest at Kratikal, we have seen most web applications we audit were running the default credentials, most of these vulnerabilities occur when organizations have set up their server and have not changed the default settings which causes most attacks.
The below screenshot shows an example of a default apache/tomcat error report which is also leaking server version information. This gives the attacker an idea if the server version is vulnerable to any available exploits which can be found at exploit-db or on Github also.
Another reason for a data breach is using the default configuration, and this can cause attacks such as directory listening and leaking of sensitive files. An attacker can get access to these files by brute forcing directories. In the screenshot below it can be seen that the server is leaking its directory which gives an idea to the attacker about the structure of a webpage.
Here we can see it’s leaking the server logs which are showing IRC logs that can also reveal sensitive information. And for application security, no logs should ever be visible publicly.
These security flaws are easy to find because an attacker just needs to use an automated tool on the vulnerable website which doesn’t require expertise and knowledge of the hack and can be exploited by a threat actor to gain access inside your highest privileged accounts.
Not every data breach happened due to vulnerable web applications, recent cyber-attack on GoDaddy happened because the attacker was able to install malware inside their organization. According to GoDaddy, this led to the redirection of their customer website.
Let’s try to understand how malware gets inside an organization that led to such cyber-attacks and data breaches.
In the below video, we have made a PoC to show how a threat actor can create a fake activator to infect your system with ransomware.
As we are talking about data breaches there is a way a threat tries to get inside your organization, they use previously leaked or breached passwords to gain access inside your organization.
Here’s how this happened: The threat actor got the leaked password database from a breach forum or some dark web forum. They try to log in with those credentials inside an admin panel or to some employee account and if the employee is using the same password again this will lead to unauthorized access to that threat actor.
A recent Paypal data breach tells us shows an example of credential stuffing where the hacker has compromised at least 35,000 users.
These hackers get these leaked credentials from an old data breach or hack forums. These hackers sell these data on such forums which other blackhats use for their malicious purpose.
The below screenshot shows a threat actor sharing the leaked username and password of Twitter accounts on a leaked forum.
This is the most challenging for organizations, insider threats are someone from inside the companies and organizations where someone from inside gives access to malicious actors or intentionally leaks the data online to someone on the dark web.
That’s where social engineering comes in, threat actors use this method to lure the target by exploiting the “people” vulnerability. This social engineering technique can be phishing, vishing, or smishing. These threat actors monitor the user activity and then deploy the attack based on the user’s profile.
Such insider threats are called The Pawn. For example, if an organization’s HR has posted a candidate requirement on LinkedIn, then based on the profile requirement the threat actor can prepare a strong candidate profile and contact the HR. The threat actor can send some malicious type of payload in the form of “doc” which when the HR downloads and opens will give the threat actor unauthorized access to the threat actor.
Below is a simple example of such phishing attempts where a threat actor tries to phish a user with the fake Adobe login form.
A data breach or security breach occurs in an organization when a malicious actor invades a data source and steals sensitive information. The reason behind it is the poor security posture of the organization and lack of cyber security awareness.
To strengthen the security posture of your organization, trust Kratikal, a CERT-In-empanelled firm. We hold years-rich experience in VAPT and compliance and have served over 600 SMEs and 100 big enterprises. We believe in delivering robust vulnerability assessment and pentest to ensure the security of IT infra and conducting compliance audits within the organizations to assist them in maintaining seamless business operations and functions and avoid penalties and data breach possibilities.
Take action to secure your business with us right away.
The post How Does a Data Breach Take Place in an Organization? appeared first on Kratikal Blogs.
*** This is a Security Bloggers Network syndicated blog from Kratikal Blogs authored by Prachi Tiwari. Read the original post at: https://kratikal.com/blog/how-does-a-data-breach-take-place-in-an-organization/
More Webinars
-
Overcoming the cybersecurity talent shortage starts with hiring – Security Magazine
Image from Unsplash
One of the earliest mentions of the cybersecurity talent shortage was in January 2011, when ESG analyst Jon Oltsik asked, “Will there be a shortage of cybersecurity professionals in 2011?” 11 years later, leaders in the industry are still talking about the very same topic. Organizations have had a decade to address and overcome this growing problem, yet the talent shortage is far worse today than ever. In fact, data from CyberSeek shows that there are nearly 715,000 cybersecurity job openings in the U.S. right now.
Where is the cybersecurity industry going wrong? This is a loaded question, as there are a number of things that the industry needs to fix to overcome the cybersecurity talent shortage. Let’s focus on the broken employment process—because this is where all the problems start.
The harsh reality today is that human resources (HR) teams, cybersecurity hiring managers and even chief information security officers (CISOs) are out of touch with the modern requirements of the cybersecurity profession.
The hiring process within many companies goes something like this: The CISO mandates that the security hiring manager fill open entry-level positions and relies on said hiring manager to get the job done with little oversight. To start the hiring process, the HR team tells the hiring manager to come up with a list of job responsibilities and requirements, so they can find and recruit qualified professionals to interview. And, all too often, the hiring manager has unreal expectations, wanting a “unicorn” to fill their team’s needs. Without any pushback, the HR team compares the job description provided by the hiring manager with the corporate structure and pay scale, and, before you know it, the entry-level position mandates qualifications typically possessed by senior security professionals — for example, someone with a four-year degree, three to five years of industry experience and security certifications, such as a CISSP.
Organizations won’t find entry-level candidates with three to five years of experience. Many might not even hold a college degree or security certification. And, on the flip side, no experienced security professional is going to apply for an entry-level position. Given this juxtaposition, a major misalignment emerges between the entry-level job role and the candidates qualified to apply for it — so it’s no wonder organizations can’t fill these open positions.
To bridge this divide, hiring managers need to stop trying to hire themselves; HR teams need to stop trying to fit legacy hiring restrictions (e.g., degrees, certifications and years of experience) on modern cybersecurity roles; and CISOs need to be more involved from the start. Here are a few specific ways companies can improve the cybersecurity hiring process.
To be honest, cybersecurity positions short of a director role do not require a four-year college degree. If an individual has drive, aptitude and a willingness to learn, they can be trained to be successful in the cybersecurity industry. Once a company slaps a degree requirement on a job posting, they eliminate a vast majority of candidates — many of which are entirely qualified to fill an entry-level position.
When hiring managers include certifications from specific organizations in the required qualifications for a cybersecurity role, they could be excluding qualified applicants who have certifications from other organizations. The EdTech market has exploded recently, and there are now myriad companies that provide anyone with an interest in cybersecurity with options to get the knowledge and training they need to enter the field. Hiring managers and HR teams need to recognize that certifications may come from around the industry and write their job descriptions to include many sources of qualified talent.
Similar to modern cybersecurity education and training, there are now new ways that individuals can gain security experience. There are a number of online lab platforms available that offer virtual environments for current and prospective cybersecurity professionals to practice penetration testing — and it can all be done at home, on the keyboard. Hiring managers and HR teams need to understand that hands-on experience through these online training platforms is equally valuable to legacy cognitive options.
Hiring managers and HR teams need to be on the same page when it comes to drafting job descriptions and associated qualifications, or the disconnect will move from the job responsibilities/requirements combination to between these two parties. Additionally, CISOs need to be more involved in the hiring process from the beginning, working with hiring managers and HR teams to keep a pulse on how cybersecurity roles are changing, how qualifications are evolving right alongside them, and what this means for filling vacant positions within their company.
There are so many things the cybersecurity needs to do to overcome the ongoing cybersecurity talent shortage, but it all starts with the employment process. It’s time organizations start looking beyond resumes and qualifications and accepting people that lack the traditional path to cybersecurity into the industry. The good news here is that the above best practices are all things that companies can implement today to make an immediate difference. If the cybersecurity industry can collectively move in this direction, hopefully, very soon, that sky-high number of open cybersecurity positions will drastically decrease.
Neal Bridges brings more than two decades of cybersecurity experience to his role as Chief Information Security Officer (CISO) for Query.AI. He’s also the founder of the Cyber Insecurity podcast, where he discusses the latest cyber news and trends, and gives career advice to listeners who are new to the cybersecurity industry.
You must have JavaScript enabled to enjoy a limited number of articles over the next 30 days.
Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company. Interested in participating in our Sponsored Content section? Contact your local rep.
ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.
Employees don’t feel prepared to navigate an increasingly dangerous world, and they expect their employers to not only care about their personal safety, but to actively keep them safe.
Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics.
Copyright ©2023. All Rights Reserved BNP Media.
Design, CMS, Hosting & Web Development :: ePublishing -
Hacked home computer of engineer led to second LastPass data … – CSO Online
By Apurva Venkat
Principal Correspondent, CSO |
Password management company LastPass, which was hit by two data breaches last year, has revealed that data exfiltrated during the first intrusion, discovered in August, was used to target the personal home computer of one of its devops engineers and launch a second successful cyberatttack, detected in November.
The threat actor involved in the breaches infected the engineer’s home computer with a keylogger, which recorded information that enabled a cyberattack that exfiltrated sensitive information from the company’s AWS cloud storage servers, LastPass said in a cybersecurity incident update Monday.
The company had divulged information about the data breaches last year; the update reveals for the first time that the same threat actor was responsible for both breaches.
The first intrusion ended on August 12 last year. However, LastPass now says that the threat actor was actively engaged in a new series of reconnaissance, enumeration, and exfiltration activity aimed at the company’s the cloud storage environment from August 12 to October 26, 2022.
“The observed tactics, techniques, and procedures (TTPs), as well as the indicators of compromise (IOCs) of the second incident were not consistent with those of the first. While proximal in terms of timeline, it was not initially obvious that the two incidents were directly related,” LastPass said in its update. There has been no activity by the threat actor after October 26, the company added.
The developer whose home computer was infected with the keylogger was only one of four devops engineers in the company who had access to the decryption keys of encrypted Amazon S3 buckets.
“The threat actor was able to capture the employee’s master password as it was entered, after the employee authenticated with MFA, and gain access to the devops engineer’s LastPass corporate vault,” LastPass said.
The threat actor then exported the native corporate vault entries and content of shared folders, which contained encrypted secure notes with access and decryption keys needed to access the AWS S3 LastPass production backups, other cloud-based storage resources, and some related critical database backups.
The use of valid credentials made it difficult for the company’s investigators to detect the threat actor’s activity.
In the first intrusion, in August, a software engineer’s corporate laptop was compromised, allowing the threat actor to gain access to a cloud-based development environment and steal source code, technical information, and certain LastPass internal system secrets, LastPass CEO Karim Toubba said in a blog addressed to customers.
No customer data or vault data was stolen during this incident, as LastPass did not have any customer or vault data in the development environment.
“We declared this incident closed but later learned that information stolen in the first incident was used to identify targets and initiate the second incident,” Toubba said.
During the first incident, the threat actor was able to access on-demand, cloud-based development and source code repositories of 14 out of 200 software repositories.
Internal scripts from the repositories — which contained company secrets and certificates as well as internal documentation including technical information that described how the development environment operated — were also accessed by the threat actor.
In the second incident, the threat actor used the information stolen in the first intrusion to target a senior devops engineer and exploit vulnerable third-party software to install a keylogger, Toubba said.
The threat actor leveraged information from the keylogger malware, including the engineer’s credentials, to bypass and ultimately gain access to cloud backups. The data accessed from those backups included system configuration data, API secrets, third-party integration secrets, and encrypted and unencrypted customer data, the company said.
The threat actor also accessed devops secrets including information used to gain access to cloud-based backup storage. Access to a backup of the LastPass multifactor authentication (MFA) and federation database that contained copies of the company’s authenticator seeds, telephone numbers used for MFA backup, as well as a split-knowledge component (the K2 “key”) used for LastPass federation, was also gained by threat actor, LastPass said.
The identity of the threat actor and their motivation is unknown. There has been no contact or demands made, and there has been no detected credible underground activity indicating that the threat actor is actively engaged in marketing or selling any information obtained during either incident, LastPass said.
There have been several steps that LastPass has taken to strengthen its security in the wake of the incidents. “We invested a significant amount of time and effort hardening our security while improving overall security operations,” the CEO said.
Some of this included assisting devops engineers with hardening the security of their home network and personal resources, rotating critical and high privilege credentials, and enabling custom analytics that can detect ongoing abuse of AWS resources. LastPass says it has have millions of users and more than 100,000 businesses as customers.Apurva Venkat is principal correspondent for the India editions of CIO, CSO, and Computerworld.
Copyright © 2023 IDG Communications, Inc.
Copyright © 2023 IDG Communications, Inc. -
Data breach impacts Stanford University | SC Media – SC Media
SC Staff
Kroger’s mail-order pharmacy Postal Prescription Services, video software firm SundaySky, Blue Cross Blue Shield of Arizona, and Illinois-based Top of the World Ranch Treatment Center have been impacted by separate health data breaches, HealthITSecurity reports.
SC Staff
TechCrunch reports that iD Tech, a tech coding camp providing online and on-campus tech courses for children, has yet to confirm a data breach that resulted in the theft of thousands of users’ personal information.
On-Demand Event
On-Demand Event
On-Demand Event
By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.
Copyright © 2023 CyberRisk Alliance, LLC All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorization.
Your use of this website constitutes acceptance of CyberRisk Alliance Privacy Policy and Terms & Conditions. -
Demand for Cybersecurity Jobs Remains Strong – TechDecisions
Leave a Comment
Cybersecurity professionals continue to be a hot commodity, with demand for them straining talent availability, according to cybersecurity workforce analytics platform CyberSeek.
Developed in partnership with National Initiative for Cybersecurity Education at NIST, Lightcast and CompTIA, CyberSeek in a new study says there were nearly 770,000 openings for cybersecurity jobs for the 12-month period ending in September 2022. Employer demand for these jobs is growing 2.4 times faster than the overall rate across the U.S. economy.
In fact, nine of the 10 top months for cybersecurity job postings in the past 10 years have occurred in 2022, CyberSeek found.
“The data should compel us to double-down on efforts to raise awareness of cybersecurity career opportunities to youth and adults, especially during Cybersecurity Career Awareness Week which is an international campaign to inspire individuals to explore the variety of types of cybersecurity-related roles that are needed in both the public and private sectors,” said Rodney Petersen, Director of the National Initiative for Cybersecurity Education (NICE).
Despite a slight pullback in hiring activity in the most recent months from the record volumes earlier this year, cybersecurity job postings for Q3 2022 tracked 30% higher than the same period in 2021 and 68% higher than 2020, the data shows.
There are about 65 cybersecurity workers in the labor market for every100 job postings, a supply-demand ratio that has largely held steady over the last 12 months.
Perhaps exacerbating the cybersecurity jobs crisis, requirements for job postings have increased dramatically over the last 12 months, with the industry expanding into specialized fields such as penetration testing and threat analysis.
There is a similar expansion of cybersecurity skills requirements in adjacent positions such as auditor (+336%), software developer (+87%), cloud architect (+83%) and technical support engineer (+48%), according to CyberSeek.
“The CyberSeek data reaffirms the critical importance of feeder roles and thinking more creatively about on-ramps and career pathways,” says Ron Culler, vice president cyber learning officer, CompTIA. “It is clear from the CyberSeek data that cybersecurity’s importance and impact reaches all levels of the tech workforce. We see this trend continuing and are committed to ensuring that cybersecurity professionals are prepared for the current and future challenges this will bring.”
“Demand for cybersecurity talent has been accelerating for years, and employers are showing no signs of taking their foot off the gas,” says Will Markow, vice president of applied research at Lightcast. “That’s why it is more important than ever to build robust talent pipelines to ensure a safer digital world. We can’t accept leaving holes in our cybersecurity defenses simply because we don’t have enough trained workers to plug them.”
Learn about four key technologies we identified as critical to your IT organization’s success in 2023, as well as how to invest in new innovations emerging from each.
Your email address will not be published.
Learn about four key technologies we identified as critical to your IT organization’s success in 2023, as well as how to invest in new innovations …
Choosing the best solutions for messaging, branding, and communicating in today’s content-everywhere landscape
Download this free resource to learn about how IT leaders can effectively manage and implement a hybrid work model.
Learn More About the
Windows Collaboration Display
Get the latest news about AV integrators and Security installers from our sister publications:
FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets
Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.
© 2023 Emerald X, LLC. All rights reserved. -
Australian Government Announces Cybersecurity Coordinator Position – The National Law Review
Not content with merely implementing broad-scale privacy reform, the Government has announced a new position, the Coordinator for Cyber Security to be added to the Department of Home Affairs as a step towards their aim of “making Australia the most cyber secure nation by 2030“. This would seem to be a rather aspirational target!
The Coordinator will be supported by a National Office for Cyber Security, and their role will be to oversee steps to prevent future cyber security incidents and to help manage cyber incidents as they occur.
An advisory board led by former Telstra boss Andy Penn has published a discussion paper on Australia’s cyber security strategy for the remainder of this decade. The discussion paper raises Australia’s increased reliance on digital technologies since the COVID-19 pandemic, the growing significance of the cyber market to Australia’s domestic economy, and the lack of appropriate government powers to respond to recent data breaches as the impetus for revisiting cyber security with a fresh strategy.
Key talking points include the suggestion of a new Cyber Security Act to codify cyber security obligations from various legislative instruments and standards used in industry and government. The discussion paper also suggests including customer data and “systems” as critical assets under the Security of Critical Infrastructure Act (2018) to empower the Department to give directions and gather information in response to data breaches like those that occurred last year.
Reform that strengthens and simplifies Australia’s convoluted cyber security laws is certainly welcome, though the government should be careful to avoid adding to the cost of regulatory compliance without Australia’s cyber security benefitting from practical, effective, improvements. The government’s ambition for Australia should be a defence against malicious cyber actors more cost effective than a digital Maginot Line. Submissions on the discussion paper are open via webform until 15 April 2023.
Dadar Ahmadi-Pirshahid also contributed to this article.
About this Author
Mr. Abbott is a corporate lawyer who focuses on technology, telecommunications and broadcasting transactions. He assists corporations and vendors in managing their technology requirements and contracts, particularly large outsourcing and technology procurements issues including licensing terms for SAP and Oracle and major system integration transactions.
Mr. Abbott partners with his clients to ensure market leading solutions are implemented in to their businesses. He concentrates on managing and negotiating complex technology solutions, which…
Rob Pulham is an experienced corporate advisory and transactional lawyer with an active technology and privacy practice representing companies in the energy, manufacturing, mining, retail, health and financial services sectors, as well as government and not for profit organisations. He has extensive experience advising customers and vendors in the technology industry, with particular focus on software licensing, data privacy and protection, and systems integration projects. In his role as a senior corporate lawyer, Mr. Pulham reviews organisational policies and practices…
You are responsible for reading, understanding and agreeing to the National Law Review’s (NLR’s) and the National Law Forum LLC’s Terms of Use and Privacy Policy before using the National Law Review website. The National Law Review is a free to use, no-log in database of legal and business articles. The content and links on www.NatLawReview.com are intended for general information purposes only. Any legal analysis, legislative updates or other content and links should not be construed as legal or professional advice or a substitute for such advice. No attorney-client or confidential relationship is formed by the transmission of information between you and the National Law Review website or any of the law firms, attorneys or other professionals or organizations who include content on the National Law Review website. If you require legal or professional advice, kindly contact an attorney or other suitable professional advisor.
Some states have laws and ethical rules regarding solicitation and advertisement practices by attorneys and/or other professionals. The National Law Review is not a law firm nor is www.NatLawReview.com intended to be a referral service for attorneys and/or other professionals. The NLR does not wish, nor does it intend, to solicit the business of anyone or to refer anyone to an attorney or other professional. NLR does not answer legal questions nor will we refer you to an attorney or other professional if you request such information from us.
Under certain state laws the following statements may be required on this website and we have included them in order to be in full compliance with these rules. The choice of a lawyer or other professional is an important decision and should not be based solely upon advertisements. Attorney Advertising Notice: Prior results do not guarantee a similar outcome. Statement in compliance with Texas Rules of Professional Conduct. Unless otherwise noted, attorneys are not certified by the Texas Board of Legal Specialization, nor can NLR attest to the accuracy of any notation of Legal Specialization or other Professional Credentials.
The National Law Review – National Law Forum LLC 3 Grant Square #141 Hinsdale, IL 60521 Telephone (708) 357-3317 or toll free (877) 357-3317. If you would ike to contact us via email please click here.