News and Editorials (3538)
Wednesday, 30 March 2022 10:19
Lapsus$ Releases 70GB Allegedly from IT Firm Globant Data Despite Recent Arrests
Written by Sean Kalinich
Just when you might have thought things were calming down with Lapsus$, they bounce back from a “vacation” and dump what they are claiming is 70GB of data from IT group Globant. The leak comes after police in London announced…
Read 947 times
Published in
Security Talk
Monday, 28 March 2022 15:42
Google Releases 2nd Patch Now Advisory of 2022 as New Actively Exploited Zero-Day Shows Up.
Written by Sean Kalinich
Google pushed out a n Out-of-band patch for Chrome due to a high-severity on Friday (March 25th, 2022). The patch was pushed out quickly as the vulnerability, tracked as CVE-2022-1096 is being actively exploited in the wild. CVE-2022-1096 is a…
Read 903 times
Published in
Security Talk
Monday, 28 March 2022 09:17
Okta Says they “made a mistake” Over Lapsus$ Incident
Written by Sean Kalinich
Lat week we reported on the quick change in Okta’s stance on a January security incident that turned out to be much larger and have the volatile hacking group Lapsus$ behind it. The original disclosure was that a single third-party…
Read 1023 times
Published in
Security Talk
Thursday, 24 March 2022 07:56
After Admitting Breach, Okta Attempted to Downplay the Impact
Written by Sean Kalinich
On the 22nd of March Okta finally confirmed that they were breached in January for a period of 5 days. The breach, according to information now disclosed, happened due to the compromise of an account of a support engineer. The…
Read 1340 times
Published in
Security Talk
Wednesday, 23 March 2022 09:39
Google Message and Phone Dialer App Quietly Collecting User Data without Consent
Written by Sean Kalinich
Once again Google has been caught with their hands in the personal data collection cookie jar. It seems that their Messages and Phone Dialer Apps were sending information about your calls and messages without giving the user any chance to…
Read 977 times
Published in
Security Talk
Wednesday, 23 March 2022 08:37
Microsoft Confirms Lapsus$ Attack and Data Theft release TTPs on the Group
Written by Sean Kalinich
Microsoft has finally acknowledged the attack and theft of source code by the Lapsus$ group (tracked as DEV-0537). According to the announcement, a single user account was compromised to gain limited access to their systems and source code. The public…
Read 871 times
Published in
Security Talk
Tuesday, 22 March 2022 12:24
Okta, like Microsoft, Is Investigating Claims by Lapsus$ that They Have Been Breached
Written by Sean Kalinich
Earlier today we covered the leak of Microsoft source code by the Lapsus$ group. The group leaked a portion of the data they claim to have stolen in the form of a 37GB dump. This dump has added to the…
Read 896 times
Published in
Security Talk
Tuesday, 22 March 2022 09:13
Lapsus$ Leaks Some of the Source Code they Claim they Stole from Microsoft
Written by Sean Kalinich
Yesterday we reported that the source code stealing group, Lapsus$, claimed they have breached and stollen source code from Microsoft. They made the announcement on their Telegram account by posting a screenshot of the projects they claimed to have access…
Read 947 times
Published in
Security Talk
Monday, 21 March 2022 18:48
Elden Ring has a Flaw that Invaders are Using to Corrupt Game Saves
Written by Sean Kalinich
Elden Ring, from developer FromSoftware seems to have a flaw that is allowing an interesting attack for PC players. The flaw allows invaders, malicious players that enter another player’s world to cause a game crash, this crash leads the player…
Read 1033 times
Published in
In Other News
Monday, 21 March 2022 18:04
Lapsus$ Claims They have Some Microsoft Azure Source Code, Microsoft is Investigating the Claim
Written by Sean Kalinich
The Lapsus$ group has been in the news recently for theft of source code form some high-profile targets. These targets have included companies like NVIDIA, Samsung, Vodafone, and Ubisoft. The NVIDIA event was noteworthy as it included a claim that…
Read 1351 times
Published in
Security Talk
Monday, 21 March 2022 14:41
New Browser in the Browser Attack Improves on Phishing Campaigns
Written by Sean Kalinich
Phishing, regular and spear, is a very common method of compromising accounts and gaining access to a network. In many incidents, the initial compromise can be traced back to a compromised account via some sort of phishing message. This happens…
Read 737 times
Published in
Security Talk
Thursday, 17 March 2022 09:16
SolarWinds Says Remove Web Help Desk from Public Access to Avoid Possible Attack
Written by Sean Kalinich
Recently a SolarWinds Web Help Desk client reported an attempted attack on their externally facing Web Help Desk instance. The attack was caught by their EDR system which was able to block the attempt. However, the reported attack, after a…
Read 769 times
Published in
Security Talk
Thursday, 17 March 2022 07:26
Open Source Community Takes a Hit as One Developer Pushes Destructive Content as a Form of Protest
Written by Sean Kalinich
Since the beginning of the Russian invasion of Ukraine we have seen a massive increase in what can only be called cyber warfare. This battle is not just being fought at the state level though. Even APT groups have gotten…
Read 862 times
Published in
Security Talk
Wednesday, 16 March 2022 12:40
MFA Flaw used by State Threat Actors to Move Around your Network
Written by Sean Kalinich
Multi-Factor Authentication is often seen as an answer to account compromise, or at least a partial answer to this issue. The problem is that MFA is that while it can help with account compromise, it is certainly not the end…
Read 617 times
Published in
Security Talk
Wednesday, 16 March 2022 08:53
Microsoft Says Ads in Windows 11 File Explorer Were Not Meant for Us to See
Written by Sean Kalinich
Yesterday we reported that insider builds of Microsoft’s Windows 11 were displaying ads for other Microsoft services inside File Explorer. Like most people, we felt this was not a good thing and the news went around the internet at a…
Read 873 times
Published in
Security Talk
Tuesday, 15 March 2022 13:20
Phishing Campaign Targeting Ukraine uses Fake AntiMalware Update
Written by Sean Kalinich
Ukrainian Security Officials are warning of an active phishing campaign. The campaign involves emails that impersonate government agencies and include links to what appear to be critical security updates. The payload of the campaign delivers Cobalt Strike and a few…
Read 601 times
Published in
Security Talk
Page 8 of 222