Displaying items by tag: Breach

Just when you might have thought things were calming down with Lapsus$, they bounce back from a “vacation” and dump what they are claiming is 70GB of data from IT group Globant. The leak comes after police in London announced the arrest and release of seven individuals with possible ties to the group, including the possible leader of the organization.

Lat week we reported on the quick change in Okta’s stance on a January security incident that turned out to be much larger and have the volatile hacking group Lapsus$ behind it. The original disclosure was that a single third-party contractor account had an unsuccessful attempt to compromise Okta’s systems. Okta states that they turned over information around the incident to Sitel, the third-party that provides customer support. Once this was done, Okta basically washed their hands of it and sat back waiting to hear what Sitel found.

On the 22nd of March Okta finally confirmed that they were breached in January for a period of 5 days. The breach, according to information now disclosed, happened due to the compromise of an account of a support engineer. The compromised user was not an Okta employee but belonged to a third party engineer working for Sitel. This event was downplayed by Okta as they claimed only the account was impacted and no clients were known to be exposed at the time.

Earlier today we covered the leak of Microsoft source code by the Lapsus$ group. The group leaked a portion of the data they claim to have stolen in the form of a 37GB dump. This dump has added to the source code they have stolen and released from companies like NVIDIA and Samsung. Lapsus$ has a pattern of compromising an organization, stealing data and then demanding money to not release the information, only to release the information anyway.

The Lapsus$ group has been in the news recently for theft of source code form some high-profile targets. These targets have included companies like NVIDIA, Samsung, Vodafone, and Ubisoft. The NVIDIA event was noteworthy as it included a claim that NVIDIA hacked the attackers back in order to encrypt the data that have been taken out of their environment.

Earlier today we reported that the same group that hit NVIDIA and stole source code along with employee logins also hit Samsung and stole around 190GB of source code data related to how galaxy mobile devices operate. The data, according to the Lapsus$ group, covers the bootloader for the trust zone and trusted apps, how galaxy devices encrypt data and other code operating fundamentals.

The Lapsus$ group, the same ones that broke into NVIDIA and Stole corporate data and had their attack VM encrypted, appear to have also broken into Samsung. Lapsus$ has leaked what they claim to be source code for several sensitive applications include apps that run in the Trust Zone on Samsung Mobile Devices.

In one of the “odder” breaches that we have covered, NVIDIA has confirmed it was the victim of a breach that resulted in the loss of data. Information about the breach first crossed our paths about a week ago, but much of the information was speculation and some of the claims seemed very unusual. One of the most unusual was a claim by the alleged hacking group LAPSUS$ that NVIDIA had actually hacked them back.

APT group 41 also known as Winnti has been tied to a wonderful new piece of malware that does not infect your operating system, but the UEFI firmware on your device. The malware in question has been dubbed MoonBounce by the security researchers at Kaspersky who are responsible for finding it. APT41 has been in operation for a while and is identified by their tactics techniques and protocols (TTPs) which include stealthy attacks meant to maintain a long-term presence for information gathering on the target.

It seems that is the time once again to talk about the relationship between software vendors and the security posture of different business verticals. Why are we beating this particular dead horse? Well with the Covid-19 Pandemic, the rush to shift to remote work force and an increase in attacker activity aimed at the remote workforce and healthcare you would think that there would be an increase level of effort to fix vulnerabilities in remote access and healthcare services software. If you thought that, you would be wrong. Instead during this time, we are seeing more software vendors pushing FDA as law and healthcare organizations even refusing opportunities to patch critical software. This on top of an extremely slow response to threat to the remote workplace.