Search Results for: LAPSUS

Microsoft has confirmed reports that it was hacked by the Lapsus$ extortion group, also known as DEV-0537. While admitting that the hackers managed to steal source code, the company is simultaneously trying to downplay the incident.

Lapsus$ shared a 37GB archive online containing partial source code for Cortana and Bing, but Microsoft insists that no customer data was compromised. The company says that "our investigation has found a single account had been compromised, granting limited access."

Continue reading →

Microsoft is conducting an investigation after data extortion group Lapsus$ claimed to have hacked the company and stolen data.

In a leaked screenshot, the hackers brag about gaining access to an Azure DevOps repository which is home to source code for all manner of Microsoft projects including Bing and Cortana. Having already hacked the likes of Samsung, NVIDIA and Vodafone, the claims made by Lapsus$ are entirely feasible, but for now Microsoft is saying nothing about what -- if anything -- has been stolen.

Continue reading →

Samsung appears to have fallen victim to a serious security breach if the leaks from data extortion group Lapsus$ are anything to go by.

Amounting to a colossal 190GB of data, the group says it has in its possession Samsung source code and other confidential company data. It is just days since the Lapsus$ claimed responsibility for a hack that resulted in data being stolen and leaked from data stolen from GPU chipmaker NVIDIA.

Continue reading →

Without intending to be trite, there is a very important role that experience plays in the mitigation of risk. Experience comes into play when you are tasked with prioritizing risks. If you have zero experience in cybersecurity risk management, two critical vulnerabilities have equal weight and importance. But not all critical vulnerabilities can or will be weaponized and exploited. And not all critical vulnerabilities will result in a breach or security incident. This is the difference between a priori (independent from any experience) vs a posteriori (dependent on empirical evidence) vulnerability management.

To be effective at mitigating risk, we need to find ways to make intelligent use of experience in running infosec programs. We need to use not just our own experience, but also the experience of others. This is a form of collective resilience that is crucial to defending against nation states, organized crime and, like it or not, bored teenagers attacking and breaching companies just for the lulz like LAPSUS$. This piece aims to help identify some ways in which we can better prioritize our efforts.

Continue reading →

Cyber threats can come in many forms, over email, messaging platforms or social media. But what they all have in common is that they seek to exploit human weaknesses.

We spoke to Chris Lehman, CEO of SafeGuard Cyber, to discover how contextual analysis of business conversations can help determine if a conversation is benign or if something suspicious is taking place, allowing action to be taken.

Continue reading →

The cybersecurity world never stands still, with threats and the technology to combat them constantly evolving.

That makes predicting what might happen difficult, but we can still extrapolate current trends to get an indication of where things might be headed. Here are some expert predictions for cybersecurity in 2023.

Continue reading →

Business Email Compromise (BEC) attacks are no longer limited to traditional email accounts. Attackers are finding new ways to conduct their schemes -- and organizations need to be prepared to defend themselves.

Attackers are leveraging a new scheme called Business Communication Compromise to take advantage of large global corporations, government agencies and individuals. They are leveraging collaboration tools beyond email that include: chat and mobile messaging -- including popular cloud-based applications such as Slack, WhatsApp, LinkedIn, Facebook, Twitter and many more -- to carry out attacks.

Continue reading →

Data breaches, cyberattacks and security concerns are growing exponentially in the digital climate, as new development practices, extra languages, and structural frameworks appear -- compounded by geopolitical tensions giving rise to state sponsored attacks. In 2022 to date, 39 percent of UK businesses have already experienced the disruption and costly consequences of cyberattacks. Some of the largest enterprises, such as Microsoft, T-Mobile, and Vodafone, have experienced attacks by highly organized groups, such as Lapsus$.

With the scale, type of attacks and target industries constantly evolving, the healthcare sector has joined financial services and the public sector in becoming a lucrative target. Healthcare data breaches reached an all-time high in 2021, impacting 45 million people -- personal health information (PHI) became worth more than credit card information on the dark web. Attack approaches are constantly evolving, with hackers searching for any weak links in growing infrastructure.

Continue reading →

Digital identity is the new currency, and adversaries are chasing wealth. Research shows that 61 percent of data breaches are the result of compromised credentials. This is a common fraudster tactic, whereby using legitimate credentials allows them to avoid detection as they gather intelligence and stolen data that will allow them to undertake further fraudulent transactions.

Fundamental to the defense of systems is access control, but it has its limits. Attackers are continuously trying to circumnavigate these systems to access accounts, with login and payment flows frequently targeted. This is why many organizations have invested in anti-fraud technologies to detect and mitigate against such attacks.

Continue reading →

Code signing certificates are an essential part of our software world. Every software update is signed with a unique machine identity, combining a time stamp with an encryption algorithm in the form of a x.509 certificate issued by a trusted certificate authority. This allows other machines to know they are authentic and can be trusted.

Developers sign their code with a private key, and an end-user uses the public key from that developer to validate that the code hasn’t changed since the developer signed it. If someone has altered the code, the signature will provide an untrusted alert, in the same way a website with an untrusted or expired certificate does with transport layer security (TLS) machine identities. Without this system of identity, it would be impossible to deliver software. Without this you couldn’t use Windows, Mac, or iPhone let alone fly on a modern Airbus or Boeing aircraft. And it’s quickly becoming the same way in the cloud-native world of Kubernetes.

Continue reading →

More and more organizations are enrolling users in Multi-Factor Authentication (henceforth referred to as MFA) wherein a secondary form of authentication takes place following a user inputting their credentials into a service to ensure a user is who they say they are. It’s an added layer of security and authentication that can help prevent compromise. But this isn’t bulletproof.

Recently a few blog posts and papers have begun to come out detailing a bypass technique known as "MFA bombing", "MFA Fatigue", "Push Notification Spamming", and many other terms, detailing high-profile threat actors such as LAPSUS$ who have abused the technique to gain access to otherwise protected areas. The technique was one we at Lares (and other red teams!) have used with overwhelming success in the past. We know it as Push Fatigue.

Continue reading →

In early March 2022, authentication security company Okta reported that there had been an attempt to compromise the account of a third-party customer support engineer from Sitel in January. The organization released a statement claiming that the matter had been investigated and contained.

Okta CSO David Bradbury later admitted that up to 366 customers may have been breached, apologizing for not notifying customers earlier. In the weeks since the attack, Okta has released a conflicting statement arguing that the attack affected just two customers, although this is perhaps naïve and hard to prove. Okta has said it recognizes the broad toll this kind of compromise can have on customers, but there is little to suggest that the attackers aren’t already lying dormant inside the networks of further customers.

Continue reading →

Microsoft has released a new optional update for Windows 11 in the form of the KB5011563 preview. The update takes Windows 11 up to build 22000.593, and as well as fixing numerous problems with the operating system, it also introduces an important change to the way notifications work.

The KB5011563 update has previously been released to Windows Insiders, but now the preview version is available for anyone who wants it to install ahead of its full release this coming Patch Tuesday. Among the fixes included in this update are a patch for an issue that causes OneDrive to lose focus, and a speed boost for slow start times.

Continue reading →

Google has released an emergency patch for the Windows, macOS and Linux versions of Chrome after the discovery of a zero-day vulnerability that the company says is being actively exploited.

The security fix comes as Microsoft releases a patch of its own for the same vulnerability (CVE-2022-1096) in Edge, its Chromium-based browser. While neither company has given much detail about the problem, Google describes it as being of high severity.

Continue reading →

The idea of clickbait is nothing new. Sensational headlines have been used since the early days of the press to draw in users, and it is something that has continued into the internet age. But there is also a related problem that blights social media platforms such as Facebook: watchbait.

The idea is much the same as a clickbait headline; videos are given misleading, overblown headlines and descriptions that often omit key details in a bid to get people to watch to the end. Now Meta has announced that it is taking action, including using an automatic detection system that will reduce the distribution reach of offending videos.

Continue reading →