<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 3/29/2022

SHARE

Breaches

Okta Says It Goofed in Handling the Lapsus$ Attack

On Friday, Okta - the authentication firm-cum-Lapsus$-victim - admitted that it "made a mistake" in handling the recently revealed Lapsus$ attack. The mistake: trusting that a service provider had told Okta everything it needed to know about an "unsuccessful" account takeover (ATO) at one of its service providers and that the attackers wouldn't reach their tentacles back to drag in Okta or its customers. READ MORE...

Hacking

Checkmarx Finds Threat Actor 'Fully Automating' NPM Supply Chain Attacks

Threat hunters at Checkmarx on Monday raised an alarm after discovering a threat actor fully automating the creation and delivery of "hundreds of malicious packages" into the NPM ecosystem. The Checkmarx warning comes on the heels of Snyk's discovery of "deliberate sabotage" of NPM package managers and raises new concerns about the software supply chain threat landscape. READ MORE...

Malware

Verblecon malware loader used in stealthy crypto mining attacks

Security researchers are warning of a relatively new malware loader, that they track as Verblecon, which is sufficiently complex and powerful for rannsomware and erespionage attacks, although it is currently used for low-reward attacks. Despite being around for more than a year, Verblecon samples enjoy a low detection rate due to the polymorphic nature of the code. READ MORE...


Triton Malware Still Targeting Energy Firms

The global energy sector needs to stay alert for Triton malware, the Federal Bureau of Investigation said in a recent warning. Triton (also known as Trisis and HatMan) is designed to "cause physical safety systems to cease operating or to operate in an unsafe manner," the FBI says in its Private Industry Notification (PIN 20220324-001). The malware was used in a cyberattack in 2017 against a Middle East petrochemical facility. READ MORE...

Exploits/Vulnerabilities

Lapsus$ and SolarWinds hackers both use the same old trick to bypass MFA

Multifactor authentication (MFA) is a core defense that is among the most effective at preventing account takeovers. In addition to requiring that users provide a username and password, MFA ensures they must also use an additional factor-be it a fingerprint, physical security key, or one-time password-before they can access an account. Nothing in this article should be construed as saying MFA isn't anything other than essential. READ MORE...


CISA warns orgs to patch actively exploited Chrome, Redis bugs

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal civilian agencies to patch a Google Chome zero-day and a critical Redis vulnerability within the next three weeks, both actively exploited in the wild. According to a Google advisory published on Friday, the Chrome zero-day security flaw (tracked as CVE-2022-1096) is a high severity type confusion weakness in the Chrome V8 JavaScript engine that could allow threat actors to execute arbitrary code on targeted devices. READ MORE...

On This Date

  • ...in 1886, pharmacist John Pemberton brews the first batch of Coca-Cola in an Atlanta, GA backyard.
  • ...in 1943, comedian/musician Eric Idle, best known for his work with the Monty Python comedy troupe, is born in Durham, England.
  • ...in 1973, the last U.S. military forces withdraw from South Vietnam.
  • ...in 1974, the Mariner 10 space probe becomes the first man-made vessel to fly past the planet Mercury.