The past couple of weeks have been busy ones for the world of cybersecurity. Multiple companies have disclosed serious hacks that have led to breaches of customer data and overall system availability. In this week’s security advisory, nGuard will detail some of these incidents and their impact on the cybersecurity landscape.
The Lapsus$ crime gang is back at it again with an attack on the networking giant, Cisco. About a month ago, Cisco had disclosed that its systems were breached. A social engineering attack led adversaries on a pathway to overtaking an employee’s Google account. Saved credentials were then obtained from the browser and voice communications were utilized to trick the unsuspecting employee into accepting a multi-factor authentication push notification. Cisco believes the end goal of the attacker was to deploy ransomware on the network after gaining access to multiple systems. Cisco is reporting that attempts to deploy ransomware were unsuccessful.
Lastpass reported a breach back in August and are now releasing some more details about the compromise. They are now reporting that an attacker had internal access to the company systems for four days before they were detected. Lastpass worked with a cybersecurity firm to investigate the incident and found that no customer data or password vaults were accessed during this time. LastPass maintains that your master password, and the keys used to encrypt and decrypt data, are never sent to LastPass’ servers, and are never accessible by LastPass. The attacker was however able to access a developer endpoint and poke around the development environments.
Microsoft is patching another zero-day vulnerability affecting all supported versions of Windows. This zero-day is reported as being used in real-world attacks. CVE-2022-37969 is a privilege elevation flaw in the Windows Common Log File System Driver. This is utilized for data and event logging. Once a system is compromised, this vulnerability can be used to escalate user privileges to the highest level, SYSTEM. 4 different security firms reported this vulnerability to Microsoft which makes them believe this could be widely used in real-world scenarios. They recommend patching immediately.
nGuard closely monitors trends in the world of cybersecurity and applies those trends to assessment activities and managed security services. Having penetration testing conducted periodically against network assets, web applications, and other critical infrastructure can prevent data breaches before they happen. Putting your employees through social engineering campaigns to test their security readiness can boost awareness. Having a security first mindset is essential in protecting the valuable data of organizations.