BRANDEFENSE BRANDEFENSE
  • Platform
    How It Works?
    Platform Overview
    Cyber Intelligence
    Brand & Reputation Protection
    Exposure Management
    By Use Case
    Preventing Data Leakage
    Phishing Monitoring
    Account Takeover Detection
    Stolen Credit Cards
    Dark Web Monitoring
    Remediation and Takedown
    Q1 | 2023
    Explore the Ransomware Attacks
  • Solutions
    Threat Intelligence Service
    Brand Protection
    Vulnerability Management
    Attack Surface Management
    Fraud Protection
    VIP Security
    Vulnerability Intelligence
  • Resources
    Blog
    Infographics
    Datasheets
    Security News
    Threat Intelligence Researches
    Digital Risk Protection – FAQ
    Cybersecurity Glossary
    Events
  • Partners
    About the Partner Program
    Become a Partner
    Partner Portal
  • Company
    About Us
    Join Us!
    We in the Press
    Privacy Policy
    Terms of Use
    Contact Us
Request a Demo
Login

BRANDEFENSE

  • Platform
    How It Works?
    Platform Overview
    Cyber Intelligence
    Brand & Reputation Protection
    Exposure Management
    By Use Case
    Preventing Data Leakage
    Phishing Monitoring
    Account Takeover Detection
    Stolen Credit Cards
    Dark Web Monitoring
    Remediation and Takedown
    Q1 | 2023
    Explore the Ransomware Attacks
  • Solutions
    Threat Intelligence Service
    Brand Protection
    Vulnerability Management
    Attack Surface Management
    Fraud Protection
    VIP Security
    Vulnerability Intelligence
  • Resources
    Blog
    Infographics
    Datasheets
    Security News
    Threat Intelligence Researches
    Digital Risk Protection – FAQ
    Cybersecurity Glossary
    Events
  • Partners
    About the Partner Program
    Become a Partner
    Partner Portal
  • Company
    About Us
    Join Us!
    We in the Press
    Privacy Policy
    Terms of Use
    Contact Us
Security News – Week 35

Security News – Week 35

BRANDEFENSE
Weekly Newsletter
31/08/2022

Last updated on December 12th, 2022 at 11:15 am

lastpass breach

Table of Contents

  • LastPass Suffers A Security Breach
  • Phishing Attacks Targeting Python Package Repository (PyPI) Users Detected
  • DirtyCred – A Critical Linux Kernel Security Vulnerability

LastPass Suffers A Security Breach

Password management application LastPass suffered a data breach that resulted in the capture of some of the application’s source code and technical information by threat actors. Used by over 33 million people and 100,000 businesses, LastPass is a popular password management app.

It has been detected that threat actors gain access to the application development environment by obtaining the account credentials of the LastPass developer. After gaining access to the application development environment, threat actors gained access to application source codes and some of the technical data.

In the statement made by LastPass officials, it was stated that LastPass users were not affected by the breach and that threat actors did not gain access to their user accounts and passwords. To prevent users from being affected by similar security breaches, it is recommended that the information used in the accounts be created by applying strong policies and that MFA/2FA security mechanisms are enabled on all possible platforms.

equation apt group
APT Groups
Equation APT Group
05/09/2022

Last updated on December 12th, 2022 at 10:35 am

Read more
pypi brandefense

Phishing Attacks Targeting Python Package Repository (PyPI) Users Detected

In PyPI, a software repository for the Python programming language, it has been detected that phishing attacks targeting project developers have been carried out by injecting malicious code into Python packages by threat actors. These phishing attacks aim to capture software developers’ identity information.

 

phishing attacks targeting python package repository (pypi) users detected

The attack vector begins when threat actors send phishing e-mails to developers expressing security-related urgency. Then, by clicking on the URL link in the e-mail text, the developers are directed to a phishing page created by imitating the user login page of the PyPI platform.

phishing attacks targeting python package repository (pypi) users detected
With the members’ login by providing their information, this login information is captured by the threat actors. Then, the threat actors log into the PyPI platform with the login information of the developers and inject malicious code into the Python packages included in it. It has been observed that malicious software created for users to download to their systems is larger in size due to its detection evasion features and a valid signature.
phishing attacks targeting python package repository (pypi) users detected

It has been announced that the affected accounts on the PyPI platform are temporarily frozen, and the affected “Exotel” and “Spam” packages have been removed. Attack campaigns that manipulate open source platforms and target software developers are increasing day by day.

In order not to be the target of similar attacks that may be carried out in this context, it is recommended to implement the security steps given below.

  • Developers at risk of being hacked should reset their passwords and 2FA recovery codes.
  • E-mails, attachments, or links from suspicious and unknown parties should not be opened.
  • Beware of unreliable content.
  • Comprehensive security solutions should be used.
  • Detected IoC findings related to the attack campaign should be blocked by the security solutions.
phishing attacks targeting python package repository (pypi) users detected
In addition, it is recommended to verify that the URL in the address bar is http://pypi.org and that the TLS certificate of the site is http://pypi.org to verify that you are not using your credentials on the phishing page.
weekly security newsletter 34

DirtyCred – A Critical Linux Kernel Security Vulnerability

A new Linux Kernel vulnerability called “DirtyCred” was disclosed at the Black Hat security conference on August 10, 2022. The vulnerability, which is similar to the notorious DirtyPipe vulnerability and is tracked as CVE-2022-0847, was discovered by Ph.D. detected by student Zhenpeng Lin and his team.

DirtyCred is a kernel exploit that replaces non-privileged kernel credentials with privileged ones to escalate privileges on vulnerable systems. Instead of overwriting any critical data area in the kernel stack, DirtyCred abuses the stack memory reuse mechanism to gain privileges. It can overwrite all files with reading permission that affects kernel version 5.8 or higher. The vulnerability allows a local threat actor to crash the system or execute arbitrary code on the vulnerable system.

Github Link is here.

a critical linux kernel security vulnerability has been detected
Security researchers have posted a demo on their social media accounts showing how the DirtyCred vulnerability can be used to elevate the privileges of a low-privileged user on two different systems, such as Centos 8 and Ubuntu, using the same Exploit code with the DirtyPipe vulnerability.

This Thursday @BlackHatEvents , I will be presenting our research on a kernel exploitation method named #DirtyCred. With DirtyCred, you could write an #DirtyPipe liked exploit that works on different kernels and ARCHs without code changes. Check it out https://t.co/Qip23PSHl7 pic.twitter.com/jdopannoBO

— Zhenpeng Lin (@Markak_) August 7, 2022

There are currently no mitigations or updates to the DirtyCred exploit. Security researchers recommend separating privileged credentials from non-privileged ones using virtual memory to prevent potential Cross-Cache attacks using the vulnerability.
what is vulnerability intelligence ?
DRPS
What is Vulnerability Intelligence ?
01/04/2022

Last updated on August 9th, 2022 at 09:16 pm

Read more
Share on Facebook Share on X
Search
Categories
APT GroupsBlogDark WebDRPSFraudRansomwareSector AnalysisSecurity NewsVIP SecurityWe in the PressWeekly Newsletter
Recent Posts
  • What is Supply Chain Security?
    What is Supply Chain Security?
  • Godfather Android Banking Trojan Technical Analysis
    Godfather Android Banking Trojan Technical Analysis
  • Celebrating a Milestone: Brandefense Earns a Spot on Fast Company Turkey’s Top 100 Start-Up List
    Celebrating a Milestone: Brandefense Earns a Spot on Fast Company Turkey’s Top 100 Start-Up List
  • Perspective of the Month | Anonymous Sudan | June – July 2023
    Perspective of the Month | Anonymous Sudan | June – July 2023
Ransomware Trends Report | Q2 2023
Ransomware Attack Trends in the Second Quarter of 2023
Report

Ransomware Attack Trends in the Second Quarter of 2023

Download Report
Follow us!

Continue Reading

Previous post

LastPass Suffers A Security Breach

lastpass data breach
apt groups during russia ukraine cyber war
Next post

APT Groups Actively Involved During the Russia-Ukraine Cyber War

We know what hackers know about you

Our cyber threat intelligence and security research team is ready to help you.
image link

Brandefense is solving SOC’s complex challenges. We are here to help Brandefense customers to protect their brands and reputations against cyber threats.

United States:

300 Delaware Ave. Ste 210 #328 Wilmington, DE 19801 / USA

Republic of Turkey:

Üniversiteler, 1605 Cd. Cyberpark Vakıf Binası Kat: -1 No: B25, 06800 Çankaya/Ankara

© 2022 Brandefense. All rights reserved.

Solutions
Threat IntelligenceBrand ProtectionVulnerability ManagementFraud ProtectionVIP SecurityAttack Surface ManagementVulnerability Intelligence
Use Case
Data LeakagePhishing MonitoringAccount Takeover DetectionStolen Credit CardsDark Web MonitoringRemediation / Takedown
Partners
About the Partner ProgramBecome a Partner
Company
AboutCareerPrivacy PolicyTerms Of UseContact
Close
Search

Hit enter to search or ESC to close

cookie By using this website, you agree to our cookie policy. Close