#AxisOfEasy 227: LastPass VP Claims No Passwords Were Compromised In The Recent Breach Scare


Weekly Axis Of Easy #227


Last Week’s Quote was:  “It doesn’t matter where you are coming from. All that matters is where you are going..” by Brian Tracy.  We had no winner..

This Week’s Quote:  “True wisdom comes to each of us when we realize how little we understand about life, ourselves, and the world around us.” by ????

THE RULES: No searching up the answer, must be posted to the blog – the place to post the answer is at the bottom of the post, in the comments section.

The Prize: First person to post the correct answer gets their next domain or hosting renewal on us.


 

In this issue:

  • LastPass VP claims no passwords were compromised in the recent breach scare
  • Apache’s newly released Log4j version 2.17.1 fixes another code execution bug
  • Trading platform ONUS refuses to pay a $5 million ransom after being hit by the Log4j hack
  • Cyber-attacks are believed to be Russia’s first move against Ukraine
  • Why would Microservices pose a risk for e-commerce in 2022?

Elsewhere online:

  • The spyware crisis extends beyond Israel’s NSO Group.
  • A new breach at T-Mobile exposed customer information.
  • False-positive alerts triggered by Microsoft Defender Log4j scanning.
  • What Elon Musk thinks about Bitcoin Creator’s unknown identity
  • Zelensky signs Ukraine’s Information Security Strategy.

LastPass VP claims no passwords were compromised in the recent breach scare

In a recent statement, LastPass VP said that there is no indication that users’ accounts have been compromised due to the current security scare some users suffered late Tuesday.

As reported by AppleInsider, some LastPass users said that they had received a notification about blocked access to their account. The company has now confirmed that this suspicious activity was related to an attempt at credential stuffing. According to LastPass’ Vice President of Product Management, Dan DeMichele, the security alerts sent to users were probably triggered by mistake and that they were conducting an investigation to determine what caused the automated security alert emails to be sent.

This is not LastPass’ first security scare. Its most renowned security breach was in 2015, but others followed in 2016, 2017, and 2019. Regarding Tuesday events, LastPass stated that it would continue to monitor the service, and it will take any required actions to ensure user security data.

Read: https://www.cnet.com/tech/services-and-software/lastpass-says-no-passwords-compromised-in-latest-security-scare/


Apache’s newly released Log4j version 2.17.1 fixes another code execution bug

This week, Apache has released a new Log4j update (v.2.17.1) to address a remote code execution vulnerability in v2.17.0. This new version is the third major-update Apache has released since the mayhem caused by the original Log4Shell vulnerability.

Researchers found the CVE-2021-44832 from CheckMarx, who then disclosed it to Apache. According to the vendor, this remote code execution vulnerability allows “an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code.” The software foundation announced that –except for v2.3.2 and v2.12.4– Apache Log4j2 versions 2.0-beta7 through 2.17.0 were vulnerable to this bug.

Apache fixed the bug by “limiting JNDI data source names to the java protocol” and urged users to update to Log4j 2.17.1, 2.12.4, and 2.3.2.

Read: https://latesthackingnews.com/2021/12/30/apache-releases-log4j-2-17-1-fixing-another-code-execution-flaw/


Trading platform ONUS refuses to pay a $5 million ransom after being hit by the Log4j hack

A recent cyberattack has impacted ONUS, one of the largest Vietnamese crypto trading platforms. The threat actors targeted the platform’s payment system running a vulnerable Log4j version.

Extortion soon followed, as the hackers reportedly approached ONUS to blackmail the firm to pay a $5 million ransom in exchange for not publishing customer data they had acquired during the attack’s time frame between December 11th and December 13th. According to ONUS, the hackers managed to access the company’s storage locations where personal data was stored.

ONUS reportedly refused to pay the ransom and let their customers know about the attack in a private Facebook group where its CEO, Chien Trend, said, “the ONUS team has actively worked with security experts to find holes. and repair, as well as to implement measures to enhance security for the overall system.”

As a result of the refusal, the customer data ended up for sale on a data breach marketplace. The hackers claimed that they owned 395 ONUS database tables containing customers’ personal information and passwords.

Read: https://www.bleepingcomputer.com/news/security/fintech-firm-hit-by-log4j-hack-refuses-to-pay-5-million-ransom/


Cyber-attacks are believed to be Russia’s first move against Ukraine.

According to American and British intelligence, as tensions grow between Russia and Ukraine, war advisors have been dispatched to Ukrainian territory to help the government prepare for potential cyber-attacks. There may not be an invasion but rather a move to open the door to a physical attack.

According to American officials, Russia’s efforts to launch a cyber-attack against Ukraine’s electrical grid have increased since the beginning of December. It wouldn’t be the first time the ex-soviet nation has tried to launch an attack of this kind. In 2015 and 2016, Russian hackers managed to turn off the lights in several parts of Ukraine.

The future is uncertain, and US officials remain unsure of Russia’s war movements against Ukraine. Putin’s strategy may be limited to cyber-attacks rather than an open physical invasion. American intelligence agencies believe that the forthcoming cyber attack would happen in early January if that’s the case.

As the current conflict grows, the chances of a permanent ceasefire are limited. Russia’s goal is to stop Ukraine from joining NATO and install a Russian-friendly government that Moscow can directly control. On the other hand, Ukraine allies want Russia to withdraw from Crimea and Putin’s government to stop the cyber attacks against its neighboring country. Efforts have been made between the US government and Russia, but they haven’t borne fruit yet.

Read: https://www.cpomagazine.com/cyber-security/cyber-attacks-an-expected-element-of-military-strategy-as-russia-deploys-on-the-ukraine-border/


Why would Microservices pose a risk for e-commerce in 2022?

In recent years, cloud software and services have become popular within the business community. As they are easy to deploy and provide businesses with greater flexibility and a quick ability to upgrade application components, microservices have become the to-go method for developing cloud-based applications. Nonetheless, despite all their benefits, microservices’ security has been proven to be a challenge. After all, taking a single application and breaking it into smaller components will increase the risk of attacks and exposure. Each element needs to expose its information to the cloud.

By 2022, businesses and developers need to take this risk of exposure seriously. Some steps we can take to prevent security breaks would be:

  • Reduce or limit permissions and access privileges for users and resources.
  • Ensure to protect data both in transit and at rest by using HTTPS and encryption. 
  • Use API Gateway to reduce the risk of direct access. 
  • Use Defense-in-depth as a strategy to protect your network and data. 

In a time where microservices have grown in popularity, it is vital to remember to design and deploy them in a way that reduces the risk of cyberattacks and data exposure. 

Read: https://www.securityweek.com/what-expect-2022-microservices-will-bring-macro-threats


Elsewhere online:

The spyware crisis extends beyond Israel’s NSO Group.
https://www.washingtonpost.com/opinions/2021/12/27/spyware-crisis-is-much-bigger-than-nso-group/

A new breach at T-Mobile exposed customer information.
https://www.theverge.com/2021/12/28/22857619/t-mobile-cyberattack-data-breach-december-2021-cpni-sim-swap?&web_view=true

False-positive alerts triggered by Microsoft Defender Log4j scanning.
https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-log4j-scanner-triggers-false-positive-alerts/?&web_view=true

What Elon Musk thinks about Bitcoin Creator’s unknown identity.
https://www.businesstoday.in/technology/story/crypto-expert-nick-szabo-could-be-mysterious-satoshi-nakamoto-and-bitcoin-creator-says-elon-musk-317304-2021-12-30?utm_source=rssfeed

Zelensky signs Ukraine’s Information Security Strategy.
https://www.ukrinform.net/rubric-polytics/3376991-president-enacts-ukraines-information-security-strategy.html?&web_view=true

 
 

Leave a Reply

Your email address will not be published. Required fields are marked *