Lastpass, the password manager application, had reported that it found a security breach back in August. The perpetrator had supposedly stayed in the network for only 4 days and had access only to the development environment and not to the customer data or the password vaults. The threat actor had gained access to the development environment through one of the developer's endpoint by impersonating as...
Read More
Summer of Sanity Passphrases Episode 2 The biggest downside of passwords is that it is a shared secret - shared between the user and the validator. Unfortunately, passphrases also share the same disadvantage, though they fare way better in so many other ways. Systems designed to use passwords or passphrases can be made to not store the passwords in readable form or even make it inaccessible to users...
Read More
Mr. Pieter Zatko's, former Head of Security at Twitter, hearing with the Senate Judiciary Committee has worsened Twitter's chance of making a strong case in its favor against the ongoing battle with Mr.Musk. Furthering to the allegations of lax security practices at Twitter, Mr. Zatko went on to highlight that the company had a Chinese agent working for the Ministry of State Security on its...
Read More
Attack Methodology Phishing Email You receive a phishing email with a malicious file Stage 1 Microsoft Office File The attachment is a Microsoft Office file with a malicious macro. Upon opening the file and allowing the macro to run, the next step is triggered Stage 2 James Webb Image File The macro downloads the image file that contains the encoded code that gets converted to binary and...
Read More