Lastpass, the password manager application, had reported that it found a security breach back in August. The perpetrator had supposedly stayed in the network for only 4 days and had access only to the development environment and not to the customer data or the password vaults. The threat actor had gained access to the development environment through one of the developer's endpoint by impersonating as...
Read More
Mr. Pieter Zatko's, former Head of Security at Twitter, hearing with the Senate Judiciary Committee has worsened Twitter's chance of making a strong case in its favor against the ongoing battle with Mr.Musk. Furthering to the allegations of lax security practices at Twitter, Mr. Zatko went on to highlight that the company had a Chinese agent working for the Ministry of State Security on its...
Read More
Attack Methodology Phishing Email You receive a phishing email with a malicious file Stage 1 Microsoft Office File The attachment is a Microsoft Office file with a malicious macro. Upon opening the file and allowing the macro to run, the next step is triggered Stage 2 James Webb Image File The macro downloads the image file that contains the encoded code that gets converted to binary and...
Read More
Mr. Peter Zatko, ex-Security Head of Twitter, has filed a complaint with the Securities and Excange Commission with help from www.whistlebloweraid.org alleging that Twitter has been lax with its security and privacy processess. He has specifically highlighted the issue of Twitter misrepresenting the number of monetizable users that indicates the number of bots and amount of spam thats prevelant on the network. Mr. Zatko is a...
Read More