Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label 1Password Manager. Show all posts

1Password's Swift Response to Okta Data Breach

Prominent password manager provider 1Password has shown excellent reaction and transparency following the recent Okta data leak issue. The breach forced 1Password to take measures to protect its users' security after it affected multiple organizations and possibly exposed sensitive user data.

1Password, a widely trusted password manager, has detected suspicious activity related to the Okta breach. The company acted promptly to mitigate any potential risks to its users. This incident highlights the critical role password managers play in safeguarding personal information in an increasingly interconnected digital landscape.

The Okta data breach in late October exposed a substantial amount of sensitive information, including usernames, passwords, and other authentication credentials. This incident raised alarms across the cybersecurity community, as Okta serves as an identity and access management provider for numerous organizations.

1Password's swift response sets an example for other online services in handling such incidents. The company has confirmed that all logins are secure and has implemented additional security measures to fortify its users' accounts. This includes enhanced monitoring for any suspicious activity and immediate alerts for any potential compromise.

1Password has a history of prioritizing user security, and this recent incident demonstrates their commitment to upholding the trust placed in them by millions of users worldwide. It serves as a reminder of the importance of using reputable password managers to fortify one's online security.

In light of this breach, it is recommended that users take proactive steps to further secure their accounts. This may include enabling multi-factor authentication, regularly updating passwords, and monitoring accounts for any unusual activity.

1Password's commitment to user security is demonstrated by its prompt and resolute reaction to the Okta data incident. It is impossible to overestimate the significance of strong password management given how quickly the digital world is changing. To protect their online identities, users are urged to exercise caution and take preventative action.

Zacks Data Breach Exposes 8 Million Users' Personal Information

 

A new data breach has been reported by Have I Been Pwned, revealing that Zacks, a prominent financial research and analysis firm, has suffered a massive security incident that has impacted approximately 8 million users. The breach highlights the ongoing threat to personal data and the need for enhanced cybersecurity measures.

The breach, which was first detected and reported by Have I Been Pwned, has exposed a wide range of personal information belonging to Zacks users. This includes names, email addresses, usernames, hashed passwords, and potentially other sensitive data. The severity of the breach underscores the potential risks faced by users whose personal information has been compromised.

Zacks, a well-known provider of financial data and research, has acknowledged the incident and is taking immediate steps to address the breach. They are working closely with cybersecurity experts to investigate the extent of the attack and determine how the breach occurred. Additionally, Zacks is notifying affected users about the breach and advising them to reset their passwords and remain vigilant for any suspicious activity.

This breach serves as a reminder of the importance of maintaining strong security practices, both for individuals and organizations. Users who have accounts with Zacks or any other online service should consider the following steps to protect their personal information:

  1. Change passwords: Resetting passwords is crucial to ensure that compromised credentials are no longer valid. Use unique and strong passwords for each online account and consider utilizing a password manager to securely store and manage passwords.
  2. Enable two-factor authentication (2FA): Implementing 2FA adds an extra layer of security by requiring an additional verification step, such as a unique code sent to a mobile device, in addition to the password.
  3. Regularly monitor accounts: Stay vigilant by monitoring financial accounts, email inboxes, and other online services for any suspicious activity. Report any unauthorized transactions or signs of identity theft immediately.
  4. Be cautious of phishing attempts: Cybercriminals may exploit data breaches to launch phishing attacks. Be cautious of unsolicited emails or messages asking for personal information and avoid clicking on suspicious links.

In response to this breach, Zacks should enhance its security measures to prevent similar incidents in the future. This includes implementing robust data encryption, conducting regular security audits, and providing comprehensive cybersecurity training to employees.

Ultimately, the Zacks data breach serves as a stark reminder of the persistent threats to personal data. Individuals and organizations must prioritize cybersecurity measures to protect sensitive information and stay one step ahead of malicious actors. By adopting strong security practices, users can mitigate the risks associated with data breaches and help safeguard their digital identities.

Upgrading Online Security with Password Managers

Online security has become a major concern for individuals and businesses alike, as cyber-attacks become more sophisticated and prevalent. Passwords play a critical role in protecting online security, but the traditional method of using passwords has become inadequate due to the increasing number of online accounts people use, making it challenging to remember multiple passwords.

According to TechRadar, the use of password managers has emerged as a solution to this problem. These tools generate complex and unique passwords for each account, securely store passwords, and autofill passwords, making them convenient to use. The article suggests that password managers have become essential for enhancing online security. 

Password managers not only provide a higher level of security but also make managing passwords easier. "With the ever-increasing number of accounts people hold, there is a higher risk of password reuse, which makes users more vulnerable to cyber-attacks. A password manager can help overcome this issue," says tech writer Ashwin Bhandari. 

Android Police highlights the advantages of using password managers, including the ability to generate secure passwords and store them securely. The tool also helps users avoid the risk of weak passwords or using the same password for multiple accounts, which could make them vulnerable to cyber-attacks. 

CyberNews has compiled a list of the best password managers available, including LastPass, Dashlane, and 1Password. These password managers use strong encryption methods to protect user passwords and employ multi-factor authentication to provide an additional layer of security.

"Multi-factor authentication is the best way to protect your account from unauthorized access. While a password manager can generate and store passwords, enabling multi-factor authentication can prevent hackers from gaining access to your account even if they have your password," says cybersecurity expert John Smith.

Password managers have become a crucial tool for maintaining online security, to sum up. Users can prevent the risk of using weak passwords or the same password for many accounts by utilizing them since they make it convenient to generate and save complex passwords securely. Password managers can help people and businesses increase their internet security and defend against cyberattacks.

Bitwarden Users Attacked via Malicious Google Ads

Utilizing Google to look up the vendor's official Web vault login page, several customers of Bitwarden's password management service last week reported seeing paid advertising to phishing sites that steal credentials.

Google ads targeting Bitwarden users

Several password managers are cloud-based, enabling users to access their passwords via websites and mobile apps unless they utilize a local password manager like KeePass. The industry has criticized KeePass for being less user-friendly than cloud-based alternatives, but technical users rely on its security because it encrypts all passwords and the entire database and is saved locally on a computer rather than in the cloud.

According to a revelation from last week, Google ads phishing efforts that sought to acquire user password vault credentials specifically targeted Bitwarden and 1Password. Malicious advertising that targets users of Bitwarden and 1Password indicates that threat actors have added a new method for breaking into password managers and compromising the accounts connected to those passwords.

When clients browsed for terms like 'bitwarden password manager' or '1Password's Web vault,' for example, the malicious advertising which customers of Bitwarden and 1Password reported seeing last week was near the top of Google's search engine results. Additionally, the landing pages are of a high caliber. One Bitwarden user discovered a phishing website that so convincingly resembled the vendor's official Site that it was difficult to distinguish the two.

Recent hacks show that a master password is a password vault's weak link. As a result that when they gain access to your login information and maybe authentication cookies, threat actors have been seen developing phishing pages that target one's password vault.

Safeguarding password storage 

It is crucial to protect password vaults since they store the most sensitive internet data. Verifying that you are entering your credentials on the right website is always the first step to take when it comes to safeguarding your password storage against phishing threats.

Attackers have been employing the vector to spread a variety of viruses or links to malicious or phishing websites in order to steal login information and other personal data. They started employing these advertisements to imitate well-known and well-liked firms more recently. 

Hardware security keys, authentication apps, and SMS verification are the three finest MFA verification techniques to utilize when securing your account, going from best to worst. The login form for a legitimate service, such as Microsoft 365, will be displayed to visitors to the phishing page using this technique. Their credentials and MFA verification codes are entered, and this information is also sent to the website. The threat actors can access your account without having to check MFA again thanks to these tokens, which have already undergone MFA verification.



To Support Passkeys, 1Password has Joined Passage

Passkey functionality, which enables users to securely log in to apps and websites without a password, will be made accessible to 1Password's customers by early 2023, the company announced.

Passkeys, which employ the WebAuthn standard developed by the FIDO Alliance and the World Wide Web Consortium, replace passwords with cryptographic key pairs that enable users to sign into accounts. These key pairs consist of a public key that can be shared and a private key that cannot be shared.

For users of Android devices, installing passwords on an Android phone or tablet is also simple. Passwords are simple to set up on an iPhone or iPad. In addition to extensions for various browsers, there still are versions for Linux, Windows 11, and macOS Ventura. The issue is that these platforms are beginning to ignore the password for the passkey.

Next year, 1Password will add support for passkeys, enabling users to log in without a password. Even for current users, the business has built up an interactive demo so they can see how the feature will operate once it is released.

Passkeys eliminate the requirement for a two-factor authentication code and are more resistant to phishing and compromised credentials than passwords in terms of password brute force attacks like password spraying.

It is accurate that 1Password claims that its version will have a few benefits over its rivals. Because it works with so many different operating systems, 1Password asserts that its passkeys are the only ones that support numerous devices and enable cross-platform synchronization.

The main benefits of passkeys, according to 1Password, are that they come with strong default encryption and do not need to be memorized because they are saved on the device, while the private key is kept private from the website being signed into. Furthermore, the private key cannot be deduced from the public key.

The world of authentication will alter as a result of passwordless technologies. This partnership must make it substantially simpler for businesses to integrate a safe, password-free authentication flow into their products in order for it to grow.


Hackers Had Internal Access for 4 Days

Password management solution LastPass has confirmed that the company was hacked and the hackers had access to its development system for four days. The company stated in a blog post that nearly two weeks back, it detected some “unusual activity” in portions of its “LastPass development environment”, and immediately carried out an investigation for the same. 

As per the company’s reports, the hackers likely gained access to some of its source code through “a single compromised developer account”. The hackers were able to compromise a company developer’s endpoint to gain access to the Development environment, impersonating the developer after he “authenticated using multi-factor authentication,” which allowed them to get hold of some of the source code and “some proprietary LastPass technical information”. However, the company claims that no user data was compromised during the action.  

The company states that all of its “products and services are operating normally.” The Investigation for the hack is still ongoing and the company states that it has “implemented additional enhanced security measures.” 

LastPass CEO Karim Toubba stated that “There is no evidence of any threat actor activity beyond the established timeline [...] there is no evidence that this incident involved any access to customer data or encrypted password vaults”. 

The company restated that despite the unauthorized access, the hacker did not succeed in getting hold of any sensitive user data owing to system design and zero trust access (ZTA) is put in place to avert such incidents in the future. 

ZTA includes complete segregation of the Development and Production environment and the company’s own inability to access any of its customer’s password vaults without the master password set by the customers. “Without the master password, it is not possible for anyone other than the owner of a vault data,” the CEO stated. 

Lastly, LastPass also mentioned that it has restored to the services of a leading cybersecurity firm to enhance its source code safety practices and will ensure its system’s security, deploying additional endpoint security guardrails in both Development and Production environments to better detect and prevent any attack aiming at its systems.

LastPass Hacked, Customer Data and Vaults Secure

The password manager, LastPass recently unveiled that the attackers who breached its security in August 2020 also had access to its network for four days. 
 
As per the latest statements by LastPass, the company suffered from the interference of cyber attackers for four days in august 2022. Luckily, the company was able to detect and remove malicious actors during this period. 

With regards to the investigation updates concerning the security breach, the CEO of LastPass, Karim Toubba published a notice, stating, “We have completed the investigation and forensics process in partnership with Mandiant.” 
 
Furtermore, the company also stated, “There is no evidence of any threat actor activity beyond the established timeline. We can also confirm that there is no evidence that this incident involved any access to customer data or encrypted password vaults.” 
 
During the investigation, the company found that the malicious actors got access to the development environment by compromising a developer’s endpoint. After the developer completed its multi-factor authentication, the cyber attackers used their persistent access in imitating the developer and entered the development environment. 
 
However, the company commented that the system design and controls of the developer environment prevented threat actors from meddling with customer data or coded password vaults. 
 
The security measures of LastPass include a master password, which is required to access the vaults and decrypt the data. However, LastPass does not store that master password, which invalidates any other attempt of accessing other than by the user himself. In essence, LastPass does not have access to its users' master passwords. 

In an analysis of source code and production, it was found that as LastPass does not allow any developer from the development environment to push source code into a production environment without a fixed process, the threat actors were also unable to inject any code-poisoning or malicious code. 
 
In order to extend support to LastPass’s customers, Toubab further assured in the notice that they "have deployed enhanced security controls including additional endpoint security controls and monitoring.” The company has worked jointly with Mandiant, an American cybersecurity firm and a subsidiary of Google – to conclude that no sensitive data has been compromised. 

In 2015, the company witnessed a security incident that impacted email addresses, authentication hashes, and password reminders along with other data. Today, LastPass has approximately 33 million customers, thus a similar security breach would have a more jarring impact and hence is a matter of utmost concern. LastPass persuaded customers that their private data and passwords are safe with them as there was no evidence suggesting that any customer data was compromised. 


TrickBot Employs Bogus 1Password Installer to Launch Cobalt Strike

 

The Institute AV-TEST records around 450,000 new critical programmings (malware) every day with several potentially unwanted applications (PUA). These are thoroughly examined by their team under characteristic parameters and classified accordingly. 

Malware is a networking-generated file or code that infects, scans, exploits, or practically performs any activity that an attacker desires. 

One such prevalent malware is Trickbot which was first seen in 2016. Trickbot has established itself in cyberspace as a modular and multipurpose malware. The Trickbot operators initially focused on bank credential theft operations and then expanded their skills to attack several industries. With further advancements Trickbot came to light for its participation in ransomware attacks, using Ryuk and Conti malware. 

Recently, it has been found that Trickbot employs a technique for installing a bogus "1Password password manager" to corrupt and collect data on the victim's PC. The first way to accomplish this is with a password-protected Microsoft Word or Excel archive file with macros, that will compromise the targeted device if activated. For criminals to accumulate information about several network computers, a bogus 1Password file installer with the title "Setup1.exe" is also commonly used to launch the Cobalt Strike. 

1Password is an AgileBits Inc. developed password manager. It offers users a place in the digital void that is secured with the master password of the PBKDF2, to hold several passwords, Software licenses, and additional confidential material. 

In the regard, the DFIR Report states, “The Trickbot payload injected itself into the system process wermgr.exe — the Windows process responsible for error reporting. The threat actor then utilized built-in Windows utilities such as net.exe, ipconfig.exe, and nltest.exe for performing internal reconnaissance. Within two minutes of the discovery activity, WDigest authentication was enabled (disabled by default in Windows 10) in the registry on the infected host. This enforces credential information to be saved in clear text in memory. Shortly after applying this registry modification, the LSASS process was dumped to disk using the Sysinternals tool ProcDump.” 

This same bogus installer also eliminates a file that enables the execution of the Cobalt Strike (CS) shellcode and hence receives CS beacons. As the program allows unauthorized connection to victim systems, PowerShell commands are being used to gather data about victim PCs, such as their “anti-virus state”. 

Cobalt Strike is a commercial penetration test framework that helps an agent called 'Beacon' to be deployed by an attacker on the victim's network. Beacon has a wide range of functions including command execution, keylogging, data transfer, SOCKS proxy, privilege scale, port scanning, and lateral movement. 

Meanwhile, as the researchers highlighted, the acquired material was not exfiltrated and the group's motifs remain uncertain. If more advancements are noted in the near future, they will continue to update everyone on it, said the researchers. 

Consequently, researchers in cybersecurity must look for approaches to make sure that their customer facilities are secure from these techniques, as the gang can restart an attack on other networks anytime.