Our latest round up of recent cybercrime news stories from Phil Ashley, Director of Crossword Labs. A pick of the weird, unexpected and sobering reminders of why we need to work together to stay on top of cybersecurity.
LASTPASS SOURCE CODE BREACH
Hackers managed to infiltrate LastPass’s Development systems to steal source code.
LastPass is one of the world’s largest password managers with over 25 million users. The breach was revealed on the 25th of August, though is believed to have happened 2 weeks previously, when the company had identified “some unusual activity within the portions of the LastPass development environment”. After some investigation, the company said there is no evidence of access to sensitive data or encrypted passwords. The cyber criminals accessed the LastPass development environment through a single compromised developer’s account and stole portions of source code. LastPass has since implemented enhanced security measures.
LINUX VULNERABILITY ALLOWS LOW PRIVILEGE ACCOUNTS TO ACCESS ROOT
An exploit called ‘Dirty Cred’ which allows elevation of least-privilege accounts to root by abusing Linux kernel heap corruption was revealed at a Blackhat security event.
This exploit in vulnerable systems can free up an unprivileged credential in memory so that a privileged one can take its place, and operate as a privileged user. The exploit is reported to work on most Centos 8 kernels higher than linux-4.18.0-305.el8 and most Ubuntu 20 kernels higher than 5.4.0-87.98 and 5.11.0-37.41. To protect against this, it is recommended that privileged and unprivileged credentials are isolated from each other using virtual memory.
GOOGLE CHROME ZERO DAY VULNERABILITY BEING EXPLOITED
On Tuesday 16th August Google released a security patch for Chrome to resolve an active high-severity zero day vulnerability.
The vulnerability, CVE-2022-2586, is caused by insufficient input validation by Chrome’s Intent API, which is meant to integrate web apps and extend their functionality. Attackers can potentially use the vulnerability to perform remote code execution attacks on a victim’s machine without authorisation. This latest patch also deals with a further 10 CVE-listed flaws which mostly relate to use-after-free bugs in components such as FedCM, Swiftshader and a couple of others. A heap buffer overflow vulnerability in Downloads was also fixed.
Find out more about Crossword's cybersecurity and vulnerability monitoring service, Nightingale.