House › Incident Response

CloudSEK Blames Hack on One other Cybersecurity Firm

By Ionut Arghire on December 08, 2022

Tweet

Digital danger safety firm CloudSEK claims that one other cybersecurity agency is behind a current information breach ensuing from the compromise of an worker’s Jira account.

As a part of the focused cyberattack, an unknown social gathering used session cookies for the worker’s Jira account to achieve entry to numerous kinds of inside information.

As a result of the person by no means used a password for login, however relied on single sign-on (SSO) as a substitute, and since his electronic mail was protected with multi-factor authentication (MFA), the attacker was unable to compromise the password or the e-mail, CloudSEK says.

Nevertheless, after taking up the account, the attacker did entry buyer names and buy orders for 3 firms, in addition to screenshots of the product dashboards. VPN and endpoint IP addresses have been additionally accessed, and the attacker searched Confluence pages for credentials.

No buyer information, buyer login info, or credentials used on the portal have been compromised in the course of the incident, CloudSEK says.

This week, a risk actor going by the identify of ‘sedut’ has created accounts on a number of cybercrime boards, claiming to have entry to CloudSEK information, together with XVigil, Codebase, electronic mail, Jira, and social media accounts, however the firm says these claims are false.

Actually, CloudSEK says, the screenshots that the attacker has posted on the cybercrime boards will be traced to Jira/Confluence coaching pages and to Jira tickets.

“All of the screenshots and purported accesses shared by the risk actor will be traced again to Jira Tickets and inside confluence pages. Even the screenshots of Elastic DB, mySQL database schema, and XVigil/PX are from coaching paperwork saved on Jira or Confluence,” CloudSEK says.

Nevertheless, the corporate admitted that the attacker took over a social media account that CloudSEK makes use of for takedowns, after which tweeted from that account, tagging shoppers and media representatives.

“The attacker has zero popularity on darkish net and created the darkish net market account particularly to submit CloudSEK-related info. No ransom was demanded from CloudSEK, nor have been there any indicators of a typical cybercrime group,” the corporate says.

CloudSEK additionally notes that the assault seems to have been orchestrated by a cybersecurity agency.

“We suspect a infamous cybersecurity firm that’s into darkish net monitoring behind the assault. The assault and the symptoms join again to an attacker with a infamous historical past of utilizing related ways we’ve noticed prior to now,” CloudSEK notes.

In late November, CloudSEK disclosed an incident the place an worker’s laptop computer was contaminated with an info stealer (Vidar Stealer) after being despatched to a third-party vendor to resolve efficiency points.

“The stealer log malware uploaded the passwords/cookies on the worker’s machine to a darkish net market. The attacker bought the logs the identical day. The attacker was unable to make use of the opposite passwords because of MFA. Therefore he used the session cookies to revive Jira classes,” CloudSEK stated on the time.

Nevertheless, the incidents may not be associated, and the corporate remains to be investigating how the attacker (sedut) gained entry to the second worker’s session cookies.

Associated: Leaked Algolia API Keys Uncovered Knowledge of Thousands and thousands of Customers

Associated: California County Says Private Data Compromised in Knowledge Breach

Associated: Toyota Discloses Knowledge Breach Impacting Supply Code, Buyer Electronic mail Addresses

Get the Day by day Briefing

• Most Latest
• Most Learn

• CloudSEK Blames Hack on One other Cybersecurity Firm
• Pwn2Own Toronto 2022, Day 2: Sensible Speaker Exploits Earn Large Chunk of $280,000 Whole
• Apple Including Finish-to-Finish Encryption to iCloud Backup
• Google Paperwork IE Browser Zero-Day Exploited by North Korean Hackers
• Cyberattack on High Indian Hospital Highlights Safety Threat
• Large Tech Distributors Object to US Gov SBOM Mandate
• Buyers Pour $200 Million Into Compliance Automation Startup Drata
• Self-Propagating ‘Zerobot’ Botnet Focusing on Spring4Shell, IoT Vulnerabilities
• Vaultree Raises $12.eight Million for Knowledge-in-Use Encryption Answer
• Fortinet Patches Excessive-Severity Authentication Bypass Vulnerability in FortiOS

In search of Malware in All of the Improper Locations?

First Step For The Web’s subsequent 25 years: Including Safety to the DNS

Tattle Story: What Your Pc Says About You

Be in a Place to Act By Cyber Situational Consciousness

Report Exhibits Closely Regulated Industries Letting Social Networking Apps Run Rampant

2010, A Nice Yr To Be a Scammer.

Do not Let DNS be Your Single Level of Failure

How one can Establish Malware in a Blink

Defining and Debating Cyber Warfare

The 5 A’s that Make Cybercrime so Enticing

How one can Defend Towards DDoS Assaults

Safety Budgets Not in Line with Threats

Anycast – Three Causes Why Your DNS Community Ought to Use It

The Evolution of the Prolonged Enterprise: Safety Methods for Ahead Pondering Organizations

Utilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous Enterprise

Orbit Brain

https://orbitbrain.com/

Orbit Brain is the senior science writer and technology expert. Our aim provides the best information about technology and web development designing SEO graphics designing video animation tutorials and how to use software easy ways
and much more. Like Best Service Latest Technology, Information Technology, Personal Tech Blogs, Technology Blog Topics, Technology Blogs For Students, Futurism Blog.