Tuesday, December 28, 2021

LastPass password manager woes?

  If you are having issues accessing your LastPass vault you are not alone.

 Multiple users share your situation. LastPass is attempting to contact their users to share their (LastPass) findings.

LastPass investigated recent reports of blocked login attempts and determined the activity is related to fairly common bot-related activity, in which a malicious or bad actor attempts to access user accounts (in this case, LastPass) using email addresses and passwords obtained from third-party breaches related to other unaffiliated services. It’s important to note that we do not have any indication that accounts were successfully accessed or that the LastPass service was otherwise compromised by an unauthorized party. We regularly monitor for this type of activity and will continue to take steps designed to ensure that LastPass, its users, and their data remain protected and secure.

Use Multi Factor Authentication. Change your master password often. Keep that master password secure.



Monday, December 13, 2021

Apple Updates everything 13-Dec-2021

  Apple updates

 iOS 15.2

iPadOS 15.2

macOS 12.1

AppleTV 15.2

watchOS 8.3



Internet on Fire??

  A LOT of coverage in news outlets about "worst vulnerability ever", "Internet on fire", and similar stories.

 We will cover the details in the Cyber Security SIG meeting December 16 at 3pm via zoom. The session/presentation will be audio recorded so view the posted presentation notes if you want the details - as they become more known.

 The vulnerability is in the Apache log4j library. Most applications are developed then deployed using stock libraries for common functions. Logging is a common function and the Apache log4j library is a very popular application inclusion.

 Very popular.

 Thus applications used in both server applications, client applications, browsers, and social media platforms -  to name a few.

 So applications using Java include the log4j class, set parameters, and use the log4j library to handle application logging.

 Some detail: The Java Naming and Directory Interface (JNDI) provides naming and directory functions to Java applications. So an application needs/wants to log something - anything. If the API encounters a JNDI reference the API will to to the supplied resource and fetch whatever it needs to resolve the requested variable. It is possible to download remote classes and execute them.

 A simple Proof of Concept (PoC) was released recently. Exploits rapidly increased in frequency and severity.

 Any and everything may need a update. 

 Applications, sites, platforms, cloud services, Twitter, should be used with caution. 

 DHS and most national cyber agencies are issuing warnings. Please head them.


UPDATE:  The patch might be worse than the exploit.

VERY HEAVY scanning for vulnerable systems continues to increase.