From The Blog

Just when you might have thought things were calming down with Lapsus$, they bounce back from a “vacation” and dump what they are claiming is 70GB of data from IT group Globant. The leak comes after police in London announced the arrest and release of seven individuals with possible ties to the group, including the possible leader of the organization.

Google pushed out a n Out-of-band patch for Chrome due to a high-severity on Friday (March 25th, 2022). The patch was pushed out quickly as the vulnerability, tracked as CVE-2022-1096 is being actively exploited in the wild. CVE-2022-1096 is a type confusion vulnerability that exists in the JavaScript Engine used by Chrome and was reported to Google by an Anonymous researcher last week.

Lat week we reported on the quick change in Okta’s stance on a January security incident that turned out to be much larger and have the volatile hacking group Lapsus$ behind it. The original disclosure was that a single third-party contractor account had an unsuccessful attempt to compromise Okta’s systems. Okta states that they turned over information around the incident to Sitel, the third-party that provides customer support. Once this was done, Okta basically washed their hands of it and sat back waiting to hear what Sitel found.

On the 22nd of March Okta finally confirmed that they were breached in January for a period of 5 days. The breach, according to information now disclosed, happened due to the compromise of an account of a support engineer. The compromised user was not an Okta employee but belonged to a third party engineer working for Sitel. This event was downplayed by Okta as they claimed only the account was impacted and no clients were known to be exposed at the time.

Once again Google has been caught with their hands in the personal data collection cookie jar. It seems that their Messages and Phone Dialer Apps were sending information about your calls and messages without giving the user any chance to opt-out of this data collection. They also perform this data collection without any user notification at all.

Microsoft has finally acknowledged the attack and theft of source code by the Lapsus$ group (tracked as DEV-0537). According to the announcement, a single user account was compromised to gain limited access to their systems and source code. The public confirmation which Microsoft published late Tuesday (March 22, 2022) not only includes details about the attack on Microsoft, but also some detailed information about the TTPs (tactics, techniques, and procedures) used by the group.

Earlier today we covered the leak of Microsoft source code by the Lapsus$ group. The group leaked a portion of the data they claim to have stolen in the form of a 37GB dump. This dump has added to the source code they have stolen and released from companies like NVIDIA and Samsung. Lapsus$ has a pattern of compromising an organization, stealing data and then demanding money to not release the information, only to release the information anyway.

Yesterday we reported that the source code stealing group, Lapsus$, claimed they have breached and stollen source code from Microsoft. They made the announcement on their Telegram account by posting a screenshot of the projects they claimed to have access to. Now, as with other leaks, they have dropped a compressed file (7zip) via Torrent which appears to contain around 37GB of source code.

Elden Ring, from developer FromSoftware seems to have a flaw that is allowing an interesting attack for PC players. The flaw allows invaders, malicious players that enter another player’s world to cause a game crash, this crash leads the player into an endless death loop once the player can get back online.

The Lapsus$ group has been in the news recently for theft of source code form some high-profile targets. These targets have included companies like NVIDIA, Samsung, Vodafone, and Ubisoft. The NVIDIA event was noteworthy as it included a claim that NVIDIA hacked the attackers back in order to encrypt the data that have been taken out of their environment.