AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 02/28/2023

Dish Network goes offline after likely cyberattack, employees cut off 

American TV giant and satellite broadcast provider, Dish Network has mysteriously gone offline with its websites and apps ceasing to function over the past 24 hours. The widespread outage affects Dish.com, Dish Anywhere app as well as several websites and networks owned by the corporation. Customers also suggest the company’s call center phone numbers are unreachable. Additionally, customers are facing authentication issues when signing into TV channel apps such as MTV & Starz via their Dish credentials. 


LastPass says employee’s home computer was hacked and corporate vault taken 

Already smarting from a breach that put partially encrypted login data into a threat actor’s hands, LastPass on Monday said that the same attacker hacked an employee’s home computer and obtained a decrypted vault available to only a handful of company developers. Although an initial intrusion into LastPass ended on August 12, officials with the leading password manager said the threat actor “was actively engaged in a new series of reconnaissance, enumeration, and exfiltration activity” from August 12 to August 26. In the process, the unknown threat actor was able to steal valid credentials from a senior DevOps engineer and access the contents of a LastPass data vault. Among other things, the vault gave access to a shared cloud-storage environment that contained the encryption keys for customer vault backups stored in Amazon S3 buckets. 


Application Security vs. API Security: What is the difference? 

As digital transformation takes hold and businesses become increasingly reliant on digital services, it has become more important than ever to secure applications and APIs (Application Programming Interfaces). With that said, application security and API security are two critical components of a comprehensive security strategy. By utilizing these practices, organizations can protect themselves from malicious attacks and security threats, and most importantly, ensure their data remains secure. Interestingly enough, despite the clear advantages these disciplines provide, businesses are struggling to understand which security approach is best for their needs. So in this article, we’ll discuss the differences between application and API security, best practices that you should consider, and ultimately make the case for why you need both. 


Canada bans TikTok on government devices 

Beginning on Tuesday, Canada will prohibit the video app TikTok from all government-issued devices. A government spokesperson said in a statement that the app “presents an unacceptable level of risk to privacy and security” and that the decision was made after a review by Canada’s chief information officer. A TikTok representative said the organization was frustrated by the choice. It comes just a few days after a similar ban was announced by the European Commission. Security concerns: According to Prime Minister Justin Trudeau, there was sufficient concern about the app’s security to call for the change. 


News Corp outfoxed by IT intruders for years 

The miscreants who infiltrated News Corporation’s corporate IT network spent two years in the media monolith’s system before being detected early last year. The super-corp, which owns The Wall Street JournalNew York Post, UK publications including The Sunday Times, and a broad array of other entities around the world, first reported the intrusion in February 2022, saying the snoops got into email accounts and gained access to employees’ data and business documents. A year later, according to a four-page letter sent to employees, News Corp executives said the unidentified cybercriminals likely first gained access to a company system as early as February 2020, and then got into “certain business documents and emails from a limited number of its personnel’s accounts in the affected system.” Both News Corp and Mandiant – the now-Google-owned cybersecurity house brought in to investigate the intrusion – said the attackers likely were nation-state players linked to China with the aim of gathering intelligence. 

Related Posts