Passwordstate password manager hacked in supply chain attack

guest · Apr 23, 2021

Passwordstate password manager hacked in supply chain attack
April 23, 2021
https://www.bleepingcomputer.com/ne...ssword-manager-hacked-in-supply-chain-attack/

Click Studios, the company behind the Passwordstate enterprise password manager, notified customers that attackers compromised the app's update mechanism to deliver malware in a supply-chain attack after breaching its networks.

Passwordstate is an on-premises password management solution used by over 370,000 security and IT professionals at 29,000 companies worldwide, as the company claims.
Click to expand...

According to a notification email regarding the supply-chain attack sent to customers, malicious upgrades were potentially downloaded by customers between April 20 and April 22.

"Initial analysis indicates that bad actor using sophisticated techniques had compromised the In-Place Upgrade functionality," Click Studios told customers in an email with the "Confirmation of Malformed Files and Essential Course of Action" title.

"The attackers crudely added a 'Loader' code section, just an extra 4KB from an older version" to Passwordstate's original code, said J. A. Guerrero-Saade, SentinelOne Principal Threat Researcher
Click to expand...

Rasheed187 · Apr 24, 2021

I have never heard of them before, but looks like they are a big player? That's why 2FA stays very important, there is always a chance that username and passwords will be stolen. On the other hand, I expect better security measures from password management companies. Hopefully other big players will learn from this.

EASTER · Apr 25, 2021

I would go one further and up an additional level even at this stage of matters to implement 3FA and really throw those hackers into a tizzy. It doesn't have to be overwhelming for the end user just a added simple step to put some real distance before the fact since they'll be experimenting crawling all over 2FA if they ever employ it as standard. But they better do it fast!

XIII · Apr 25, 2021

What third factor do you propose?

Something you know (password)

Something you have (hardware token)

?

Only thing I can think of is “Something you are” (fingerprint, face, iris, voice?).

What do you have in mind?

guest · Apr 28, 2021

Passwordstate hackers phish for more victims with updated malware
April 28, 2021
https://www.bleepingcomputer.com/ne...-phish-for-more-victims-with-updated-malware/

Click Studios, the software company behind the Passwordstate enterprise password manager, is warning customers of ongoing phishing attacks targeting them with updated Moserpass malware.

Click Studios published a second advisory on Sunday, saying that "only customers that performed In-Place Upgrades between the times stated above are believed to be affected and may have had their Passwordstate password records harvested."
Click to expand...

Phishing messages copy Click Studios emails shared on social media
Since then, Click Studios has been assisting potentially impacted customers over email, providing them with a hotfix designed to help them remove the malware from their systems.

However, as revealed today in a new advisory, emails received from Click Studios were shared by customers on social media allowing unknown threat actors to create phishing emails matching the company's correspondence and pushing a new Moserpass variant.

"It is expected the bad actor is actively monitoring social media for information on the compromise and exploit," Click Studios said today.
Click to expand...

ronjor · Apr 29, 2021

Click Studios asks customers to stop tweeting about its Passwordstate data breach

Zack Whittaker@zackwhittaker April 29, 2021
Australian security software house Click Studios has told customers not to post emails sent by the company about its data breach, which allowed malicious hackers to push a malicious update to its flagship enterprise password manager Passwordstate to steal customer passwords.
Click to expand...

Rasheed187 · May 3, 2021

XIII said: ↑

What third factor do you propose?

Something you know (password)

Something you have (hardware token)

?

Only thing I can think of is “Something you are” (fingerprint, face, iris, voice?).

What do you have in mind?
Click to expand...

I do hope that most websites will soon offer 2FA via authentication apps, of course Win 10 should then be able to run those apps because I don't want to use my mobile phone for this stuff. And we all know that 2FA via SMS is not secure enough because of SIM swapping. And I forgot to say that websites should also support 2FA keys like YubiKey.

https://www.androidauthority.com/best-two-factor-authenticator-apps-904743/

Rasheed187 · May 6, 2021

XIII said: ↑

What third factor do you propose?

Something you know (password)

Something you have (hardware token)

?

Only thing I can think of is “Something you are” (fingerprint, face, iris, voice?).

What do you have in mind?
Click to expand...

Rasheed187 said: ↑

I do hope that most websites will soon offer 2FA via authentication apps, of course Win 10 should then be able to run those apps because I don't want to use my mobile phone for this stuff.

https://www.androidauthority.com/best-two-factor-authenticator-apps-904743/
Click to expand...

LOL, turns out this stuff already exists! Authy has an app for Windows, I really wonder when all major websites, think of online shopping, online banking, cloud storage and email, will implement this stuff!

https://authy.com/blog/introducing-authy-for-your-personal-computer/

guest · Aug 5, 2021

Passwordstate customers complain of silence and secrecy after cyberattack
A supply chain attack sought to steal passwords directly from customer servers
August 4, 2021
https://techcrunch.com/2021/08/04/passwordstate-supply-chain-attack/

It has been over three months since Click Studios, the Australian software house behind the enterprise password manager Passwordstate, warned its customers to “commence resetting all passwords.” The company was hit by a supply chain attack that sought to steal the passwords from customer servers around the world.

But customers tell TechCrunch that they are still without answers about the attack. Several customers say they were met with silence from Click Studios, while others were asked to sign strict secrecy agreements when they asked for assurances about the security of the software.
One IT executive whose company was compromised by the attack said they felt “abandoned” by the software maker in the wake of the attack.
Click to expand...

Several customers who spoke to TechCrunch about the hack, including customers with compromised servers, said the Click Studios was largely unresponsive after that.
The IT executive whose Passwordstate server was compromised by the attack said they updated their server during the 28-hour-long attack, but heard nothing from Click Studios besides the mass email warning of the hack. “Everything was just, ‘change your passwords,’ ” the executive said.
Click to expand...

Rasheed187 · Dec 24, 2022

Another bug was found in Passwordstate, makes you wonder if using a cloud based password manager is truly a good idea.

Multiple high-severity vulnerabilities have been disclosed in Passwordstate password management solution that could be exploited by an unauthenticated remote adversary to obtain a user's plaintext passwords.

"Successful exploitation allows an unauthenticated attacker to exfiltrate passwords from an instance, overwrite all stored passwords within the database, or elevate their privileges within the application," Swiss cybersecurity firm modzero AG said in a report published this week.
Click to expand...

https://thehackernews.com/2022/12/critical-security-flaw-reported-in.html

Log in or Sign up

Passwordstate password manager hacked in supply chain attack

guest Guest

Rasheed187 Registered Member

EASTER Registered Member

XIII Registered Member

guest Guest

ronjor Global Moderator

Rasheed187 Registered Member

Rasheed187 Registered Member

guest Guest

Rasheed187 Registered Member

Log in or Sign up

Passwordstate password manager hacked in supply chain attack

guest Guest

Rasheed187 Registered Member

EASTER Registered Member

XIII Registered Member

guest Guest

ronjor Global Moderator

Rasheed187 Registered Member

Rasheed187 Registered Member

guest Guest

Rasheed187 Registered Member

Useful Searches