Exploit: Hacking
ClickStudios: Password Security Software Company
Risk to Business: 2.112 = Severe
Researchers report that password manager maker ClickStudios suffered a breach, sometime between April 20 and April 22, which resulted in the attacker dropping a corrupted update to its password manager Passwordstate. A zip file contained a dynamic link library with the malicious code, according to the blog. The associated malware dubbed Moserpass – which was in the file name of a malicious dll found by researchers – called out to a command and control server to execute the next stage of the attack. However, that server went down before CSIS Security Group could grab and examine any second-stage malware that might have been used in follow-up operations. The compromise is under investigation.
Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware is the weapon of choice for cybercrime, and ransoms have been skyrocketing as criminals grow more brazen.\