Incident: Enterprises need to change passwords following ClickStudios, Passwordstate attack | ZDNet

Posted by Steven Kirby | Apr 24, 2021 | 09.02.03 Management of privileged access rights, Australia, Australian InfoSec Incidents 2021, Availability, Confidentiality, Integrity, IT Industry, Password Management, ZDNet | 0 |

Australia Software Company Cyberattack, 24 April 2021

Enterprises need to change passwords following Australian privilege access management company ClickStudios, Passwordstate attack

Advises “please reset all the stored passwords, and especially VPNs, Firewall, Switches, local accounts or any server passwords etc”

Company Statements: Incident Management Advisories, and 28/04/21 Statement
Source: Enterprises need to change passwords following ClickStudios, Passwordstate attack | ZDNet
View other breaches relating to the Australian IT Industry.

ClickStudios has told its global customer base to start changing passwords following a breach that resulted in a supply chain attack.

The Australian software company, which makes the Passwordstate password manager, suffered a breach between April 20 and April 22. CSIS Security Group, which dealt with the breach, posted the attack details.

The supply chain attack was initiated via an update of the Passwordstate app.

In a post, CSIS said its researchers found the attack during an investigation. “As recommended by ClickStudios, if you are using Passwordstate, please reset all the stored passwords, and especially VPNs, Firewall, Switches, local accounts or any server passwords etc,” said CSIS, which dubbed this incident/malware “Moserpass”.

About The Author

Steven Kirby

I provide independent and practical consultancy services through raising awareness and fostering the energy for change that delivers improved business management of information security governance, risk and compliance.

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

More Australian News

Audit: Australian Senate Estimates reveal 435 Chinese-made surveillance devices found at defence sites
by Steven Kirby on June 4, 2023
Defence Internal Audit Finding 31 May 2023 Australian Senate questioning reveal 435 Chinese-made surveillance devices found at defence sites Defence …
Steven Kirby on LinkedIn: The Essential Eight Cyber Security Guidelines | Microsoft
by Steven Kirby on June 4, 2023
https://lnkd.in/gZAjz-vm
Nivedita Newar on LinkedIn: Mandatory Cyber Incident Reporting Obligation
by Nivedita Newar on June 4, 2023
Awareness Refresher: If you are a cyber security team member in any role working for any of the 13 critical infrastructure sectors under the SOCI Act…
The Essential Eight Cyber Security Guidelines | Microsoft
by Microsoft on June 4, 2023
The Essential Eight cyber security guidelines for business Malicious cyber activity is increasing in frequency, scale, and sophistication throughout …
Breaking Down the Security of Critical Infrastructure Act
by Wouter Veugelen on June 2, 2023
On 17 February 2023, the Critical Infrastructure Risk Management Program (CIRMP) requirements came into effect. The clock is now ticking for more …
An interview with Gilbert Tobin discussing artificial intelligence in Australia
by Gilbert + Tobin on June 2, 2023
...will apply in respect of any personal information or sensitive information (as defined in the Privacy Act) that is ingested in or used by an AI …
Death and digital assets - Decoding digital assets in estate administration
by Ilana Kacev on June 2, 2023
The ever-evolving digital landscape has changed the concept of what an asset is, beyond that of mere physical possessions to now including numerous …
Regulatory focus on combatting scams and strengthening cyber resilience continues
by Kate Hilder on June 2, 2023
We outline the latest announcements from APRA and ASIC As previously reported, following a record year for consumer scam losses, regulators, have …
Services Australia sharing password-crackers with Dept of Education
by Jeremy Nadel on June 2, 2023
Services Australia has provided smartphone-hacking technology to the Department of Education and other unnamed agencies to assist them in …
Toyota does U-turn, confirms thousands of Australian customers hit by latest data breach
on June 1, 2023
A fortnight after its most recent customer data breach in Japan, Toyota Australia has confirmed the details of almost 3000 local owners were exposed …

Weekly Australian News and Monthly Incident Review Emails

No advertisements, marketing, sales, or unsolicited emails. Your email address is ONLY used to send the publications listed above.

Featured

Incident: Thousands of identifiable Northern Territory patient health files sent to overseas-based software vendor in government data breach | ABC News (Australia)

Featured

Incident: Drug and alcohol tests of graduate paramedics revealed in Ambulance Victoria data breach | The Guardian

Incident: TechnologyOne investigates 'cyber incident' on M365 system | iTnews

Incident: Crown Princess Mary Cancer Centre in Westmead Hospital in cyber attack, hackers threatening to release stolen data | ABC News (Australia)

Incident: Australian law firm HWL Ebsworth hit by Russian-linked Blackcat ransomware attack | The Guardian

Featured

Audit: Australian Senate Estimates reveals 435 Chinese-made surveillance devices found at defence sites

Featured

Audit: Western Australia Auditor General's Local Government Information Security Audit 2021-22 reports 324 control weaknesses

Audit: Western Australia Auditor General's State Government Information Systems Audit 2021-22

Audit: Queensland Audit Office's State Entities 2022 reports deficiencies in information systems

Audit: Victoria audit warns of weak IT controls in council systems | iTnews

Featured

Quote: Elijah Shaw "In the battle of real world vs..."

Featured

Quote: Kirsten Manthorne "You are an essential ingredient in our ongoing effort to reduce Security Risk.”

Quote: H. Stanley Judd "The ultimate security is your understanding of reality."

Quote: Gilda Radner "There is no real security except for whatever you ..."

Quote: Germaine Greer "Security is when everything is settled, when nothing ..."

Incident: Enterprises need to change passwords following ClickStudios, Passwordstate attack | ZDNet

Enterprises need to change passwords following Australian privilege access management company ClickStudios, Passwordstate attack

Advises “please reset all the stored passwords, and especially VPNs, Firewall, Switches, local accounts or any server passwords etc”