Serious LastPass breach, Inglis resigns, Xfinity accounts hacked

Serious LastPass breach, Inglis resigns, Xfinity accounts hacked

LastPass Admits Serious Data Breach, Encrypted Password Vault Stolen

The security breach of LastPass in August 2022 may have been more serious than the company previously disclosed. On Thursday, LastPass revealed that malicious actors obtained a trove of personal information belonging to its customers, including their encrypted passwords, using data obtained from the previous breach. Also stolen are “basic customer account information and related metadata, including company names, end user names, billing addresses, email addresses, phone numbers, and the IP addresses from which customers accessed the LastPass service,” the company said. The August 2022 incident, which remains the subject of an ongoing investigation, involved hackers gaining access to source code and proprietary technical information from the development environment via a single compromised employee account.

(The Hacker News)

Chris Inglis steps down as National Cyber ​​Director

National Cyber ​​Director Chris Inglis plans to step down from his position as senior White House cybersecurity adviser, a decision first reported by CNN and confirmed to CyberScoop by three sources with direct knowledge of the matter. The news comes as Inglis is in Japan on a trip intended to strengthen cyber cooperation with a key ally in the region, and as cybersecurity issues generally top the White House agenda. President Biden nominated Inglis, the former deputy director of the National Security Agency, to lead the newly created Office of the National Cyber ​​Director (ONCD) last year, tasking him with setting up an office aimed at bringing a unified approach to American online security policy . A spokesperson for ONCD declined to comment on Inglis’ planned departure.

See also  Visualization of the world's best social media and messaging apps

(Cyberscoop)

Comcast Xfinity accounts hacked in widespread 2FA bypass attacks

Comcast Xfinity customers are reporting their accounts are being hacked in widespread attacks that bypass two-factor authentication. These compromised accounts are then used to reset passwords for other services, such as crypto exchanges Coinbase and Gemini. Starting December 19, many Xfinity email users began receiving notifications that their account information had been changed. But when they tried to access the accounts, they couldn’t log in because the passwords had been changed. After regaining access to their accounts, they discovered they had been hacked and a secondary email at the disposable @yopmail.com domain was added to their profile.

(Blueing computer)

The GuLoader malware uses new techniques to evade security software

Researchers at CrowdStrike have revealed a number of techniques used by an advanced malware downloader called GuLoader to evade security software. GuLoader, also called CloudEyE, is a Visual Basic Script (VBS) downloader used to distribute remote access Trojans on infected machines. It was first discovered in the wild in 2019. A recent GuLoader sample unearthed by CrowdStrike shows a three-step process where VBScript is designed to deliver a next step that performs anti-analysis checks before injecting shellcode embedded in VBScript into memory.

(The Hacker News)

Thanks to this week’s episode sponsor, Tines

Wondering how the world’s leading security teams figure out how to do more with less? The answer is Tines! Tines is a hyper-flexible automation platform loved by customers like Okta, Canva, Kayak and Coinbase. Tines enables security teams to focus on what matters most by taking care of the grunt work! Learn more at Tines.com.

Microsoft fined $64 million by France for cookies used in Bing search

CNIL, France’s digital privacy regulator, has fined Microsoft €60 million ($64 million) for not providing clear enough instructions for users to reject cookies used for online ads, as part of the move to enforce Europe’s tougher data protection laws. The organization said Thursday that it conducted several investigations on Microsoft’s Bing search engine in September 2020 and May 2021 and found that the site dropped advertising cookies in users’ terminals without their express consent. The site also lacked a button for users to reject cookies as easily as to accept them, the CNIL said, where two clicks were needed to refuse all cookies while only one was needed to accept them.

See also  Big Google warning over 12 popular Android apps caught stealing bank details

(SCMagazine.com)

DuckDuckGo now blocks Google login windows on all websites

DuckDuckGo Apps and Extensions now blocks Google login pop-ups on all apps and browser extensions, removing what it perceives as an annoyance and a privacy risk for users. DuckDuckGo offers a privacy-focused search engine, an email service, mobile apps and data-protecting browser extensions. A standalone browser is also in the works, currently in beta and only available for macOS. The company announced last Thursday that all of its Chrome, Firefox, Brave and Microsoft Edge apps and browser extensions will now actively block Google sign-in messages displayed on websites.

(Blueing computer)

Threat actor allegedly offered data from 400,000,000 Twitter users

A hacker who is active on the hacking forum Ryushi urging interested prospects to buy sensitive details that were stolen from over 400 million Twitter account users. The hacker claims to have gained access to the data through a vulnerability in the database and is ready to sell it for a hefty price of $400,000,000. The hacker is also inviting Elon Musk or any Twitter employee to buy back the data to avoid penalties imposed by GDPR lawsuits ranging from $5.4 million to $8.7 million. The selling criminal also confirmed that escrow payments will cover the sale under the control of the forum administrator – the infamous Pompompurin. Ireland’s Data Protection Commissioner has opened an investigation and has linked the current data possession requirement to a massive data breach that took place last month.

(Insider on cyber security)

Experts warn of a critical Linux kernel vulnerability

A critical Linux kernel vulnerability (CVSS score of 10) exposes SMB servers with KSMBD enabled to hack. KSMBD is a Linux kernel server that implements the SMB3 protocol in kernel space for sharing files over the network. An unauthenticated remote attacker could execute arbitrary code on vulnerable installations of the Linux kernel. The vulnerability was discovered on July 26, 2022 by the researchers Thalium team at Thales Group, and was made public on December 22, 2022.

See also  Social media and human rights: friend or foe?

(Safety Matters)

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *