From an update from LastPass: Based on our investigation to date, we have learned that an unknown threat actor accessed a cloud-based storage environment leveraging information obtained from the incident we previously disclosed in August of 2022. While no customer data was accessed during the August 2022 incident, some source code and technical information were…
Category: Commentaries and Analyses
Corporate Tech Leaders Untangle Their Cybersecurity Roles
Belle Lin reports: Information technology and cybersecurity chiefs grew closer than ever in 2022, a dynamic allowing for more comprehensive threat mitigation, but raising new questions over responsibilities. Many executives now say that as their roles around cyber appear to converge, they are working to sort out the dividing lines between their shared security and IT responsibilities….
Anker Highlights What Not To Do When Your Crappy Security Standards Are Exposed
Karl Bode writes: A few weeks ago, The Verge discovered that Anker, the maker of popular USB chargers and the Eufy line of “smart” cameras, had a bit of a security issue. Despite the fact the company advertised its Eufy cameras as having “end-to-end” military-grade encryption, security researcher Paul Moore and a hacker named Wasabi found it…
Hacker steals 14 BAYC worth over 852 ETH ($1.07 million)
Rodney Holmes reports: Over the weekend, an infamous hacker known as Jason Brubeck succeeded in stealing around 850 ETH ($1+ million) worth of the Bored Ape collection, leaving his victim completely devastated. The news was first broken by @Snake, who were able to detect and identify suspicious activity through phishing tactics with impressive accuracy. Read more…
LockBit 3.0: usurpers multiply and go upmarket
Valéry Rieß-Marchive reports (machine translation): A new impersonator of the LockBit 3.0 ransomware franchise has just been spotted. Like the one who attacked the André-Mignot hospital in Chesnay-Rocquencourt at the beginning of December, he does not offer a Web interface accessible via Tor to discuss with his victims and, if necessary, negotiate the requested ransom: the…
Iran-linked Charming Kitten espionage gang bares claws to pollies, power orgs
Jessica Lyons Hardcastle reports: An Iranian cyber espionage gang with ties to the Islamic Revolutionary Guard Corps has learned new methods and phishing techniques, and aimed them at a wider set of targets – including politicians, government officials, critical infrastructure and medical researchers – according to email security vendor Proofpoint. Over the past two years,…