A quick Saturday digest of cybersecurity news articles from other sources.
LastPass users: Your info and password vault data are now in hackers’ hands
Password manager says breach it disclosed in August was much worse than thought.
LastPass, one of the leading password managers, said that hackers obtained a wealth of personal information belonging to its customers as well as encrypted and cryptographically hashed passwords and other data stored in customer vaults.
The revelation, posted on Thursday, represents a dramatic update to a breach LastPass disclosed in August. At the time, the company said that a threat actor gained unauthorized access through a single compromised developer account to portions of the password manager’s development environment and “took portions of source code and some proprietary LastPass technical information.” The company said at the time that customers’ master passwords, encrypted passwords, personal information, and other data stored in customer accounts weren’t affected.
In Thursday’s update, the company said hackers accessed personal information and related metadata, including company names, end-user names, billing addresses, email addresses, telephone numbers, and IP addresses customers used to access LastPass services. The hackers also copied a backup of customer vault data that included unencrypted data such as website URLs and encrypted data fields such as website usernames and passwords, secure notes, and form-filled data.
“These encrypted fields remain secured with 256-bit AES encryption and can only be decrypted with a unique encryption key derived from each user’s master password using our Zero Knowledge architecture,” LastPass CEO Karim Toubba wrote, referring to the Advanced Encryption Scheme and a bit rate that’s considered strong. Zero Knowledge refers to storage systems that are impossible for the service provider to decrypt. More…
Ransomware, DDoS see major upsurge led by upstart hacker group
According to NCC Group’s Global Threat Intelligence team, November saw a 41% increase in ransomware attacks from 188 incidents to 265. In its most recent Monthly Threat Pulse (you can subscribe to the downloadable report here), the group reported that the month was the most active for ransomware attacks since April this year.
- Ransomware attacks rose by 41% in November.
- Threat group Royal (16%) was the most active, replacing LockBit as the worst offender for the first time since September 2021.
- Industrials (32%) and consumer cyclicals (44%) remain the top two most targeted sectors, but technology experienced a large 75% increase over the last month.
- Regional data remains consistent with last month — North America (45%), Europe (25%) and Asia (14%)
- DDoS attacks continue to increase.
Virtual kidnapping scam strikes again. Spot the signs
A recent scam has been making the rounds that attempts to fool you into thinking a loved one has been kidnapped.
Warnings abound of a major new piece of fraud doing the rounds which uses your relative’s voice as part of a blackmail scam. What happens is the victim receives a call from said relative’s number, and they’re cut off by blackmailers who have them held hostage. The only way to get them back safely is to pay a sizable sum of money, usually within a time limit. Refusal to pay up could clearly end very badly for the person being held to ransom.
There’s just one problem with this: It’s all fake.
BEC scammers go after more than just money
Posted: by
In a joint Cybersecurity Advisory (CSA) the Federal Bureau of Investigation (FBI), the Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the US Department of Agriculture (USDA) recently observed incidents of Business Email Compromise (BEC) with a new twist. In these incidents the threat actors didn’t go for money, instead stealing whole shipments of food products and ingredients valued at hundreds of thousands of dollars.
DEC
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com