Security News > 2022

FrodoPIR: New Privacy-Focused Database Querying System
2022-12-23 13:37

The developers behind the Brave open-source web browser have revealed a new privacy-preserving data querying and retrieval system called FrodoPIR. The idea, the company said, is to use the technology to build out a wide range of use cases such as safe browsing, checking passwords against breached databases, certificate revocation checks, and streaming, among others. The scheme is called FrodoPIR because "The client can perform hidden queries to the server, just as Frodo remained hidden from Sauron," a reference to the characters from oJ. R. R. Tolkien's The Lord of the Rings.

Hacking the JFK Airport Taxi Dispatch System
2022-12-23 12:03

Two men have been convicted of hacking the taxi dispatch system at the JFK airport. This enabled them to reorder the taxis on the list; they charged taxi drivers $10 to cut the line.

LastPass says attackers got users’ info and password vault data
2022-12-23 11:32

The August 2022 LastPass breach has resulted in potentially catastrophic consequences for the company and some of its users: attackers have made off with unencrypted customer data and copies of backups of customer vault data. "These encrypted fields remain secured with 256-bit AES encryption and can only be decrypted with a unique encryption key derived from each user's master password using our Zero Knowledge architecture. As a reminder, the master password is never known to LastPass and is not stored or maintained by LastPass. The encryption and decryption of data is performed only on the local LastPass client."

Researchers Warn of Kavach 2FA Phishing Attacks Targeting Indian Govt. Officials
2022-12-23 11:14

A new targeted phishing campaign has zoomed in on a two-factor authentication solution called Kavach that's used by Indian government officials. LNK files are used to initiate code execution which eventually downloads and runs a malicious C# payload, which functions as a remote access trojan," Securonix researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov said in a new report.

Accelerate Your Incident Response
2022-12-23 11:00

First, make sure that your strategy follows the six steps to complete incident response. Identification: The identification stage is when an incident has been identified - either one that has occurred or is currently in progress.

Vice Society Ransomware Attackers Adopt Robust Encryption Methods
2022-12-23 10:05

The Vice Society ransomware actors have switched to yet another custom ransomware payload in their recent attacks aimed at a variety of sectors. "This ransomware variant, dubbed 'PolyVice,' implements a robust encryption scheme, using NTRUEncrypt and ChaCha20-Poly1305 algorithms," SentinelOne researcher Antonio Cocomazzi said in an analysis.

Ghost CMS vulnerable to critical authentication bypass flaw
2022-12-23 08:12

A critical vulnerability in the Ghost CMS newsletter subscription system could allow external users to create newsletters or modify existing ones so that they contain malicious JavaScript. [...]

France Fines Microsoft €60 Million for Using Advertising Cookies Without User Consent
2022-12-23 07:46

France's privacy watchdog has imposed a €60 million fine against Microsoft's Ireland subsidiary for dropping advertising cookies in users' computers without their explicit consent in violation of data protection laws in the European Union. The Commission nationale de l'informatique et des libertés noted that users visiting the home page of its Bing search engine did not have a "Mechanism to refuse cookies as easily as accepting them."

LastPass admits attackers have a copy of customers’ password vaults
2022-12-23 06:35

Password locker LastPass has warned customers that the August 2022 attack on its systems saw unknown parties copy encrypted files that contains the passwords to their accounts. The update reveals that the attacker also copied "Customer vault" data - the file LastPass uses to let customers record their passwords.

LastPass Admits to Severe Data Breach, Encrypted Password Vaults Stolen
2022-12-23 04:07

The August 2022 security breach of LastPass may have been more severe than previously disclosed by the company. The popular password management service on Thursday revealed that malicious actors obtained a trove of personal information belonging to its customers that include their encrypted password vaults using data siphoned from the break-in.