Security News

The massive breach at LastPass was the result of one of its engineers failing to update Plex on their home computer, in what's a sobering reminder of the dangers of failing to keep software up-to-date. The embattled password management service last week revealed how unidentified actors leveraged information stolen from an earlier incident that took place prior to August 12, 2022, along with details "Available from a third-party data breach and a vulnerability in a third-party media software package to launch a coordinated second attack" between August and October 2022.

5 open source Burp Suite penetration testing extensions you should check outWhen it comes to assessing the security of computer systems, penetration testing tools are critical for identifying vulnerabilities that attackers may exploit. LastPass breach: Hacker accessed corporate vault by compromising senior developer's home PCLastPass is, once again, telling customers about a security incident related to the August 2022 breach of its development environment and subsequent unauthorized access to the company's third-party cloud storage service that hosted backups.

Fintech banking platform Hatch Bank has reported a data breach after hackers stole the personal information of almost 140,000 customers from the company's Fortra GoAnywhere MFT secure file-sharing platform. As reported by TechCrunch, data breach notifications sent to impacted customers and filed with Attorney General's offices warned that hackers exploited a vulnerability in the GoAnywhere MFT software to steal the data of 139,493 customers.

LastPass is, once again, telling customers about a security incident related to the August 2022 breach of its development environment and subsequent unauthorized access to the company's third-party cloud storage service that hosted backups: "The threat actor leveraged information stolen during the first incident, information available from a third-party data breach, and a vulnerability in a third-party media software package to launch a coordinated second attack." The second incident went initially unnoticed, LastPass says, the tactics, techniques, and procedures and the indicators of compromise of the second incident "Were not consistent with those of the first." It was only later determined that the two incidents were related.

LastPass, which in December 2022 disclosed a severe data breach that allowed threat actors to access encrypted password vaults, said it happened as a result of the same adversary launching a second attack on its systems. "The threat actor leveraged information stolen during the first incident, information available from a third-party data breach, and a vulnerability in a third-party media software package to launch a coordinated second attack," the password management service said.

LastPass disclosed a breach in December where threat actors stole partially encrypted password vault data and customer information. "The threat actor was able to capture the employee's master password as it was entered, after the employee authenticated with MFA, and gain access to the DevOps engineer's LastPass corporate vault," reads a new security advisory published today.

Stanford University disclosed a data breach after files containing Economics Ph.D. program admission information were downloaded from its website between December 2022 and January 2023. Last week, the university sent data breach notification letters to those who submitted personal and health information as part of the graduate application to its Department of Economics, informing them that their info was accessed without authorization.

We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.

Web hosting services provider GoDaddy on Friday disclosed a multi-year security breach that enabled unknown threat actors to install malware and siphon source code related to some of its services. GoDaddy said in December 2022, it received an unspecified number of customer complaints about their websites getting sporadically redirected to malicious sites, which it later found was due to the unauthorized third party gaining access to servers hosted in its cPanel environment.

The FBI claims it has dealt with a cybersecurity "Incident" that reportedly involved computer systems being used to investigate child sexual exploitation. "The FBI is aware of the incident and is working to gain additional information," a spokesperson said in a statement to The Register.