Security News
Back in August 2022, popular password manager company LastPass admitted to a data breach. LastPass insisted that the developer's account hadn't given the criminals access to any customer data, or indeed to anyone's encrypted password vaults.
The company was hacked, and customer information accessed. No passwords were compromised.
Popular password management service LastPass said it's investigating a second security incident that involved attackers accessing some of its customer information. "We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo," LastPass CEO Karim Toubba said.
Popular password management service LastPass said it's investigating a second security incident that involved attackers accessing some of its customer information. "We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo," LastPass CEO Karim Toubba said.
LastPass says unknown attackers breached its cloud storage using information stolen during a previous security incident from August 2022.The company added that, once in, the threat actors also managed to access customer data stored in the compromised storage service.
Microsoft said today that security vulnerabilities found to impact a web server discontinued since 2005 have been used to target and compromise organizations in the energy sector. The attackers gained access to the internal networks of the hacked entities via Internet-exposed cameras on their networks as command-and-control servers.
The Russian scooter-sharing service Whoosh has confirmed a data breach after hackers started to sell a database containing the details of 7.2 million customers on a hacking forum. On Friday, a threat actor began selling the stolen data on a hacking forum, which allegedly contains promotion codes that can be used to access the service for free, as well as partial user identification and payment card data.
Australian health insurance provider Medibank has announced it won't be paying the ransom to the criminal(s) who stole data of 9.7 million of its current and former customers. "Based on the extensive advice we have received from cybercrime experts we believe there is only a limited chance paying a ransom would ensure the return of our customers' data and prevent it from being published. In fact, paying could have the opposite effect and encourage the criminal to directly extort our customers, and there is a strong chance that paying puts more people in harm's way by making Australia a bigger target," the company said.
Vodafone Italia is sending customers notices of a data breach, informing that one of its commercial partners, FourB S.p. Vodafone Italia urges the recipients of the notifications to remain vigilant against incoming communications, as the risk of being targeted by phishing actors and scammers has now increased.
File hosting service Dropbox on Tuesday disclosed that it was the victim of a phishing campaign that allowed unidentified threat actors to gain unauthorized access to 130 of its source code repositories on GitHub."These repositories included our own copies of third-party libraries slightly modified for use by Dropbox, internal prototypes, and some tools and configuration files used by the security team," the company revealed in an advisory.