Security News

Read on to compare LastPass Free and Premium plan features. Both the LastPass Free and Premium plans allow you to generate, save and autofill an unlimited number of passwords across websites and online applications in the LastPass Vault.

Today, Ivanti warned of a new authentication bypass vulnerability impacting Connect Secure, Policy Secure, and ZTA gateways, urging admins to secure their appliances immediately. Shadowserver also monitors Ivanti Connect Secure VPN instances compromised worldwide daily, with almost 250 compromised devices discovered on Wednesday, February 7.

Microsoft introduced 'Sudo for Windows' today, a new Windows 11 feature allowing users to execute commands with elevated privileges from unelevated terminals. "Sudo for Windows is a new way for users to run elevated commands directly from an unelevated console session," said Windows Product Manager Jordi Adoumie.

A new version of the XLoader Android malware was discovered that automatically executes on devices it infects, requiring no user interaction to launch. XLoader, aka MoqHao, is an Android malware operated and likely created by a financially motivated threat actor named 'Roaming Mantis,' previously seen targeting users in the U.S., U.K., Germany, France, Japan, South Korea, and Taiwan.

The U.S. State Department offers rewards of up to $10 million for information that could help locate, identify, or arrest members of the Hive ransomware gang. "Today, the Department of State is announcing a reward offer of up to $10,000,000 for information leading to the identification and/or location of any individual(s) who hold a key leadership position in the Hive ransomware variant transnational organized crime group," the State Department said.

Researchers suspect the criminals behind the Raspberry Robin malware are now buying exploits for speedier cyberattacks. An exploit developer is thought by infosec pros to be either on the Raspberry Robin payroll or a close contact that sells them to the group - most likely the latter.

LastPass is warning that a fake copy of its app is being distributed on the Apple App Store, likely used as a phishing app to steal users' credentials. As LastPass is used to store very sensitive information, such as authentication secrets and credentials, the app was likely created to act as a phishing app and steal credentials.

Data breaches at two French healthcare payment service providers, Viamedis and Almerys, have now been determined to impact over 33 million people in the country.The data protection authority in France has now confirmed both data breaches and says that the attacks impacted 33 million people in the country.

A fraudulent app named "LassPass Password Manager" that mimics the legitimate LastPass mobile app can currently be found on Apple's App Store, the password manager maker is warning. "The app in question is called 'LassPass Password Manager' and lists Parvati Patel as the developer. The app attempts to copy our branding and user interface, though close examination of the posted screenshots reveal misspellings and other indicators the app is fraudulent," says Mike Kosak, Senior Principal Intelligence Analyst at LastPass.

While Apple isn't explicitly named in the recently unsealed court papers, it's not difficult to deduce that the identity of "Company A," as written in the indictment, is the consumer tech megacorp. Looking deeper into the case background, it's also revealed that one of the defendants redeemed one of the stolen gift cards to their personal app store account, where they purchased Final Cut Pro - software developed by Apple that only runs on Apple hardware.