Security News

"An unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information," the makers of the popular password manager LastPass announced on Thursday, but reassured users that the Master Passwords securing their password vaults are safe. LastPass says that they detected the breach two weeks ago, but that they haven't discovered evidence of the attacker gaining access to customer data in their production environment or encrypted password vaults.

Password management service LastPass confirmed a security incident that resulted in the theft of certain source code and technical information. The security breach is said to have occurred two weeks ago, targeting its development environment.

Internal source code and documents have been stolen from LastPass by a cyber-thief. The password manager maker said on Thursday that someone broke into one of its developer's accounts, and used that gained access to proprietary data.

Password management firm LastPass was hacked two weeks ago, allowing threat actors to steal the company's source code and proprietary technical information.After requests for information, LastPass released a security advisory today confirming that the company was breached through a compromised developer account that was used to access the company's developer environment.

The source code for an information-stealing malware coded in Rust has been released for free on hacking forums, with security analysts already reporting that the malware is actively used in attacks. The malware, which the author claims to have developed in just six hours, is quite stealthy, with VirusTotal returning a detection rate of around 22%. As the info-stealer is written in Rust, a cross-platform language, it allows threat actors to target multiple operating systems.

Take the Codecov case: it is a textbook example to illustrate how hackers leverage hardcoded credentials to gain initial access into their victims' systems and harvest more secrets down the chain. In this article, we will talk about secrets and how keeping them out of source code is today's number one priority to secure the software development lifecycle.

Google has a plan - and a new product plus a partnership with developer-focused security shop Snyk - that attempts to make it easier for enterprises to secure their open source software dependencies. They have corresponding enriched metadata incorporating Container/Artifact Analysis data and are built with Cloud Build, which verifies the code complies with SLSA - this is Google's framework for ensuring the integrity of software artifacts throughout the software supply chain.

Early in April 2022, news broke that various users of Microsoft's GitHub platform had suffered unauthorised access to their private source code. GitHub, if you've never used it, is a cloud-based source code control system, best known for hosting the public repositories of many open source software projects.

Telecom company T-Mobile on Friday confirmed that it was the victim of a security breach in March after the LAPSUS$ mercenary gang managed to gain access to its networks. "T-Mobile, in a statement, said that the incident occurred"several weeks ago, with the "Bad actor" using stolen credentials to access internal systems.

A prolific threat group known for deploying distributed denial-of-service and cryptomining attacks is running a new botnet that is built using the Linux-based Gafgyt source code along with some code from the Mirai botnet malware. Keksec is using the Enemybot malware as a classic botnet, rolling up compromised Internet of Things devices into a larger botnet that can be used to launch DDoS attacks.