LastPass admits to severe data breach, encrypted password vaults stolen
The security breach that hit LastPass in August now appears to be more severe than the company disclosed. On Thursday, LastPass revealed that malicious actors “obtained a trove of personal information belonging to its customers that include their encrypted passwords by using data siphoned from the earlier break-in.” Also stolen was “basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service,” the company said. The August incident, which is still being investigated, involved hackers “accessing source code and proprietary technical information from its development environment via a single compromised employee account.”
Chris Inglis to resign as national cyber director
Inglis plans to retire from his position as a senior White House cybersecurity adviser. His decision was first reported by CNN and later confirmed to CyberScoop by three sources with direct knowledge of the matter. Inglis is currently traveling in Japan on a mission to strengthen “cyber collaboration.” Last year, President Biden nominated Inglis, who was the former deputy director of the National Security Agency, to lead the newly formed Office of the National Cyber Director (ONCD), requesting that he help develop an office that could bring “a unified approach to U.S. cybersecurity policy.”
Comcast Xfinity accounts hacked in widespread 2FA bypass attacks
Customers of Comcast Xfinity customers are reporting that their accounts are being hacked in attacks that are bypassing two-factor authentication, and which are being used to reset passwords for other services, such as the Coinbase and Gemini crypto exchanges. Many Xfinity email users began receiving notifications on December 19 that stated their account information had been changed. They found they were unable to access the accounts since the passwords had been changed. Those who were later able to gain access to their accounts found that a secondary email at the disposable @yopmail.com domain had been added to their profile.Â
GuLoader malware using new techniques to evade security software
Researchers at CrowdStrike have exposed a variety of techniques adopted by an advanced malware downloader called GuLoader to evade security software. GuLoader, also called CloudEyE, is a Visual Basic Script (VBS) downloader used to distribute remote access trojans on infected machines. It was first detected in the wild in 2019. A recent GuLoader sample unearthed by CrowdStrike exhibits a three-stage process wherein the VBScript is designed to deliver a next-stage that performs anti-analysis checks before injecting shellcode embedded within the VBScript into memory.
Thanks to this week’s episode sponsor, Tines
Microsoft fined $64 million by France over cookies used in Bing searches
CNIL, France’s digital privacy regulator, has fined Microsoft €60 million ($64 million) for not offering “clear enough instruction for users to reject cookies used for online ads, as part of the move to enforce Europe’s tightening data protection law.” The organization said Thursday that it “carried out several investigations on the Microsoft search engine Bing in September 2020 and May 2021 and found that the site dropped advertising cookies in users’ terminals without their explicit consent.” The website also lacked a button for users to reject cookies as simply as accepting them, CNIL said, where two clicks were required to refuse all cookies while only one was needed to accept them.
DuckDuckGo now blocks Google sign-in pop-ups on all sites
According to Bleeping Computer, “DuckDuckGo apps and extensions are now blocking Google Sign-in pop-ups on all its apps and browser extensions, removing what it perceives as an annoyance and a privacy risk for its users.” DuckDuckGo is a provider of a privacy-focused search engine, an email service, mobile apps, and data-protecting browser extensions. The company announced last Thursday that “all its Chrome, Firefox, Brave, and Microsoft Edge apps and browser extensions will now actively block Google sign-in prompts displayed on sites.”Â
Threat actor allegedly offers data of 400,000,000 Twitter users
A hacker who appears regularly on the Ryushi hacking forum is now promoting the sale of sensitive details that were stolen from over 400 million Twitter account users. “The hacker claims to have obtained access to the data through a vulnerability on the database and is ready to sell it for a hefty price of $400,000,000.” The hacker is also inviting Elon Musk or any of the Twitter staff to buy back the data to avoid penalties imposed by GDPR lawsuits ranging from $5.4m to $8.7m. The seller also stated that Escrow payments could cover the sale, under the control of the forum administrator, the infamous Pompompurin.
Experts warn of a critical Linux Kernel vulnerability
According to Security Affairs, “a critical Linux kernel vulnerability (CVSS score of 10) exposes SMB servers with KSMBD enabled to hack. KSMBD is a Linux kernel server that implements SMB3 protocol in kernel space for sharing files over the network. An unauthenticated, remote attacker can execute arbitrary code on vulnerable installations of the Linux Kernel. The vulnerability was discovered on July 26, 2022, by the researchers the Thalium Team at Thales Group, and was publicly disclosed on December 22, 2022.”