CYBER SECURITY NEWS – WEEK OF DECEMBER 26, 2022
LastPass says password vault data stolen in data breach
- Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that could be exposed by brute-forcing or guessing master passwords.
- The company, which is owned by GoTo (formerly LogMeIn), said the hackers broke into its network in August and used information from that hack to return and hijack customer data that included company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service.
- In addition, the unidentified actor was also able to copy a backup of customer vault data from an encrypted storage container, LastPass chief executive Karim Toubba said in a notice published on Thursday.
- The exposed container contained both unencrypted data, such as website URLs, as well as fully-encrypted sensitive fields such as website usernames and passwords, secure notes, and form-filled data, Toubba said.
DraftKings data breach impacts personal information of 68,000 customers
- Sports betting firm DraftKings says the personal data of 68,000 individuals has been compromised in a recent data breach.
- The incident, initially disclosed in November, was the result of a credential stuffing attack and not a breach of DraftKings’ systems, the company says.
- Credential stuffing involves the use of leaked credentials (usernames, email addresses, and passwords) obtained from a third-party source to access an account on a different service. Such attacks are successful only because some individuals use the same credentials for accounts on different services.
- DraftKings also announced at the time that the attackers withdrew roughly $300,000 from some of the compromised accounts, and that it would restore all the stolen funds.
France fines Microsoft 60 million euros over advertising cookies
- France’s privacy watchdog said Thursday it has fined US tech giant Microsoft 60 million euros ($64 million) for foisting advertising cookies on users.
- The French regulator said that after investigations it found that “when users visited this site, cookies were deposited on their terminal without their consent, while these cookies were used, among others, for advertising purposes.”
- It also “observed that there was no button allowing to refuse the deposit of cookies as easily as accepting it.”
Okta source code stolen by hackers
- Identity and access management solutions provider Okta this week informed customers that some of the company’s source code was stolen recently from its GitHub repositories.
- Okta was informed about the breach in early December by GitHub. An investigation showed that hackers accessed Okta’s repositories and copied code associated with Workforce Identity Cloud (WIC).
- The good news is that the source code should not contain any information that can pose a security risk for Okta products. In addition, the company says there is no evidence of unauthorized access to the Okta service or customer data, and Auth0 (Customer Identity Cloud) products are not impacted.
Ransomware attack causes disruption at British newspaper ‘The Guardian’
- British news organization The Guardian on Wednesday announced that a ransomware attack has been causing disruption to behind-the-scenes services.
- The 200-year-old media company told staff to work from home after being hit with ransomware on Tuesday night. The Guardian shut down some of its technology infrastructure, with the print newspaper being impacted the most.
- According to the company, the online publishing continues unaffected, but the disruption to some internal systems might impact Thursday’s print newspaper.
Ukraine’s Delta military intelligence program targeted by hackers
- Ukraine’s Computer Emergency Response Team (CERT-UA) revealed recently that users of the country’s Delta military intelligence program have been targeted with data-stealing malware.
- According to CERT-UA, the attackers have used hacked email accounts belonging to Ministry of Defense employees, as well as messaging applications, to send out messages informing recipients about the need to update certificates in the Delta system.
- The malicious messages carry documents containing links to archive files hosted on a fake Delta domain.
- These files are designed to deploy two pieces of malware onto compromised systems, including one named FateGrab, which harvests emails, databases, scripts and documents, and one called StealDeal, which collects internet browser and other data.