This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-09T23:25:12+00:00 www.secnews.physaphae.fr Dark Reading - Informationweek Branch CryptoChameleon attackers trade quantity for quality, dedicating time and resources to trick even the most diligent user into handing over their high-value credentials.]]> 2024-04-19T17:59:30+00:00 https://www.darkreading.com/cyberattacks-data-breaches/lastpass-users-lose-master-passwords-ultra-convincing-scam www.secnews.physaphae.fr/article.php?IdArticle=8485405 False None LastPass 2.0000000000000000 knowbe4 - cybersecurity services 2024-04-18T12:39:22+00:00 https://blog.knowbe4.com/lastpass-warns-deepfake-phishing www.secnews.physaphae.fr/article.php?IdArticle=8484713 False None LastPass 2.0000000000000000 Bleeping Computer - Magazine Américain LastPass is warning of a malicious campaign targeting its users with the CryptoChameleon phishing kit that is associated with cryptocurrency theft. [...]]]> 2024-04-18T10:56:41+00:00 https://www.bleepingcomputer.com/news/security/cybercriminals-pose-as-lastpass-staff-to-hack-password-vaults/ www.secnews.physaphae.fr/article.php?IdArticle=8484776 False Hack LastPass 2.0000000000000000 HackRead - Chercher Cyber Par waqas Cybercriminels utilisant DeepFakes pour cibler les entreprises!LastPass évite de justesse la rupture de sécurité après que l'employé a identifié un faux PDG dans WhatsApp Call.Lisez comment Lastpass exhorte la conscience de l'évolution des tactiques d'ingénierie sociale. Ceci est un article de HackRead.com Lire le post original: Lastpass Dodges Deepfake Scam: PDG Impination de tentative de contrepartie

---

>By Waqas Cybercriminals using deepfakes to target businesses! LastPass narrowly avoids security breach after employee identifies fake CEO in WhatsApp call. Read how LastPass is urging awareness against evolving social engineering tactics. This is a post from HackRead.com Read the original post: LastPass Dodges Deepfake Scam: CEO Impersonation Attempt Thwarted]]> 2024-04-12T16:11:57+00:00 https://www.hackread.com/lastpass-deepfake-scam-ceo-impersonation-thwarted/ www.secnews.physaphae.fr/article.php?IdArticle=8480843 False None LastPass 3.0000000000000000 Korben - Bloger francais 2024-04-12T09:12:43+00:00 https://korben.info/lastpass-attaque-deepfake-ratee-ciblant-employe.html www.secnews.physaphae.fr/article.php?IdArticle=8480650 False None LastPass 3.0000000000000000 SecurityWeek - Security News Lastpass cette semaine a révélé que l'un de ses employés était ciblé dans une attaque de phishing impliquant une technologie DeepFake.

---

>LastPass this week revealed that one of its employees was targeted in a phishing attack involving deepfake technology. ]]> 2024-04-12T08:50:12+00:00 https://www.securityweek.com/lastpass-employee-targeted-with-deepfake-calls/ www.secnews.physaphae.fr/article.php?IdArticle=8480615 False None LastPass 2.0000000000000000 Bleeping Computer - Magazine Américain LastPass revealed this week that threat actors targeted one of its employees in a voice phishing attack, using deepfake audio to impersonate Karim Toubba, the company\'s Chief Executive Officer. [...]]]> 2024-04-11T18:00:39+00:00 https://www.bleepingcomputer.com/news/security/lastpass-hackers-targeted-employee-in-failed-deepfake-ceo-call/ www.secnews.physaphae.fr/article.php?IdArticle=8480277 False Threat LastPass 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC cyberattacks can be tough. But there are several cybersecurity tips that can help defend against attacks. We\'ve gathered a list of 25 most effective tips for you to adopt and share with others. Top 25 cybersecurity tips for your business 1.    Keep your software up to date To stay safe from cyber threats like ransomware, it\'s essential to regularly update your software, including your operating system and applications. Updates often contain crucial security patches that fix vulnerabilities exploited by hackers. Enable automatic updates for your device and web browser, and ensure plugins like Flash and Java are also kept up to date. ]]> 2024-03-13T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/25-essential-cybersecurity-tips-and-best-practices-for-your-business www.secnews.physaphae.fr/article.php?IdArticle=8463764 False Ransomware,Malware,Tool,Vulnerability,Mobile,Cloud LastPass 2.0000000000000000 Ars Technica - Risk Assessment Security Hacktivism "LassPass" mimicked the name and logo of real LastPass password manager.]]> 2024-02-08T22:16:25+00:00 https://arstechnica.com/?p=2002178 www.secnews.physaphae.fr/article.php?IdArticle=8448184 False None LastPass 2.0000000000000000 The Register - Site journalistique Anglais No walled garden can keep out every weed, we suppose LastPass says a rogue application impersonating its popular password manager made it past Apple\'s gatekeepers and was listed in the iOS App Store for unsuspecting folks to download and install.…]]> 2024-02-08T21:59:40+00:00 https://go.theregister.com/feed/www.theregister.com/2024/02/08/lastpass_lookalike_apple_app_store/ www.secnews.physaphae.fr/article.php?IdArticle=8448169 False None LastPass 2.0000000000000000 Dark Reading - Informationweek Branch The fake app looks similar to the legitimate LastPass app in its branding, and it could be stealing users\' credentials.]]> 2024-02-08T17:52:06+00:00 https://www.darkreading.com/endpoint-security/lastpass-warns-password-app-apple-app-store www.secnews.physaphae.fr/article.php?IdArticle=8448104 False None LastPass 2.0000000000000000 HackRead - Chercher Cyber Par waqas N'oubliez pas, c'est LastPass Password Manager, pas LassPass Password Manager! Ceci est un article de HackRead.com Lire la publication originale: Faux applications LastPass Password Manager se cache sur iOS App Store

---

>By Waqas Remember, it is LastPass Password Manager, not LassPass Password Manager! This is a post from HackRead.com Read the original post: Fake LastPass Password Manager App Lurks on iOS App Store]]> 2024-02-08T17:48:00+00:00 https://www.hackread.com/fake-lastpass-password-manager-app-on-ios-store/ www.secnews.physaphae.fr/article.php?IdArticle=8448102 False None LastPass 2.0000000000000000 Bleeping Computer - Magazine Américain LastPass is warning that a fake copy of its app is being distributed on the Apple App Store, likely used as a phishing app to steal users\' credentials. [...]]]> 2024-02-08T12:02:26+00:00 https://www.bleepingcomputer.com/news/security/fake-lastpass-password-manager-spotted-on-apples-app-store/ www.secnews.physaphae.fr/article.php?IdArticle=8448078 False None LastPass 2.0000000000000000 TechRepublic - Security News US Looking for LastPass alternatives? Check out our list of the top password managers that offer secure and convenient options for managing your passwords.]]> 2024-01-22T20:19:09+00:00 https://www.techrepublic.com/article/lastpass-alternatives/ www.secnews.physaphae.fr/article.php?IdArticle=8441821 False None LastPass 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Password manager provider LastPass has started implementing stricter password measures for its customers]]> 2024-01-04T17:00:00+00:00 https://www.infosecurity-magazine.com/news/lastpass-enforces-12-character/ www.secnews.physaphae.fr/article.php?IdArticle=8434523 False None LastPass 3.0000000000000000 Dark Reading - Informationweek Branch A phased rollout will also prompt LastPass customers to re-enroll their accounts in multifactor authentication (MFA) to prevent future breaches.]]> 2024-01-03T20:00:00+00:00 https://www.darkreading.com/cybersecurity-operations/lastpass-hikes-password-requirements-12-characters www.secnews.physaphae.fr/article.php?IdArticle=8433878 False None LastPass 2.0000000000000000 TechRepublic - Security News US Explore the differences between NordPass and LastPass to determine which one is the best fit for your password management needs.]]> 2023-12-20T18:29:12+00:00 https://www.techrepublic.com/article/nordpass-vs-lastpass/ www.secnews.physaphae.fr/article.php?IdArticle=8426269 False None LastPass 2.0000000000000000 TechRepublic - Security News US Learn how to set up and use LastPass password manager. Start managing and storing your passwords with this step-by-step guide.]]> 2023-12-04T18:19:17+00:00 https://www.techrepublic.com/article/how-to-use-lastpass/ www.secnews.physaphae.fr/article.php?IdArticle=8419085 False None LastPass 2.0000000000000000 TechRepublic - Security News US LastPass\' recent data breaches make it hard to recommend as a viable password manager in 2023. Learn more in our full review below.]]> 2023-12-04T17:57:46+00:00 https://www.techrepublic.com/article/lastpass-review/ www.secnews.physaphae.fr/article.php?IdArticle=8419069 False None LastPass 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 2023-11-30T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/secure-browsing-a-guide-to-browsing-the-internet-safely www.secnews.physaphae.fr/article.php?IdArticle=8418027 False Malware,Tool,Vulnerability,Threat LastPass,LastPass 2.0000000000000000 Dark Reading - Informationweek Branch 2023-11-14T22:00:00+00:00 https://www.darkreading.com/remote-workforce/lastpass-launches-enhanced-user-interface-for-mobile-vault www.secnews.physaphae.fr/article.php?IdArticle=8412167 False None LastPass 2.0000000000000000 Bleeping Computer - Magazine Américain Hackers have stolen $4.4 million in cryptocurrency on October 25th using private keys and passphrases stored in stolen LastPass databases, according to research by crypto fraud researchers who have been researching similar incidents. [...]]]> 2023-10-30T18:46:52+00:00 https://www.bleepingcomputer.com/news/security/lastpass-breach-linked-to-theft-of-44-million-in-crypto/ www.secnews.physaphae.fr/article.php?IdArticle=8403169 False None LastPass,LastPass 4.0000000000000000 Krebs on Security - Chercheur Américain The password manager service LastPass is now forcing some of its users to pick longer master passwords. LastPass says the changes are needed to ensure all customers are protected by their latest security improvements. But critics say the move is little more than a public relations stunt that will do nothing to help countless early adopters whose password vaults were exposed in a 2022 breach at LastPass.]]> 2023-09-22T23:41:09+00:00 https://krebsonsecurity.com/2023/09/lastpass-horse-gone-barn-bolted-is-strong-password/ www.secnews.physaphae.fr/article.php?IdArticle=8386913 False None LastPass,LastPass 2.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain Brokedans Le réseau pour LastPass & # 8212; une base de données de mot de passe & # 8212; et vaulai des données de mot de passe avec des données cryptées et en texte clair pour plus de 25 millions d'utilisateurs? Eh bien, ils & # 8217; re maintenant En utilisant ces données , pénétrer dans les portefeuilles crypto et les égouter: 35 millions de dollars et compter, tous entrant dans un seul portefeuille. C'est un hack vraiment rentable.(C'est aussi un mauvais opsec. Les pirates doivent bouger et blanchir tout cet argent rapidement.) Regardez, je sais que les bases de données de mot de passe en ligne sont plus pratiques.Mais ils sont également risqués.C'est pourquoi mon mot de passe en toute sécurité ...

---

Remember last November, when hackers broke into the network for LastPass—a password database—and stole password vaults with both encrypted and plaintext data for over 25 million users? Well, they’re now using that data break into crypto wallets and drain them: $35 million and counting, all going into a single wallet. That’s a really profitable hack. (It’s also bad opsec. The hackers need to move and launder all that money quickly.) Look, I know that online password databases are more convenient. But they’re also risky. This is why my Password Safe...]]> 2023-09-18T11:02:52+00:00 https://www.schneier.com/blog/archives/2023/09/using-hacked-lastpass-keys-to-steal-cryptocurrency.html www.secnews.physaphae.fr/article.php?IdArticle=8384817 False None LastPass,LastPass 2.0000000000000000 The State of Security - Magazine Américain What\'s happened? CISA, the United States\'s Cybersecurity and Infrastructure Security Agency, has ordered federal agencies to patch their iPhones against vulnerabilities that can be used as part of a zero-click attack to install spyware from the notorious NSO Group. A "zero-click attack"? That\'s an attack that doesn\'t require any interaction from the user. Often times a malicious hacker requires a user to open an attached file, or visit a dangerous web link, in order to activate an attack. With a zero-click attack, the user doesn\'t have to do anything. So how does it work? In this particular...]]> 2023-09-14T10:03:42+00:00 https://www.tripwire.com/state-of-security/government-agencies-told-secure-iphones-against-spyware-attacks www.secnews.physaphae.fr/article.php?IdArticle=8382687 False Vulnerability LastPass 2.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain mettent à jourtes iPhones : Citizen Lab, Citizen Lab, affirme que deux jours zéro fixés par Apple aujourd'hui dans les mises à jour de sécurité d'urgence ont été activement abusés dans le cadre d'une chaîne d'exploitation zéro clique (surnommée BlastPass) pour déployer NSO Group & # 8217; Spyware commercial de Pegasus sur ENTIÈREMENTiPhones patchés. Les deux bogues, suivi comme CVE-2023-41064 et CVE-2023-41061 , a permis aux attaquants d'infecter un iPhone entièrement paires exécutant iOS 16.6 et appartenant à une organisation de la société civile basée à Washington DC via des pièces jointes Passkit contenant des images malveillantes. & # 8220; Nous appelons la chaîne d'exploitation comme BlastPass.La chaîne d'exploitation était capable de compromettre les iPhones exécutant la dernière version d'iOS (16,6) sans aucune interaction de la victime, & # 8221;Citizen Lab ...

---

Make sure you update your iPhones: Citizen Lab says two zero-days fixed by Apple today in emergency security updates were actively abused as part of a zero-click exploit chain (dubbed BLASTPASS) to deploy NSO Group’s Pegasus commercial spyware onto fully patched iPhones. The two bugs, tracked as CVE-2023-41064 and CVE-2023-41061, allowed the attackers to infect a fully-patched iPhone running iOS 16.6 and belonging to a Washington DC-based civil society organization via PassKit attachments containing malicious images. “We refer to the exploit chain as BLASTPASS. The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim,” Citizen Lab ...]]> 2023-09-13T11:13:39+00:00 https://www.schneier.com/blog/archives/2023/09/zero-click-exploit-in-iphones.html www.secnews.physaphae.fr/article.php?IdArticle=8382279 False None LastPass 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Federal agencies have one month to fix BlastPass vulnerabilities]]> 2023-09-12T09:00:00+00:00 https://www.infosecurity-magazine.com/news/us-government-ordered-patch-apple/ www.secnews.physaphae.fr/article.php?IdArticle=8381713 False Vulnerability LastPass 2.0000000000000000 SecurityWeek - Security News Des histoires remarquables qui auraient pu glisser sous le radar: le piratage de Vault Lastpass, la Russie cible les installations énergétiques en Ukraine, violation de données NXP

---

>Noteworthy stories that might have slipped under the radar: LastPass vault hacking, Russia targets energy facility in Ukraine, NXP data breach. ]]> 2023-09-08T12:44:31+00:00 https://www.securityweek.com/in-other-news-lastpass-vault-hacking-russia-targets-ukraine-energy-facility-nxp-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8380449 False None LastPass,LastPass 2.0000000000000000 ComputerWeekly - Computer Magazine 2023-09-08T09:30:00+00:00 https://www.computerweekly.com/news/366551552/Apple-patches-Blastpass-exploit-abused-by-spyware-makers www.secnews.physaphae.fr/article.php?IdArticle=8380436 False None LastPass 2.0000000000000000 Ars Technica - Risk Assessment Security Hacktivism "BLASTPASS" bug can install malware without user interaction.]]> 2023-09-07T22:47:27+00:00 https://arstechnica.com/?p=1966414 www.secnews.physaphae.fr/article.php?IdArticle=8380245 False Malware,Vulnerability LastPass 2.0000000000000000 Dark Reading - Informationweek Branch Researchers at Citizen Lab recommend immediately updating any iPhones and iPads to the latest OSes.]]> 2023-09-07T20:30:00+00:00 https://www.darkreading.com/vulnerabilities-threats/apple-hit-by-two-no-click-zero-days-in-blastpass-exploit-chain www.secnews.physaphae.fr/article.php?IdArticle=8380219 False None LastPass 3.0000000000000000 Krebs on Security - Chercheur Américain In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious people throughout the tech industry has led some security experts to conclude that crooks likely have succeeded at cracking open some of the stolen LastPass vaults.]]> 2023-09-06T00:21:07+00:00 https://krebsonsecurity.com/2023/09/experts-fear-crooks-are-cracking-keys-stolen-in-lastpass-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8379378 False None LastPass,LastPass 3.0000000000000000 Dark Reading - Informationweek Branch 2023-08-09T21:36:00+00:00 https://www.darkreading.com/endpoint/lastpass-announces-availability-of-fido2-authenticators-for-passwordless-login www.secnews.physaphae.fr/article.php?IdArticle=8368092 False None LastPass,LastPass 2.0000000000000000 BlackBerry - Fabricant Matériel et Logiciels The threat actor behind the RomCom RAT has been particularly active since Russia\'s invasion of Ukraine. In this report, we provide behavioral detection tips and YARA rules to detect exploits and payloads from RomCom\'s recent campaigns. ]]> 2023-07-25T08:01:00+00:00 https://blogs.blackberry.com/en/2023/07/decoding-romcom-behaviors-and-opportunities-for-detection www.secnews.physaphae.fr/article.php?IdArticle=8393077 False Threat LastPass 2.0000000000000000 Bleeping Computer - Magazine Américain LastPass password manager users have been experiencing significant login issues starting early May after being prompted to reset their authenticator apps.  [...]]]> 2023-06-24T10:15:30+00:00 https://www.bleepingcomputer.com/news/security/lastpass-users-furious-after-being-locked-out-due-to-mfa-resets/ www.secnews.physaphae.fr/article.php?IdArticle=8348921 False None LastPass,LastPass 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Recent data breaches across CircleCI, LastPass, and Okta underscore a common theme: The enterprise SaaS stacks connected to these industry-leading apps can be at serious risk for compromise. CircleCI, for example, plays an integral, SaaS-to-SaaS role for SaaS app development. Similarly, tens of thousands of organizations rely on Okta and LastPass security roles for SaaS identity and access]]> 2023-04-19T16:02:00+00:00 https://thehackernews.com/2023/04/uncovering-and-understanding-hidden.html www.secnews.physaphae.fr/article.php?IdArticle=8329310 False Cloud LastPass,LastPass 2.0000000000000000 Dark Reading - Informationweek Branch Devastating cyberattacks often can be prevented with basic cybersecurity measures.]]> 2023-04-12T14:00:00+00:00 https://www.darkreading.com/attacks-breaches/lastpass-breach-reveals-important-lessons www.secnews.physaphae.fr/article.php?IdArticle=8327085 False None LastPass,LastPass 3.0000000000000000 Security Intelligence - Site de news Américain When it comes to password managers, LastPass has been one of the most prominent players in the market. Since 2008, the company has focused on providing secure and convenient solutions to consumers and businesses. Or so it seemed. LastPass has been in the news recently for all the wrong reasons, with multiple reports of data […] ]]> 2023-04-11T13:00:00+00:00 https://securityintelligence.com/articles/whats-going-on-with-lastpass-and-is-it-safe-to-use/ www.secnews.physaphae.fr/article.php?IdArticle=8326636 False None LastPass,LastPass 2.0000000000000000 SecurityWeek - Security News CISA has added vulnerabilities in Plex Media Server and VMware NSX-V to its Known Exploited Vulnerabilities catalog. ]]> 2023-03-13T14:32:01+00:00 https://www.securityweek.com/cisa-warns-of-plex-vulnerability-linked-to-lastpass-hack/ www.secnews.physaphae.fr/article.php?IdArticle=8318101 False Hack,Vulnerability LastPass,LastPass 3.0000000000000000 Bleeping Computer - Magazine Américain 2023-03-11T11:28:14+00:00 https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-plex-bug-after-lastpass-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8317619 False Vulnerability LastPass,LastPass 3.0000000000000000 Intigrity - Blog Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources. This issue covers the weeks from February 27th to March 5th Intigriti News From my notebook […] ]]> 2023-03-08T11:25:00+00:00 https://blog.intigriti.com/2023/03/08/bug-bytes-195-lastpass-discovery-learning-to-code-and-a-complete-guide-to-ssrf/ www.secnews.physaphae.fr/article.php?IdArticle=8316649 False None LastPass,LastPass 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2023-03-07T11:51:00+00:00 https://thehackernews.com/2023/03/lastpass-hack-engineers-failure-to.html www.secnews.physaphae.fr/article.php?IdArticle=8316205 False Data Breach LastPass,LastPass 2.0000000000000000 Silicon - Site de News Francais 2023-03-06T13:34:57+00:00 https://www.silicon.fr/piratage-lastpass-situation-trois-points-459707.html www.secnews.physaphae.fr/article.php?IdArticle=8315972 False None LastPass,LastPass 3.0000000000000000 01net. Actualites - Securite - Magazine Francais On continue d'en apprendre davantage sur le piratage de LastPass. D'après une nouvelle révélation, le vol des mots de passe a été rendu possible par la négligence d'un développeur en matière de sécurité informatique.]]> 2023-03-06T12:00:27+00:00 https://www.01net.com/actualites/piratage-lastpass-grave-negligence-origine-vol.html www.secnews.physaphae.fr/article.php?IdArticle=8315959 False None LastPass 2.0000000000000000 TechRepublic - Security News US LastPass attacks began with a hacked employee's home computer. The investigation now reveals the password manager company's data vault was compromised. ]]> 2023-03-04T15:18:08+00:00 https://www.techrepublic.com/article/lastpass-releases-new-security-incident-disclosure-recommendations/ www.secnews.physaphae.fr/article.php?IdArticle=8315599 False None LastPass,LastPass 3.0000000000000000 Wired Threat Level - Security News 2023-03-04T14:00:00+00:00 https://www.wired.com/story/lastpass-engineer-breach-security-roundup/ www.secnews.physaphae.fr/article.php?IdArticle=8315583 False Hack LastPass,LastPass 3.0000000000000000 Recorded Future - FLux Recorded Future Plex defended the security of its software after reports said it allowed hackers to get a foothold in a LastPass employee's computer]]> 2023-03-01T13:17:45+00:00 https://therecord.media/plex-unaware-of-vulnerabilities-lastpass-hacked/ www.secnews.physaphae.fr/article.php?IdArticle=8314616 False None LastPass 3.0000000000000000 01net. Actualites - Securite - Magazine Francais LastPass est longuement revenu sur les deux attaques informatiques de l'année dernière. Après enquête, le gestionnaire a finalement découvert comment des pirates sont parvenus à s'emparer des mots de passe de ses clients.]]> 2023-03-01T11:30:48+00:00 https://www.01net.com/actualites/lastpass-revele-comment-hackers-vole-mots-passe.html www.secnews.physaphae.fr/article.php?IdArticle=8314598 False None LastPass 2.0000000000000000 Dark Reading - Informationweek Branch 2023-02-28T22:32:00+00:00 https://www.darkreading.com/endpoint/lastpass-devops-engineer-targeted-cloud-decryption-keys-breach-revelation www.secnews.physaphae.fr/article.php?IdArticle=8314407 False Cloud LastPass 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine 2023-02-28T17:00:00+00:00 https://www.infosecurity-magazine.com/news/lastpass-data-breach-update/ www.secnews.physaphae.fr/article.php?IdArticle=8314201 True Threat LastPass 2.0000000000000000 Recorded Future - FLux Recorded Future Password management service LastPass now says a well-publicized 2022 incident stemmed from an intrusion on one engineer's home computer]]> 2023-02-28T13:50:41+00:00 https://therecord.media/lastpass-attacker-hacked-engineers-home-computer-keylogger/ www.secnews.physaphae.fr/article.php?IdArticle=8314157 False None LastPass 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2023-02-28T11:46:00+00:00 https://thehackernews.com/2023/02/lastpass-reveals-second-attack.html www.secnews.physaphae.fr/article.php?IdArticle=8314086 False Data Breach,Threat LastPass 1.00000000000000000000 InformationSecurityBuzzNews - Site de News Securite 2023-02-28T09:42:43+00:00 https://informationsecuritybuzz.com/lastpass-devops-engineer-breached-password/ www.secnews.physaphae.fr/article.php?IdArticle=8314105 False Threat,Cloud LastPass 1.00000000000000000000 ComputerWeekly - Computer Magazine 2023-02-28T07:45:00+00:00 https://www.computerweekly.com/news/365531867/LastPass-attack-saw-employees-home-computer-hacked www.secnews.physaphae.fr/article.php?IdArticle=8314145 False None LastPass 1.00000000000000000000 Naked Security - Blog sophos 2023-02-28T02:23:16+00:00 https://nakedsecurity.sophos.com/2023/02/28/lastpass-the-crooks-used-a-keylogger-to-crack-a-corporatre-password-vault/ www.secnews.physaphae.fr/article.php?IdArticle=8314055 False None LastPass 2.0000000000000000 Ars Technica - Risk Assessment Security Hacktivism 2023-02-28T01:01:59+00:00 https://arstechnica.com/?p=1920551 www.secnews.physaphae.fr/article.php?IdArticle=8314047 False None LastPass 1.00000000000000000000 Bleeping Computer - Magazine Américain 2023-02-27T20:40:56+00:00 https://www.bleepingcomputer.com/news/security/lastpass-devops-engineer-hacked-to-steal-password-vault-data-in-2022-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8314048 False Threat,Cloud LastPass 2.0000000000000000 SecurityWeek - Security News LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud storage resources. ]]> 2023-02-27T20:40:16+00:00 https://www.securityweek.com/lastpass-says-devops-engineer-home-computer-hacked/ www.secnews.physaphae.fr/article.php?IdArticle=8313961 False Malware,Cloud LastPass 1.00000000000000000000 Dark Reading - Informationweek Branch 2023-02-20T14:01:00+00:00 https://www.darkreading.com/edge-articles/despite-breach-lastpass-demonstrates-the-power-of-password-management www.secnews.physaphae.fr/article.php?IdArticle=8311886 False None LastPass 3.0000000000000000 Silicon - Site de News Francais 2023-01-26T08:40:44+00:00 https://www.silicon.fr/lastpass-pirate-maison-mere-goto-aussi-456875.html www.secnews.physaphae.fr/article.php?IdArticle=8304140 False None LastPass 2.0000000000000000 Dark Reading - Informationweek Branch 2023-01-25T19:35:00+00:00 https://www.darkreading.com/application-security/goto-encrypted-backups-stolen-lastpass-breach www.secnews.physaphae.fr/article.php?IdArticle=8304036 False None LastPass 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2023-01-25T13:13:00+00:00 https://thehackernews.com/2023/01/lastpass-parent-company-goto-suffers.html www.secnews.physaphae.fr/article.php?IdArticle=8303885 False Threat LastPass 2.0000000000000000 Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Malicious ‘Lolip0p’ PyPi Packages Install Info-Stealing Malware (published: January 16, 2023) On January 10, 2023, Fortinet researchers detected actor Lolip0p offering malicious packages on the Python Package Index (PyPI) repository. The packages came with detailed, convincing descriptions pretending to be legitimate HTTP clients or, in one case, a legitimate improvement for a terminal user interface. Installation of the libraries led to infostealing malware targeting browser data and authentication (Discord) tokens. Analyst Comment: Free repositories such as PyPI become increasingly abused by threat actors. Before adding a package, software developers should review its author and reviews, and check the source code for any suspicious or malicious intent. MITRE ATT&CK: [MITRE ATT&CK] T1204 - User Execution | [MITRE ATT&CK] T1555 - Credentials From Password Stores Tags: actor:Lolip0p, Malicious package, malware-type:Infostealer, Discord, PyPi, Social engineering, Windows Analysis of FG-IR-22-398 – FortiOS - Heap-Based Buffer Overflow in SSLVPNd (published: January 11, 2023) In December 2022, the Fortinet network security company fixed a critical, heap-based buffer overflow vulnerability (FG-IR-22-398, CVE-2022-42475) in FortiOS SSL-VPN. The vulnerability was exploited as a zero-day by an advanced persistent threat (APT) actor who was customizing a Linux implant specifically for FortiOS of relevant FortiGate hardware versions. The targeting was likely aimed at governmental or government-related targets. The attribution is not clear, but the compilation timezone UTC+8 may point to China, Russia, and some other countries. Analyst Comment: Users of the affected products should make sure that the December 2022 FortiOS security updates are implemented. Zero-day based attacks can sometimes be detected by less conventional methods, such as behavior analysis, and heuristic and machine learning based detection systems. Network defenders are advised to monitor for suspicious traffic, such as suspicious TCP sessions with Get request for payloads. MITRE ATT&CK: [MITRE ATT&CK] T1622 - Debugger Evasion | [MITRE ATT&CK] T1190 - Exploit Public-Facing Application | [MITRE ATT&CK] T1105 - Ingress Tool Transfer | [MITRE ATT&CK] T1090 - Proxy | [MITRE ATT&CK] T1070 - Indicator Removal On Host Tags: FG-IR-22-398, CVE-2022-42]]> 2023-01-18T16:35:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-fortios-zero-day-has-been-exploited-by-an-apt-two-rats-spread-by-four-types-of-jar-polyglot-files-promethium-apt-continued-android-targeting www.secnews.physaphae.fr/article.php?IdArticle=8302291 False Malware,Tool,Vulnerability,Threat,Guideline LastPass 2.0000000000000000 Global Security Mag - Site de news francais Product Reviews]]> 2023-01-17T14:22:28+00:00 https://www.globalsecuritymag.fr/Action1-Provides-Free-Tool-to-Eliminate-Organizations-Exposure-to-Compromise.html www.secnews.physaphae.fr/article.php?IdArticle=8301866 False Tool LastPass 3.0000000000000000 Security Intelligence - Site de news Américain In November 2022, LastPass had its second security breach in four months. Although company CEO Karim Toubba assured customers they had nothing to worry about, the incident didn’t inspire confidence in the world’s leading password manager application.  Password managers have one vital job: keep your sensitive login credentials secret, so your accounts remain secure. When hackers […] ]]> 2023-01-17T14:00:00+00:00 https://securityintelligence.com/articles/future-of-password-managers/ www.secnews.physaphae.fr/article.php?IdArticle=8301862 False Guideline LastPass 2.0000000000000000 The Register - Site journalistique Anglais 2023-01-16T11:30:11+00:00 https://go.theregister.com/feed/www.theregister.com/2023/01/16/dump_lastpass_bitwarden/ www.secnews.physaphae.fr/article.php?IdArticle=8301473 False None LastPass 3.0000000000000000 Dark Reading - Informationweek Branch 2023-01-13T18:03:04+00:00 https://www.darkreading.com/attacks-breaches/circleci-lastpass-okta-slack-cyberattackers-target-enterprise-tools www.secnews.physaphae.fr/article.php?IdArticle=8300927 False Threat LastPass 4.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber The U.S. famously does not have a federal privacy law and instead relies on 50 different state laws governing breach notification. ]]> 2023-01-11T14:00:00+00:00 https://www.cyberscoop.com/lastpass-breach-notification-privacy/ www.secnews.physaphae.fr/article.php?IdArticle=8300014 False None LastPass 2.0000000000000000 CSO - CSO Daily Dashboard unauthorized access to its development environment in August last year, serious vulnerabilities in 2017, a phishing attack in 2016, and a data breach in 2015.To read this article in full, please click here]]> 2023-01-11T02:00:00+00:00 https://www.csoonline.com/article/3684790/timeline-of-the-latest-lastpass-data-breaches.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8299921 False None LastPass 3.0000000000000000 OpalSec - Blog Sécu 2023-01-07T03:08:58+00:00 https://opalsec.substack.com/p/last-call-for-lastpass www.secnews.physaphae.fr/article.php?IdArticle=8301546 False None LastPass 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2023-01-05T16:21:00+00:00 https://thehackernews.com/2023/01/mitigate-lastpass-attack-surface-in.html www.secnews.physaphae.fr/article.php?IdArticle=8298096 False Tool LastPass 3.0000000000000000 SC Magazine - Magazine 2023-01-05T11:35:01+00:00 https://www.scmagazine.com/podcast-segment/roblox-prison-3ds-rce-puckungfu-google-home-wiretaps-lastpass-hack-psw-768 www.secnews.physaphae.fr/article.php?IdArticle=8298234 False Hack LastPass 1.00000000000000000000 Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence PyTorch Discloses Malicious Dependency Chain Compromise Over Holidays (published: January 1, 2023) Between December 25th and December 30th, 2022, users who installed PyTorch-nightly were targeted by a malicious library. The malicious torchtriton dependency on PyPI uses the dependency confusion attack by having the same name as the legitimate one on the PyTorch repository (PyPI takes precedence unless excluded). The actor behind the malicious library claims that it was part of ethical research and that he alerted some affected companies via HackerOne programs (Facebook was allegedly alerted). At the same time the library’s features are more aligned with being a malware than a research project. The code is obfuscated, it employs anti-VM techniques and doesn’t stop at fingerprinting. It exfiltrates passwords, certain files, and the history of Terminal commands. Stolen data is sent to the C2 domain via encrypted DNS queries using the wheezy[.]io DNS server. Analyst Comment: The presence of the malicious torchtriton binary can be detected, and it should be uninstalled. PyTorch team has renamed the 'torchtriton' library to 'pytorch-triton' and reserved the name on PyPI to prevent similar attacks. Opensource repositories and apps are a valuable asset for many organizations but adoption of these must be security risk assessed, appropriately mitigated and then monitored to ensure ongoing integrity. MITRE ATT&CK: [MITRE ATT&CK] T1195.001 - Supply Chain Compromise: Compromise Software Dependencies And Development Tools | [MITRE ATT&CK] T1027 - Obfuscated Files Or Information | [MITRE ATT&CK] Picus: The System Information Discovery Technique Explained - MITRE ATT&CK T1082 | [MITRE ATT&CK] T1003.008 - OS Credential Dumping: /Etc/Passwd And /Etc/Shadow | [MITRE ATT&CK] T1041 - Exfiltration Over C2 Channel Tags: Dependency confusion, Dependency chain compromise, PyPI, PyTorch, torchtriton, Facebook, Meta AI, Exfiltration over DNS, Linux Linux Backdoor Malware Infects WordPress-Based Websites (published: December 30, 2022) Doctor Web researchers have discovered a new Linux backdoor that attacks websites based on the WordPress content management system. The latest version of the backdoor exploits 30 vulnerabilities in outdated versions of WordPress add-ons (plugins and themes). The exploited website pages are injected with a malicious JavaScript that intercepts all users clicks on the infected page to cause a malicious redirect. Analyst Comment: Owners of WordPress-based websites should keep all the components of the platform up-to-date, including third-party add-ons and themes. Use ]]> 2023-01-04T16:30:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-machine-learning-toolkit-targeted-by-dependency-confusion-multiple-campaigns-hide-in-google-ads-lazarus-group-experiments-with-bypassing-mark-of-the-web www.secnews.physaphae.fr/article.php?IdArticle=8297872 False Malware,Tool,Vulnerability,Threat,Patching,Medical APT 38,LastPass 2.0000000000000000 knowbe4 - cybersecurity services ]]> 2023-01-04T14:30:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-01-heads-up-giant-lastpass-breach-can-supercharge-spear-phishing-attacks www.secnews.physaphae.fr/article.php?IdArticle=8297835 False None LastPass 2.0000000000000000 CSO - CSO Daily Dashboard LastPass breach that exposed an encrypted backup of a database of saved passwords. For organizations with high security requirements, that leaves hardware-based login options such as FIDO devices.To read this article in full, please click here]]> 2023-01-04T02:00:00+00:00 https://www.csoonline.com/article/3684275/why-it-might-be-time-to-consider-using-fido-based-authentication-devices.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8297735 False None LastPass 2.0000000000000000 Silicon - Site de News Francais 2023-01-03T10:03:59+00:00 https://www.silicon.fr/lastpass-pirate-comment-reagit-concurrence-455490.html www.secnews.physaphae.fr/article.php?IdArticle=8297400 False None LastPass 3.0000000000000000 01net. Actualites - Securite - Magazine Francais Une semaine après l'annonce que des hackers ont pu accéder aux coffres-forts de ses utilisateurs, de nombreux experts critiquent ouvertement la communication de LastPass, jugée mensongère, lénifiante, et sa sécurité insuffisante.]]> 2022-12-30T07:49:32+00:00 https://www.01net.com/actualites/mensonges-ehontes-chiffrement-de-merde-lastpass-est-violemment-critique-pour-ses-declarations-et-sa-securite.html www.secnews.physaphae.fr/article.php?IdArticle=8295948 False None LastPass 2.0000000000000000 Wired Threat Level - Security News 2022-12-28T19:53:16+00:00 https://www.wired.com/story/lastpass-breach-vaults-password-managers/ www.secnews.physaphae.fr/article.php?IdArticle=8295615 False Data Breach LastPass 2.0000000000000000 knowbe4 - cybersecurity services ]]> 2022-12-28T19:27:36+00:00 https://blog.knowbe4.com/heads-up-lastpass-attack-could-supercharge-spear-phishing-attacks www.secnews.physaphae.fr/article.php?IdArticle=8295623 False None LastPass 2.0000000000000000 Checkpoint Research - Fabricant Materiel Securite For the latest discoveries in cyber research for the week of 26th December, please download our Threat_Intelligence Bulletin TOP ATTACKS AND BREACHES LastPass revealed that it has been breached for the second time this year, an event that resulted in attackers stealing customer encrypted password vaults and additional account information. The breach was achieved after […] ]]> 2022-12-26T15:09:29+00:00 https://research.checkpoint.com/2022/26th-december-threat-intelligence-report/ www.secnews.physaphae.fr/article.php?IdArticle=8300124 False Threat LastPass 3.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain reported a security breach, saying that no customer information—or passwords—were compromised. Turns out the full story is worse: While no customer data was accessed during the August 2022 incident, some source code and technical information were stolen from our development environment and used to target another employee, obtaining credentials and keys which were used to access and decrypt some storage volumes within the cloud-based storage service. […] To date, we have determined that once the cloud storage access key and dual storage container decryption keys were obtained, the threat actor copied information from backup that contained basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service...]]> 2022-12-26T12:06:18+00:00 https://www.schneier.com/blog/archives/2022/12/lastpass-breach.html www.secnews.physaphae.fr/article.php?IdArticle=8294959 False Threat LastPass 3.0000000000000000 Naked Security - Blog sophos 2022-12-23T17:58:52+00:00 https://nakedsecurity.sophos.com/2022/12/23/lastpass-finally-admits-they-did-steal-your-password-vaults-after-all/ www.secnews.physaphae.fr/article.php?IdArticle=8294256 False None LastPass 1.00000000000000000000 Dark Reading - Informationweek Branch 2022-12-23T17:39:00+00:00 https://www.darkreading.com/attacks-breaches/lastpass-massive-breach-including-customer-vault-data www.secnews.physaphae.fr/article.php?IdArticle=8296179 False None LastPass 1.00000000000000000000 InformationSecurityBuzzNews - Site de News Securite 2022-12-23T11:48:55+00:00 https://informationsecuritybuzz.com/lastpass-latest-data-breach-exposes-customer-passwords/ www.secnews.physaphae.fr/article.php?IdArticle=8294177 False Data Breach LastPass 1.00000000000000000000 Silicon - Site de News Francais 2022-12-23T10:08:05+00:00 https://www.silicon.fr/lastpass-pirate-finalement-serieux-455398.html www.secnews.physaphae.fr/article.php?IdArticle=8294162 False None LastPass 1.00000000000000000000 InfoSecurity Mag - InfoSecurity Magazine 2022-12-23T10:00:00+00:00 https://www.infosecurity-magazine.com/news/lastpass-customer-vault-data-was/ www.secnews.physaphae.fr/article.php?IdArticle=8294150 False None LastPass 1.00000000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-12-23T09:37:00+00:00 https://thehackernews.com/2022/12/lastpass-admits-to-severe-data-breach.html www.secnews.physaphae.fr/article.php?IdArticle=8294096 False None LastPass 1.00000000000000000000 01net. Actualites - Securite - Magazine Francais LastPass, un des gestionnaires de mot de passe les plus populaires au monde, a déclaré que de nombreuses informations personnelles de ses utilisateurs sont aujourd'hui entre les mains de hackers. Les mots de passes cryptées et autres données stockées dans les coffres-forts des clients sont aussi concernés.]]> 2022-12-23T07:06:49+00:00 https://www.01net.com/actualites/vous-utilisez-lastpass-les-hackers-ont-maintenant-vos-mots-de-passe.html www.secnews.physaphae.fr/article.php?IdArticle=8294126 False None LastPass 4.0000000000000000 The Register - Site journalistique Anglais August 2022 attack on its systems saw unknown parties copy encrypted files that contains the passwords to their accounts.…]]> 2022-12-23T06:35:07+00:00 https://go.theregister.com/feed/www.theregister.com/2022/12/23/lastpass_attack_update/ www.secnews.physaphae.fr/article.php?IdArticle=8294112 False None LastPass 2.0000000000000000 TroyHunt - Blog Security 2022-12-22T22:43:39+00:00 https://arstechnica.com/?p=1906575 www.secnews.physaphae.fr/article.php?IdArticle=8294007 False None LastPass 2.0000000000000000 SecurityWeek - Security News 2022-12-22T21:07:44+00:00 https://www.securityweek.com/lastpass-says-password-vault-data-stolen-data-breach www.secnews.physaphae.fr/article.php?IdArticle=8293994 False Data Breach LastPass 1.00000000000000000000 Bleeping Computer - Magazine Américain 2022-12-22T16:12:09+00:00 https://www.bleepingcomputer.com/news/security/lastpass-hackers-stole-customer-vault-data-in-cloud-storage-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8293802 False None LastPass 1.00000000000000000000 Wired Threat Level - Security News 2022-12-03T14:00:00+00:00 https://www.wired.com/story/china-zero-covid-protest-crackdown/ www.secnews.physaphae.fr/article.php?IdArticle=8287274 False None LastPass 2.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain was hacked, and customer information accessed. No passwords were compromised.]]> 2022-12-02T12:09:45+00:00 https://www.schneier.com/blog/archives/2022/12/lastpass-security-breach.html www.secnews.physaphae.fr/article.php?IdArticle=8286626 False Data Breach LastPass 3.0000000000000000 Naked Security - Blog sophos 2022-12-02T01:10:59+00:00 https://nakedsecurity.sophos.com/2022/12/02/lastpass-admits-to-customer-data-breach-caused-by-previous-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8286494 False Data Breach LastPass 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-12-01T15:05:00+00:00 https://thehackernews.com/2022/12/lastpass-suffers-another-security.html www.secnews.physaphae.fr/article.php?IdArticle=8286200 False None LastPass 2.0000000000000000 01net. Actualites - Securite - Magazine Francais Dans un article de blog, la société éditrice du gestionnaire de mot de passe LastPass annonce que des pirates ont eu accès au service de stockage dans le cloud utilisé par l'entreprise. Les hackers auraient eu accès à certaines données utilisateurs.]]> 2022-12-01T13:15:28+00:00 https://www.01net.com/actualites/lastpass-une-nouvelle-faille-de-securite-expose-les-donnees-des-utilisateurs.html www.secnews.physaphae.fr/article.php?IdArticle=8286271 False None LastPass 3.0000000000000000 SecurityWeek - Security News 2022-12-01T11:47:33+00:00 https://www.securityweek.com/goto-lastpass-notify-customers-new-data-breach-related-previous-incident www.secnews.physaphae.fr/article.php?IdArticle=8286227 False Data Breach LastPass 2.0000000000000000 Security Affairs - Blog Secu LastPass disclosed a new security breach, threat actors had access to its cloud storage using information stolen in the August 2022 breach. Password management solution LastPass disclosed a new security breach, the attackers had access to a third-party cloud storage service using information stolen in the August 2022 breach. The impacted cloud storage service is […] ]]> 2022-12-01T07:33:53+00:00 https://securityaffairs.co/wordpress/139136/data-breach/lastpass-second-security-breach.html www.secnews.physaphae.fr/article.php?IdArticle=8286161 False Threat LastPass 4.0000000000000000 TechRepublic - Security News US Take advantage of this limited-time offer on LastPass. A LastPass Premium membership is now available for only $2 per month. ]]> 2022-10-13T09:15:34+00:00 https://www.techrepublic.com/article/lastpass-premium-discount/ www.secnews.physaphae.fr/article.php?IdArticle=7431338 False None LastPass None