LastPass Limits Functionality of Its Free Tier

Hacker claims breach of big law firm Jones Day which denies it has been hacked, Two French hospital groups suffer RYUK attack in the same week, DHS starts filling cybersecurity void and more

Enjoying Metacurity? Please share this issue with your friends and colleagues!

Share Metacurity

In a move that will kill the app’s functionality for many users, popular password manager LastPass announced that starting March 16, users of its free tier will only be able to use the app either on computers or mobile devices, but not both.

That feature will only be available to users who have upgraded to LastPass Premium or Families, which costs between $36 and $48 per year.  (Lorenzo Franceschi-Bicchierai / Motherboard)

Related: Bleeping ComputerReddit - cybersecuritySlashGear » security, Macobserver, Lastpass

A hacker who goes by the name Clop claims to have stolen files belonging to the global law firm Jones Day and posted many of them on the dark web, although Jones Day denies it has been breached.

Jones Day, which counts many corporate and public figure luminaries among its clients, says that the hacker gained access to the files via file transfer company Accellion, the attack vector for many recent attacks. Clop, however, maintains they breached the firm directly and not through Accellion. (Tawnell D. Hobbs and Sara Randazzo / Wall Street Journal)

Related: SiliconANGLEAbove the LawBloomberg LawVICE NewsDaily MailRaw StoryThe Cyber Shafarat – Treadstone 71DataBreaches.netThe Hill: Cybersecurity

Ransomware attacks struck two French hospital groups within a week, the Villefranche-sur-Saône hospital group and the North-West Hospital group, forcing the transfer of some patients to other hospitals but not jeopardizing the care of COVID-19 patients.

One hospital identified the ransomware as RYUK, and France’s National Agency for the Security of Information Systems (ANSSI) is investigating. (France24)

Related: Euro Weekly News Spain

Researchers at Italian cybersecurity firm Shielder found a flaw in how secret chat handles animated stickers in communications app Telegram that could have exposed users' secret messages, photos, and videos to remote malicious actors.

Telegram fixed the flaws in a series of patches on September 30 and October 2, 2020. (Ravie Lakshmanan / The Hacker News)

Related: The New DailySecurity AffairsExploit OneSecurity Affairs, Shielder

Since Saturday, Kia Motors USA has been experiencing an outage affecting IT servers, self-payment phone services, dealer platforms, and phone support.

The outage, possibly due to a ransomware attack, is also affecting dealers' access to Kia's KGSIS (Kia Global Service Information System) and their KDealer platform. (Lawrence Abrams / Bleeping Computer)

Related: Exploit One

Digital identity proofing and passwordless authentication start-up 1Kosmos has raised $15 million in Series A funding from ForgePoint Capital.

1Kosmos says its security platform brings high identity and authentication assurance levels through advanced biometrics and a private blockchain ecosystem. (FinSMEs)

Related: Business Wire Technology News

Multi-cloud environment authentication start-up Strata has raised $11 million in a Series A round led by Menlo Ventures with support from ForgePoint Capital.

Strata claims it has “cracked the code” by allowing multiple cloud identity systems and older data center systems to be managed as one. (Mike Lennon / Security Week)

Related: Dark Reading, Business Wire

Nitin Natarajan was named the deputy director of the Cybersecurity and Infrastructure Security Agency (CISA), filling a leadership position at CISA that has been empty since November.

He previously held positions at the Environmental Protection Agency and the Department of Health and Human Services. He served as the director of critical infrastructure policy on the National Security Council under former President Obama. (Eric Geller / Politico)

Related: The Hill: CybersecurityInside Cybersecurity

Tim Maurer, director of the Cyber Policy Initiative at the Carnegie Endowment for International Peace, will be joining the Department of Homeland Security as a senior political appointee in the role of senior counselor for cybersecurity to Secretary Alejandro Mayorkas.

Maurer’s position has previously been occupied by DHS’s Cybersecurity and Infrastructure Agency, Brandon Wales, former CISA Director Chris Krebs, and CISA’s former assistant secretary for cybersecurity, Jeanette Manfra. (Tim Starks / Cyberscoop)

Related: Washington Post

Computer safety testing company Safety Detectives say that a vulnerability affecting baby monitors can potentially harmful parties with unauthorized access to each camera’s video stream.

The affected baby monitors are RTSP (Real-Time Streaming Protocol) devices that do not require authentication for unknown parties to connect. (Safety Detectives)


Photo by Markus Spiske on Unsplash