LastPass Users Report Mysterious Blocked Logins That Use Master Login Passwords

Users of QNAP NAS devices report eCh0raix ransomware attacks, Garrett walk-through metal detectors vulnerable to flaws, Supply chain company D.W. Morgan leaked data on shipments, customers, more

At least thirteen password storage company LastPass users report receiving notices of mysteriously blocked logins that use their accounts’ master login passwords despite storing those master logins in local encrypted KeePassX files. The blocked login reports are coming from various places worldwide.

Possible explanations for the activity include hackers using clipboard scrapers to obtain the master password when users cut and paste the password into LastPass, errant messages due to VPN usage, hackers gaining access to users’ unprotected files that store the password, credential stuffing attacks that use stolen passwords, or some problem stemming from a 2017 LastPass breach. (News.ycombinator.com)

Ewan Leith @EwanToo

If you're a @LastPass user it's seriously worth considering changing your master key based on this thread, looks like there's a non-trivial security event happening Ask HN: How did my LastPass master password get leaked? | Hacker Newsnews.ycombinator.com

December 27th 2021

177 Retweets235 Likes

Kevin Beaumont @GossiTheDog

LastPass might be having some kind of credential stuffing incident, with master passwords.

December 27th 2021

148 Retweets714 Likes

Users of QNAP network-attached storage (NAS) devices are reporting attacks on their systems with the eCh0raix ransomware, also known as QNAPCrypt, with activity intensifying about a week before Christmas when the attacker took control of the devices with administrator privileges.

The initial infection vector remains unclear, although some users admit they didn’t take steps to secure their devices fully. Ransomware demands ranging from .024 ($1,200) to .06 bitcoins ($3,000) during these recent attacks. (Ionut Ilascu / Bleeping Computer)

tresronours cybersec @tresronours

"QNAP NAS devices hit in surge of ech0raix ransomware attacks" connected=hacked Article link to Qnap recommendations to try to reduce the likelihood of a compromise of your device and data. #cybersecurity #qnap #ransomware QNAP NAS devices hit in surge of ech0raix ransomware attacksUsers of QNAP network-attached storage (NAS) devices are reporting attacks on their systems with the eCh0raix ransomware, also known as QNAPCrypt.lnkd.in

December 28th 2021

1 Retweet

Researchers at Cisco Talos discovered that two widely used walk-through metal detectors made by Garrett are vulnerable to many remotely exploitable flaws that could severely impair their functionality, thus rendering security checkpoints deficient.

Cisco Talos disclosed the flaws to Garrett on August 17, 2021, and the vendor fixed the identified issues on December 13, 2021. (Bill Toulas / Bleeping Computer)

Related: The Hacker News, Cisco Talos, Tech Times, Ubergizmo

The Website Planet security team discovered that an Amazon S3 bucket owned by D.W. Morgan, a multinational supply chain management and logistics company based in the United States, was left accessible without authorization controls in place, exposing sensitive data relating to shipments and the company’s clients.

The exposed data encompassed over 2.5 million files equating to over 100GB of data. (Website Planet)

Related: Security Affairs, Hack Read

UK Minister of State for Security and Borders Damian Hinds says the UK has added Iran to its list of hostile nations, along with Russia, China, and North Korea.

"The three countries that I mentioned to you have physical human capability, they have a big cyber presence, they're able to deploy at scale," Hinds said, referring to Iran, Russia, and China. (Iran International)

Related: Republic World, Chinanews.net, Telegraph

Although Israel’s most notorious spyware purveyor, NSO Group, has been battered in recent months by revelations of high-profile use of its technology against leading political and human rights figures, governments are more likely than ever to buy cyber capabilities from the industry NSO helped define.

Despite the legal and political black eyes endured by NSO and its peers, military contracting giants across the world now develop and sell these capabilities. Spyware technologies are also increasingly used in legitimate criminal investigations and counterterrorism and are key to espionage and military operations. (Patrick Howell O’Neill / Technology Review)

Chris Wysopal @WeldPond

The demand for what private hacking companies are selling isn’t going away. “The industry is both bigger and more visible today than it was a decade ago,” says @__winn. “The demand is rising because the world is becoming more technologically connected." The hacker-for-hire industry is now too big to failThis is a big moment of turbulence and change for the hacking business. But the demand is here to stay.technologyreview.com

December 28th 2021

1 Like

A record number of venture-backed cybersecurity companies saw exits through acquisition in 2021.

According to Crunchbase numbers, 129 venture-backed companies were acquired by private equity or strategics this year, shattering last year’s record 79 deals. (Chris Metinko / Crunchbase)

Several startups have been created to help companies cope with the complex compliance needs stipulated in privacy laws, such as the California Consumer Privacy Act and the EU’s General Data Protection Regulation.

OneTrust, a leader in the field, has valued investors at $5.3 billion. BigID, a competitor, raised $30 million in April at a $1.25 billion valuation. Another company that targets privacy regulations, TrustArc, raised $70 million in 2019. (David McCabe / New York Times)

Omer Tene @omertene

.@nytimes profiles @OneTrust @kbarday and the privacy tech industry. @bigidsecure @TrustArc @getyoti. It's not just privacy -- privacy tech is big too. The Companies Benefiting From Fragmenting Internet Privacy RulesCompanies have sprouted up to help others navigate the varied laws around the world governing websites.nytimes.com

December 27th 2021

3 Retweets24 Likes

Cybersecurity researchers at Check Point published a deep dive into a system called DoubleFeature dedicated to logging the different stages of post-exploitation stemming from the deployment of DanderSpritz, a full-featured malware framework used by the Equation Group.

DanderSpritz came to light on April 14, 2017, when a hacking group known as the Shadow Brokers leaked the exploit tool, among others, under a dispatch titled "Lost in Translation. DoubleFeature functions as a "diagnostic tool for victim machines carrying DanderSpritz." (Ravie Lakshmanan / The Hacker News)

Related: Check Point

Image by Gino Crescoli from Pixabay