LastPass Suffers Data Breach, Source Code Stolen

Researchers warned that cyberattackers will be probing the code for weaknesses to exploit later. [TechWeb]( Follow Dark Reading: [RSS]( August 29, 2022 LATEST SECURITY NEWS & COMMENTARY [LastPass Suffers Data Breach, Source Code Stolen]( Researchers warned that cyberattackers will be probing the code for weaknesses to exploit later. ['Sliver' Emerges as Cobalt Strike Alternative for Malicious C2]( Microsoft and others say they have observed nation-state actors, ransomware purveyors, and assorted cybercriminals pivoting to an open source attack-emulation tool in recent campaigns. [How DevSecOps Empowers Citizen Developers]( DevSecOps can help overcome inheritance mentality, especially in low- and no-code environments. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [What You Need to Know About the Psychology Behind Cyber Resilience]( Understanding how and why people respond to cyber threats is key to building cyber-workforce resilience. [CISA: Just-Disclosed Palo Alto Networks Firewall Bug Under Active Exploit]( The bug tracked as CVE-2022-0028 allows attackers to hijack firewalls without authentication, in order to mount DDoS hits on their targets of choice. [Charming Kitten APT Wields New Scraper to Steal Email Inboxes]( Google researchers say the nation-state hacking team is now employing a data-theft tool that targets Gmail, Yahoo, and Microsoft Outlook accounts using previously acquired credentials. [MORE]( EDITORS' CHOICE [Twilio Hackers Scarf 10K Okta Credentials in Sprawling Supply-Chain Attack]( The "0ktapus" cyberattackers set up a well-planned spear-phishing effort that affected at least 130 orgs beyond Twilio and Cloudflare, including Digital Ocean, DoorDash and Mailchimp. LATEST FROM THE EDGE [Don't Take the Cyber Safety Review Board's Log4j Report at Face Value]( Given the lack of reporting requirements, the findings are more like assumptions. Here's what organizations can do to minimize exposure. LATEST FROM DR TECHNOLOGY ['No-Party' Data Architectures Promise More Control, Better Security]( Consumers gain control of their data while companies build better relationships with their customers — but third-party ad-tech firms will likely continue to stand in the way. WEBINARS - [Manage Your Unmanaged Cloud Attack Surface]( Have recent events forced your organization to accelerate your digital transformation projects? With IT, DevOps and security teams running at redline, attackers are constantly looking for configuration mistakes or vulnerabilities to exploit. While many security teams have worked to develop ... - [Malicious Bots: What Enterprises Need to Know]( Bots are launching more complex and targeted attacks such as price scraping, credential stuffing, scalping, and credit card fraud, but many security defenders are still focused on only the most obvious attacks. Automated bot attacks are on the rise, but ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [Implementing Zero Trust In Your Enterprise: How to Get Started]( - [6 Elements of a Solid IoT Security Strategy]( - [Five Best Practices for AWS Security Monitoring]( - [Eight Best Practices for a Data-Driven Approach to Cloud Migration]( - [Gartner, Quick Answer: How Can Organizations Use DNS to Improve Their Security Posture?]( - [Understanding DNS Threats and How to Use DNS to Expand Your Cybersecurity Arsenal]( - [AppSec Considerations For Modern Application Development]( [View More White Papers >>]( FEATURED REPORTS - [Breaches Prompt Changes to Enterprise IR Plans and Processes]( - [State of the Cloud: A Security Perspective]( Cloud computing has evolved over the years from a nice-to-have item on the IT wish list to a core technology driving business initiatives. But despite widespread adoption, cloud-based IT systems continue to be saddled with issues related to data security, ... - [Understanding DNS Threats and How to Use DNS to Expand Your Cybersecurity Arsenal]( With attacks and breaches on the rise, enterprise security teams need full visibility over what they have in their network. DNS is a key tool for visibility and asset discovery. Proactive DNS-layer security - such as using DNS data to ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Endpoint Protection / Antivirus Products Tested for Malware Protection]( [Capital One Joins Open Source Security Foundation]( [ReasonLabs Launches Free Online Security Tool to Power Secure Web Experience for Millions of Global Users]( [Wyden Renews Call to Encrypt Twitter DMs, Secure Americans' Data From Unfriendly Foreign Governments]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [Building & Maintaining an Effective Remote Access Strategy]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)