LastPass DevOps Engineer Targeted for Cloud Decryption Keys | How the Ukraine War Opened a Fault Line in Cybercrime

The adversaries obtained a decryption key to a LastPass database containing multifactor authentication and federation information as well as customer vault data, company says. The adversaries obtained a decryption key to a LastPass database containing multifactor authentication and federation information as well as customer vault data, company says. [TechWeb]( Follow Dark Reading: [RSS]( March 02, 2023 LATEST SECURITY NEWS & COMMENTARY [LastPass DevOps Engineer Targeted for Cloud Decryption Keys in Latest Breach Revelation]( The adversaries obtained a decryption key to a LastPass database containing multifactor authentication and federation information as well as customer vault data, company says. [How the Ukraine War Opened a Fault Line in Cybercrime, Possibly Forever]( Infighting, conscription, emigration. The war in Ukraine has pitted cybercriminals against one another like no other event before it. [Attackers Were on Network for 2 Years, News Corp Says]( The publisher of the Wall Street Journal, New York Post, and several other publications had last year disclosed a breach it said was the work of a state-backed actor likely working for China. [Pernicious Permissions: How Kubernetes Cryptomining Became an AWS Cloud Data Heist]( The opportunistic "SCARLETEEL" attack on a firm's Amazon Web Services account turns into targeted data theft after the intruder uses an overpermissioned service to jump into cloud system. [Pirated Final Cut Pro for macOS Offers Stealth Malware Delivery]( The number of people who have made the weaponized software available for sharing via torrent suggests that many unsuspecting victims may have downloaded the XMRig coin miner. [Canadian Telecom Firm Telus Reportedly Investigating Breach]( A threat actor has leaked data — purportedly, samples of Telus employee payroll data and source code — on a hacker site. [Exfiltrator-22: The Newest Post-Exploitation Toolkit Nipping at Cobalt Strike's Heels]( The framework-as-a-service signals an intensification of the cat-and-mouse game between defenders detecting lateral movement, and cybercriminals looking to go unnoticed. [Mobile Banking Trojans Surge, Doubling in Volume]( Mobile malware developers were busy bees in 2022, flooding the cybercrime landscape with twice the number of banking Trojans than the year before. [Why Are My Employees Integrating With So Many Unsanctioned SaaS Apps?]( Before adopting SaaS apps, companies should set security guardrails to vet new vendors and check security integration for misconfiguration risks. [To Safeguard Critical Infrastructure, Go Back to Basics]( CISA's recently released cybersecurity performance goals can help lower risk and thwart the impact of cyberattacks. [Without FIDO2, MFA Falls Short]( The open authentication standard addresses existing multifactor authentication security vulnerabilities. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [This Will Be the Year of the SBOM, for Better or for Worse]( Sharing attestations on software supply chain data that are formed into a policy will give us a framework to interpret risk and develop compliance directives. [The DoJ Disruption of the Hive Ransomware Group Is a Short-Lived Win]( The war on critical infrastructure demands a better security strategy. [As Social Engineering Attacks Skyrocket, Evaluate Your Security Education Plan]( Build a playbook for employees on how to handle suspicious communications, use mail filters, and screen and verify unfamiliar calls to bolster a defensive social engineering security strategy. [MORE]( EDITORS' CHOICE ['New Class of Bugs' in Apple Devices Opens the Door to Complete Takeover]( With the right kind of exploit, there's hardly any function, app, or bit of data an attacker couldn't access on your Mac, iPad, or iPhone. LATEST FROM THE EDGE [CISOs Share Their 3 Top Challenges for Cybersecurity Management]( The biggest dilemmas in running a modern cybersecurity team are not all about software, said CISOs from HSBC, Citi, and Sepio. LATEST FROM DR TECHNOLOGY [Researchers Create an AI Cyber Defender That Reacts to Attackers]( Based on deep reinforcement learning, the system can adapt to defenders' tactics and stop 95% of simulated attacks, according to its developers. WEBINARS - [SecDevOps: The Smart Way to Shift Left]( DevOps has changed the way software is developed, written, and run. But many organizations are still trying to figure out how to build security into application development. In this webinar, experts discuss the integration of security and DevOps - sometimes ... - [How Firewalls Fit With Modern Enterprise Security]( With all the focus on the newest security technologies, it is easy to forget that the firewall is still an important part of the enterprise security strategy. In this webinar, experts offer a look at some of the most common ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [The Essential Guide to Secure Web Gateway]( - [Enable and Protect Your Remote Workforce]( - [Evaluator's Guide for Managed Detection and Response (MDR) Services]( - [How to Simplify Security with a Cybersecurity Mesh Architecture]( - [IT/OT Security Platform Navigator 2022]( - [2022 State of OT Cybersecurity Report]( - [Top Three Considerations To Build, Deploy, and Run Your Application Journey]( [View More White Papers >>]( FEATURED REPORTS - [The Promise and Reality of Cloud Security]( Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises ... - [10 Hot Talks From Black Hat USA 2022]( Black Hat USA brings together cutting-edge research, new security tools, and sophisticated defensive techniques over the course of two days. There were some recurring themes across the sessions, and many of these topics are going to be important issues to ... - [How Machine Learning, AI & Deep Learning Improve Cybersecurity]( [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Octillo Launches Women's Cybersecurity Scholarship in Partnership With the Center for Cyber Safety and Education]( [DoControl's 2023 SaaS Security Threat Landscape Report Finds Enterprises and Mid-Market Organizations Have Exposed Public SaaS Assets]( [Forescout Addresses Modern SecOps Challenges With Launch of Forescout XDR]( [Offensive Security Is Now OffSec - Refresh Reflects Future of Cybersecurity Learning and Skills Development]( [2 of the Worst Healthcare Data Breaches in US History Happened Last Year]( [Forsage Founders Indicted in $340M DeFi Crypto Scheme]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [The Promise and Reality of Cloud Security]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)