Tag: breach
3 Ways Breach And Attack Simulation Assists Enterprise Vulnerability Management
Enterprises face more cybersecurity threats than ever before. Despite the rapid advances security tools have made over the past few…
The post 3 Ways Breach And Attack Simulation Assists Enterprise Vulnerability Management appeared first on TechRound.
3 Ways Breach And Attack Simulation Assists Enterprise Vulnerability Management
Enterprises face more cybersecurity threats than ever before. Despite the rapid advances security tools have made over the past few…
The post 3 Ways Breach And Attack Simulation Assists Enterprise Vulnerability Management appeared first on TechRound.
LastPass Data Breach: It’s Time to Ditch This Password Manager
LastPass breach: it’s worse than initially thought
![LastPass breach: it's worse than initially thought](https://static.techspot.com/images2/news/ts3_thumbs/2022/12/2022-12-23-ts3_thumbs-8b5.jpg)
In the original report about the data breach incident discovered in August, LastPass said that “only” the company’s source code and proprietary information were compromised. Users’ data and passwords remained safe and unsoiled. Now, a follow-up security notice on that same incident is saying otherwise: the malicious actors were able…
LastPass: Hackers Stole Customer Vault Data In Cloud Storage Breach
“The threat actor copied information from backup that contained basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service,” Toubba said today. “The threat actor was also able to copy a backup of customer vault data from the encrypted storage container which is stored in a proprietary binary format that contains both unencrypted data, such as website URLs, as well as fully-encrypted sensitive fields such as website usernames and passwords, secure notes, and form-filled data.”
Fortunately, the encrypted data is secured with 256-bit AES encryption and can only be decrypted with a unique encryption key derived from each user’s master password. According to Toubba, the master password is never known to LastPass, it is not stored on Lastpass’ systems, and LastPass does not maintain it. Customers were also warned that the attackers might try to brute force their master passwords to gain access to the stolen encrypted vault data. However, this would be very difficult and time-consuming if you’ve been following password best practices recommended by LastPass. If you do, “it would take millions of years to guess your master password using generally-available password-cracking technology,” Toubba added. “Your sensitive vault data, such as usernames and passwords, secure notes, attachments, and form-fill fields, remain safely encrypted based on LastPass’ Zero Knowledge architecture.”
Read more of this story at Slashdot.
The LastPass Data Breach Just Got Even Worse … Again
![](https://www.reviewgeek.com/p/uploads/2022/12/ec001e67.png)
After getting hacked in August, LastPass promised that customer data was safe. Later, the company admitted that customer data was compromised, but claimed that user passwords were not part of the data breach. Unfortunately, LastPass was completely and totally wrong.
Read This Article on Review Geek ›
McGraw Hill breach exposed 22 terabytes of sensitive student data
![McGraw Hill breach exposed 22 terabytes of sensitive student data](https://static.techspot.com/images2/news/ts3_thumbs/2022/12/2022-12-22-ts3_thumbs-7eb.jpg)
Researchers at vpnMentor found two Amazon Web Services (AWS) S3 buckets full of personal and sensitive data, later confirming that those were files belonging to McGraw Hill’s online educational platform. The buckets contained more that 22 terabytes of data, with over 117 million files that were publicly available to anyone…
Why ‘quiet quitting’ could fuel the next major cybersecurity breach
Parsing LastPass’ data breach notice
Two weeks ago, the password manager giant LastPass disclosed its systems were compromised for a second time this year. Back in August, LastPass found that an employee’s work account was compromised to gain unauthorized access to the company’s development environment, which stores some of LastPass’ source code. LastPass CEO Karim Toubba said the hacker’s activity […]
Parsing LastPass’ data breach notice by Zack Whittaker originally published on TechCrunch