Blog

Breach of LastPass Password Vaults Traced to DevOps Engineer’s Hacked Home Computer
Previously reported theft of LastPass customer password vaults has been traced back to a DevOps engineer with special access to backups. Hackers reportedly exploited a vulnerability in his home computer to obtain their credentials.

Old Vulnerabilities Still a Favorite for Cyber Criminals as Ransomware Attacks Target Unpatched Openings
Joint study finds that old vulnerabilities accounted for just over three-quarters of ransomware attacks in 2022. Most of these old vulnerabilities are from between 2015 to 2019, but the oldest still being actively exploited was published and patched in 2010.

Ransomware Incident at Third Party Results in Supply Chain Attack With $250 Million Impact on Semiconductor Giant Applied Materials
A supply chain attack on Applied Materials may have begun with vendor MKS Instruments, which reported an early February ransomware attack that it said would impact shipments.

Twitter SMS-Based 2FA Going Away for Much of the World in March, Free Account Security Options Reduced to Apps or Keys
SMS-based 2FA is by far the most commonly used method for added account security beyond the password. Twitter users that rely on it to secure their accounts will have to come up with another option by March 20.

Web Hosting Company GoDaddy Saw Malware Planted, Source Code Stolen in Years-Long Breach
Hackers have apparently been able to gain illicit access to the web hosting company since at least 2019. It is not clear when the source code was stolen (or exactly what pieces were taken), but malware was apparently planted in the cPanel control system.