LastPass issued a security advisory to its customers regarding an incident where there was unauthorized access to customer data. LastPass states that their products are functional and they will continue to investigate the issue.
Tag Archives: Security
Rackspace ransomware incident for Hosted Exchange environment
Rackspace reported a ransomware incident for Hosted Exchange environment in December 2022 which is causing service disruptions. Rackspace has contained the issue and is investigating the incident. More information is available at their status page.
Facebook finds malicious Android and iOS apps targeting credentials
Facebook has reported finding more than 400 malicious Android and iOS apps intended to copy Facebook login credentials from users who run these apps. Facebook contacted Apple and Google regarding these apps found in their app stores. A list of the apps may be found here.
Samsung cybersecurity incident affected some U.S. customers
Samsung has reported a cybersecurity incident that affected the data of some of its U.S. customers in September 2022. Samsung is in the process of contacting these customers by email. More information is at the Samsung FAQ page.
Equifax Data Breach Settlement and free credit monitoring
People who filed valid claims as part of the earlier Equifax data breach can request free credit monitoring. Equifax has emailed activation codes to these claimants and these codes must be used by June 27, 2022. More information about this legal settlement can be found at www.equifaxbreachsettlement.com.
IRS will transition away from third party facial recognition identification
Originally the IRS had scheduled users to sign up for ID.me by the summer of 2022. Existing IRS user accounts who had previously signed up without using ID.me will still work for now.
Apache Java logging library security alert for servers
The Apache Software Foundation has released a security advisory for Java logging library Apache Log4j. This vulnerability may be exploited over a network without the need for a username and password. This is logged in the National Vulnerability Database (NVD) as CVE-2021-44228. Multiple server and cloud software vendors will be releasing security updates.
Azure Cosmos DB Jupyter Notebook vulnerability resolved
Microsoft disclosed a potential vulnerability in the Azure Cosmos DB Jupyter Notebook feature. The issue was resolved and no customer data was accessed. The Cybersecurity and Infrastructure Security Agency (CISA) also released a statement regarding this database issue.
Web browsers have removed support for FTP
Major web browsers have removed support for FTP (File Transfer Protocol) for security reasons. This includes:
- Google Chrome version 88
- Firefox version 90
- Microsoft Edge version 88 (FTP still available under Edge IE mode)
FileZilla is an open-source option available for FTP servers.
PrintNightmare security issue resolved with latest Microsoft Windows update
PrintNightmare (CVE-2021-34527 and CVE-2021-36947) is a security vulnerability connected with the Print Spooler service in Windows 10 and Windows Server. This should be corrected by installing the currently available July 2021 Windows Update.