LastPass issued a security advisory to its customers regarding an incident where there was unauthorized access to customer data. LastPass states that their products are functional and they will continue to investigate the issue.
Rackspace reported a ransomware incident for Hosted Exchange environment in December 2022 which is causing service disruptions. Rackspace has contained the issue and is investigating the incident. More information is available at their status page.
Facebook has reported finding more than 400 malicious Android and iOS apps intended to copy Facebook login credentials from users who run these apps. Facebook contacted Apple and Google regarding these apps found in their app stores. A list of the apps may be found here.
People who filed valid claims as part of the earlier Equifax data breach can request free credit monitoring. Equifax has emailed activation codes to these claimants and these codes must be used by June 27, 2022. More information about this legal settlement can be found at www.equifaxbreachsettlement.com.
Originally the IRS had scheduled users to sign up for ID.me by the summer of 2022. Existing IRS user accounts who had previously signed up without using ID.me will still work for now.
The Apache Software Foundation has released a security advisory for Java logging library Apache Log4j. This vulnerability may be exploited over a network without the need for a username and password. This is logged in the National Vulnerability Database (NVD) as CVE-2021-44228. Multiple server and cloud software vendors will be releasing security updates.
Microsoft disclosed a potential vulnerability in the Azure Cosmos DB Jupyter Notebook feature. The issue was resolved and no customer data was accessed. The Cybersecurity and Infrastructure Security Agency (CISA) also released a statement regarding this database issue.