AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 09/07/2023

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach 

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious people throughout the tech industry has led some security experts to conclude that crooks likely have succeeded at cracking open some of the stolen LastPass vaults. Taylor Monahan is founder and CEO of MetaMask, a popular software cryptocurrency wallet used to interact with the Ethereum blockchain. Since late December 2022, Monahan and other researchers have identified a highly reliable set of clues that they say connect recent thefts targeting more than 150 people, Collectively, these individuals have been robbed of more than $35 million worth of crypto. 

 

‘Modern cars are a privacy nightmare,’ the worst Mozilla’s seen 

If you’re wondering which gadgets have the worst user privacy practices, it turns out the answer may be parked outside. According to a report published by the Mozilla Foundation on Wednesday, cars are “the official worst category of products for privacy” that it’s ever reviewed. The global nonprofit found that 92 percent of the reviewed automakers provide drivers with little (if any) control over their personal data, with 84 percent sharing user data with outside parties. 

 

See Tickets says hackers accessed customers’ payment data — again 

Global ticketing giant See Tickets has disclosed a data breach affecting customers’ credit card information for the second time in the past 12 months. See Tickets, owned by Vivendi Ticketing, confirmed the latest breach in a filing with Maine’s attorney general this week. The ticketing company said that it became aware of “unusual activity” on its e-commerce websites in May. An investigation carried out by an unnamed cybersecurity firm discovered that hackers “inserted multiple instances of malicious code into a number of its e-commerce checkout pages.” 

 

Online Security for Kids 

Our kids’ lives are online today more than ever, from socializing with friends and gaming, to online learning and education. So how can we help our kids make the most of online technology, safely and securely? First and foremost, make sure that you foster good open communications with your children. Far too often, parents get caught up in the technology required to block content or determining which mobile apps are good or bad. Ultimately, keeping kids safe is less about technology and more about behavior and values. A good place to start is to create a list of expectations with your kids. Here are some factors to consider (Note that these rules should evolve as kids get older.) 

 

EU names Apple, Meta, Microsoft among six ‘gatekeepers’ facing strict DMA guidelines 

On Wednesday, the European Commission designated six “gatekeepers” under the Digital Markets Act:  Alphabet, Amazon, Apple, ByteDance, Meta, and Microsoft. The Digital Markets Act (DMA) defines gatekeepers as platforms that have a significant impact on the internet market. “In total, 22 core platform services provided by gatekeepers have been designated,” according to the announcement. “The six gatekeepers will now have six months to ensure full compliance with the DMA obligations for each of their designated core platform services.” 

 

AT&T Customers Doxed Themselves En Masse In Reply-All Nightmare 

AT&T customers ensnared in a reply-all hell doxed their own names and email addresses after someone discovered that external users could reply to an internal mailing list. According to a post on Hackers News and a follow-up video by cybersecurity researcher and educator John Hammond, it started when one AT&T customer named Alex Kelly replied to an email from the telecom that was sent to a strange address. “This is a test to see if external users can email AT&T’s internal email list with the most recent email mishap,” they wrote. Soon, the responses were rolling in from other customers who had received Kelly’s email.  

Related Posts