InfoSec News Nuggets 09/07/2023

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach  In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious people throughout the tech industry has led some security experts to conclude that crooks likely have succeeded at cracking open some of the stolen LastPass vaults. Taylor Monahan is…
Read More

InfoSec News Nuggets 07/17/2023

Microsoft still unsure how hackers stole Azure AD signing key  Microsoft says it still doesn't know how Chinese hackers stole an inactive Microsoft account (MSA) consumer signing key used to breach the Exchange Online and Azure AD accounts of two dozen organizations, including government agencies. "The method by which the actor acquired the key is a matter of ongoing investigation," Microsoft admitted in a new advisory published today. The incident was reported by U.S. government officials after the discovery of unauthorized…
Read More