The Hacker News Daily Updates

"Last Pass admits to severe data breach...."

Views expressed in this cybersecurity, cybercrime update are those of the reporters and correspondents.  Accessed on 23 December 2022, 2140 UTC.  Content provided by email subscription to "The Hacker News Daily Updates."

Source:  https://mail.google.com/mail/u/0/?tab=rm&ogbl#inbox/FMfcgzGrblVHvmVjMvSGtrPLgzbfwhZB

Please click link or scroll down to read your selections. Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net and https://paper.li/RussellRoberts).

The Hacker News Daily Updates

7 Passwordless Approaches for B2C Passwords are problematic. They are hard to remember, and they don’t work well. Passwords can be guessed or leaked. Today’s technology allows for better authentication, without passwords. It’s time to move on and join the cutting edge. Download Now Sponsored

LATEST NEWS Dec 23, 2022

FrodoPIR: New Privacy-Focused Database Querying System The developers behind the Brave open-source web browser have revealed a new privacy-preserving data querying and retrieval system called FrodoPIR. The idea, the company said, is to use the technology to build out a wide range of use cases such as safe browsing, checking passwords against breached databases, certificate revocation checks, and streaming, among others. The scheme is ... Read More

Researchers Warn of Kavach 2FA Phishing Attacks Targeting Indian Govt. Officials A new targeted phishing campaign has zoomed in on a two-factor authentication solution called Kavach that's used by Indian government officials. Cybersecurity firm Securonix dubbed the activity STEPPY#KAVACH, attributing it to a threat actor known as SideCopy based on tactical overlaps with prior attacks. ".LNK files are used to initiate code execution which eventually downloads and runs ... Read More

Combine Your Payment Stack into One FastSpring handles the complexity of selling software so you can get back to doing what you do best — building great products. Our platform includes global payment processing, subscription management, checkout, sales taxes and VAT, fraud prevention, and much ... Read More

Accelerate Your Incident Response Tis the season for security and IT teams to send out that company-wide email: “No, our CEO does NOT want you to buy gift cards.”  As much of the workforce signs off for the holidays, hackers are stepping up their game. We’ll no doubt see an increase in activity as hackers continue to unleash e-commerce scams and holiday-themed phishing attacks. Hackers love to use these tactics to trick ... Read More

Vice Society Ransomware Attackers Adopt Robust Encryption Methods The Vice Society ransomware actors have switched to yet another custom ransomware payload in their recent attacks aimed at a variety of sectors. "This ransomware variant, dubbed 'PolyVice,' implements a robust encryption scheme, using NTRUEncrypt and ChaCha20-Poly1305 algorithms," SentinelOne researcher Antonio Cocomazzi said in an analysis. Vice Society, which is tracked by Microsoft under ... Read More

France Fines Microsoft €60 Million for Using Advertising Cookies Without User Consent France's privacy watchdog has imposed a €60 million ($63.88 million) fine against Microsoft's Ireland subsidiary for dropping advertising cookies in users' computers without their explicit consent in violation of data protection laws in the European Union. The Commission nationale de l'informatique et des libertés (CNIL) noted that users visiting the home page of its Bing search engine did ... Read More

LastPass Admits to Severe Data Breach, Encrypted Password Vaults Stolen The August 2022 security breach of LastPass may have been more severe than previously disclosed by the company. The popular password management service on Thursday revealed that malicious actors obtained a trove of personal information belonging to its customers that include their encrypted password vaults by using data siphoned from the earlier break-in. Also stolen is "basic customer ... Read More

FIN7 Cybercrime Syndicate Emerges as a Major Player in Ransomware Landscape An exhaustive analysis of FIN7 has unmasked the cybercrime syndicate's organizational hierarchy, alongside unraveling its role as an affiliate for mounting ransomware attacks. It has also exposed deeper associations between the group and the larger threat ecosystem comprising the now-defunct ransomware DarkSide, REvil, and LockBit families. The highly active threat group, also known as ... Read More

Moving Past Passwords (At Last!) 7 Key Takeaways to Passwordless Authentication Download Now Sponsored