Plus,1.5 million BetMGM accounts reportedly hacked
| Part of  Network | |
 |
LastPass has admitted to a massive hack that resulted in users' passwords being stolen. The breach, first reported in August, was initially played down by the company. More: - The company stated that hackers have stolen information such as company names, end-user names, billing addresses, email addresses, telephone numbers, IP addresses, and customer vault data from the encrypted storage service.
- Those accounts that use the encrypted storage service should be safe since they are the only ones who know their master password, as it is not stored in the company's servers.
- According to LastPass, the threat actor did not breach credit card information.
- Customers have been advised to change their passwords, with a particular highlight on customers that have reused passwords or have created weak passwords. Generating stronger passwords would protect the breached accounts from brute-force attacks, which is likely to be the method used by the threat actor in this case.
- The threat actor responsible for this breach is unknown so far.
| |
France has fined Microsoft $63M for violating its data privacy rules through advertising cookies. According to the official statement from the country's regulatory authority, those who visited the Bing search engine did not have a mechanism to refuse cookies as easily as accepting them. More: - Microsoft allegedly used cookies intending to show ads and shut down advertising fraud but did not get permission from users to do so.
- CNIL, France's national privacy authority, claims it conducted the audit during the Sept. 2020-May 2021 period.
- Microsoft has been ordered to change how it uses cookies within the next three months. If the tech giant fails to do so, it will have to pay $63,000 as a penalty fee per day.
Zoom Out: - Since the implementation of GDPR, European data authorities have cracked down on illegal advertisement practices, especially against tech giants. France recently fined Facebook and Google $222M for breaking advertisement targeting rules.
- The agency has also fined national companies. National electricity provider Électricité de France was fined $636,000 for storing their users' passwords with weak protection technology.
| |
A new report claims that an Iranian hacker group hacked Israeli CCTV cameras and that Israeli authorities were aware but couldn't stop the attack for months. The threat actor was tracked as Moses Staff. More: - The group published footage recorded from the CCTVs on its Telegram channel. The recording showed recordings from activity in Tel Aviv, Jerusalem, and the spaces near the Rafael defense contractor factory in Haifa.
- The breach is believed to have happened in 2021.
- Moses Staff claims that the recording shows only a small part of its overall access to recording throughout Israel's CCTV cameras, a statement that was reportedly sent by the group directly to Israeli Intelligence services.
- Israeli authorities are yet to clarify why they could not stop the attack even though they tracked it.
Zoom Out: - Moses Staff has previously claimed responsibility for a cyberattack that made rocket sirens go off in Jerusalem and Eilat.
- Iranian hackers have previously breached the data of over 300,000 Israeli citizens by hacking travel booking websites.
- A few weeks ago, it was reported that Iranian hackers had made progress in hacking Israeli and U.S. drones,
| |
Sports betting firm BetMGM has announced that it had been breached. Over 1.5 million accounts are believed to have been affected. More: - The hackers are believed to have stolen information such as names, postal addresses, email addresses, phone numbers, dates of birth, hashed Social Security numbers, player IDs, screen names, and transaction information.
- This breach occurred in May 2022, but the company tracked it only in November.
- BetMGM has advised its users to raise their awareness and be suspicious of any communication initiated from accounts they do not know personally.
- A threat actor has already posted the information for sale on internet forums, claiming that the information sold belongs to BetMGM casinos in New Jersey and Pennsylvania and a Master Casino data set with information on customers from all states.
| |
The U.K. Information Commissioner's Office, the country's national data privacy regulator, has published the names of the companies that were hacked in 2022. The decision is interpreted as a method to encourage companies to pay more attention to their cybersecurity practices. More: - The Information Commissioner's Office's list includes information such as the organization's name and sector, the relevant legislation and the type of issues involved, the date of completion, and the outcome.
- The page also includes information on the cases the regulator has handled, the dates when they were processed, whether the cases were self-reported or found by the agency, etc.
- Industry researchers in the U.K. decided to publish this list to accelerate cybersecurity development in the country, specifically adopting good cybersecurity hygiene among public and private companies.
| |
Quick Hits: - No more waiting weeks to find a therapist. Sign up with BetterHelp, and you can get matched with a therapist in less than 48 hours.*
- Researchers have tracked a new security flaw in the GHOST CMS newsletter platform that could enable hackers to change the content of the newsletters even after they are posted.
- Vice Society ransomware has begun deploying a new tool that uses NTRUEncrypt and ChaCha20-Poly1305 algorithms, making its ransomware significantly more complex.
- German industrial engineering company ThyssenKrupp AG is being targeted by hackers, but this hacking campaign has so far been unable to breach its security system, according to the company.
- Ireland's Data Protection Commission has opened an investigation on Twitter over a data breach that reportedly affected more than 5 million users. The breach occurred in Nov. 2022.
*This is sponsored content.
| |
Upcoming events at Inside: - January 05 - AMA with Gun.io - Building and managing software development teams w/ Deividi Silva (Watch On Demand)
- January 06 - AMA with LinearB - Improving workflow for developers w/ Ori Keren (Watch On Demand)
- January 10 - Inside Startups Coffee Break (Register Here)
- January 17 - Inside Marketing Coffee Break (Register Here)
- January 31 - Growth Summit 2023 (Register Here)
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Vibha Chapparike is a Freelance Writer & Editor at Inside.com. With her post-graduation in Management and Finance completed, Vibha is expanding her knowledge in venture capital, business, startups, and technology. She has had a career in public relations and communications. An ardent reader and writer currently residing in Singapore, you can follow Vibha on Twitter @VChapparike. | |
| 767 Bryant St. #203, San Francisco, CA 94107
Copyright © 2022 Inside.com | |
| |
