Apple has some serious updates. So much so that you should install the update now! This is for Apple iOS 16 compatible devices, iPhone 8 and newer (as below).
The table below shows the recent updates and how they apply.
If you are using LastPass – STOP – move to another password manager ASAP.
In late December, LastPass CEO Karim Toubba acknowledged that a security incident the company first disclosed in August had ultimately paved the way for an unauthorized party to steal customer account information and vault data. (link to CNET article)
I started Tweeting about this in March 2017 – almost six years ago. And again, later that day (The Register). If you use LastPass, it is time for you to do something now.
Personally, I use other tools – you can ask me about them!
If you have any questions or concerns, please do not hesitate to contact us.
Recently (2022/09/16), security researchers discovered a flaw within Microsoft Teams that allows hackers to extract an account authentication token extremely easily.
While the style of attack isn’t unique, hackers are known for using this kind of technique to bypass multifactor authentication, masquerade as legitimate users, and steal information from organizations.
Even with how easy this attack is, Microsoft said this “does not meet our bar for immediate servicing as it requires an attacker to first gain access to a target network.”
There are some measures we’ve put in place to help mitigate hackers leveraging this kind of attack, including monitoring what is accessing these tokens and ensuring our security tools are configured to prevent malicious access to the tokens.
If you have any questions or concerns, please do not hesitate to contact us.
It may not be a secret… but was I have been largely ambivalent to LastPass. Although, some years ago, I Tweeted several times about security issues. There have been numerous issues since then (see below). The thing is that, as I sometimes say, “you don’t know what you don’t know”.
It may be that LastPass is more diligent and open with the issues they have had,
LastPass has more issues than competitors,
Other companies don’t tell us about the issues they have seen.
You pick. Will you give them a pass, or start to look elsewhere.
(Parenthetically [are you supposed to say that or just use parenthesis], this very issue is one of the reasons why Open Source can be so attractive… it gets continually “vetted” by the community.)
I want to inform you of a development that we feel is important for us to share with our LastPass business and consumer community.
Two weeks ago, we detected some unusual activity within portions of the LastPass development environment. After initiating an immediate investigation, we have seen no evidence that this incident involved any access to customer data or encrypted password vaults.
We have determined that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information. Our products and services are operating normally.
In response to the incident, we have deployed containment and mitigation measures, and engaged a leading cybersecurity and forensics firm. While our investigation is ongoing, we have achieved a state of containment, implemented additional enhanced security measures, and see no further evidence of unauthorized activity.
Based on what we have learned and implemented, we are evaluating further mitigation techniques to strengthen our environment. We have included a brief FAQ below of what we anticipate will be the most pressing initial questions and concerns from you. We will continue to update you with the transparency you deserve.
Thank you for your patience, understanding and support.
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.
Apple has released security updates to address vulnerabilities in MacOS, iOS and iPhone. These updates address vulnerabilities attackers could exploit to take control of affected systems.
Stop what you are doing and update as soon as possible. See Apple security updates for more info.