#amazon

The adversaries obtained a decryption key to a LastPass database containing multifactor authentication and federation information as well as customer vault data, company says.

By Deeba Ahmed The LastPass password manager has suffered yet another data breach, carried out by the same attackers involved in recent previous breaches. This is a post from HackRead.com Read the original post: LastPass Employee PC Hacked with Keylogger to Access Password Vault

The opportunistic "SCARLETEEL" attack on a firm's Amazon Web Services account turns into targeted data theft after the intruder uses an overpermissioned service to jump into cloud system.

LastPass, which in December 2022 disclosed a severe data breach that allowed threat actors to access encrypted password vaults, said it happened as a result of the same adversary launching a second attack on its systems. The company said one of its DevOps engineers had their personal home computer breached and infected with a keylogger as part of a sustained cyber attack that exfiltrated

Cloud security vendor Wiz has raised $900 million since its founding in 2020.

Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1.2137.2 allow directory traversal via computerName to AgentLogUploadServlet. A remote, authenticated attacker could upload arbitrary code that would be executed when Desktop Central is restarted. (The attacker could authenticate by exploiting CVE-2021-44515.)

In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.

Categories: News Categories: Scams Tags: LinkedIn Tags: Slinks Tags: phish Tags: phishing Tags: email Tags: payment details Tags: amazon Tags: gmail Tags: outlook Tags: hotmail Tags: scam Tags: scammers The email claims if you not update your card information in the next 24 hours, your membership benefits will be cancelled. (Read more...) The post Fake Amazon Prime email abuses LinkedIn's URL shortener appeared first on Malwarebytes Labs.

Ubuntu Security Notice 5884-1 - Kirill Tkhai discovered that the XFS file system implementation in the Linux kernel did not calculate size correctly when pre-allocating space in some situations. A local attacker could use this to expose sensitive information. Lee Jones discovered that a use-after-free vulnerability existed in the Bluetooth implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Materials research organizations in Asia have been targeted by a previously unknown threat actor using a distinct set of tools. Symantec, by Broadcom Software, is tracking the cluster under the moniker Clasiopa. The origins of the hacking group and its affiliations are currently unknown, but there are hints that suggest the adversary could have ties to India. This includes references to "