TL;DR: LastPass and Zero Knowledge (47th and 48th Weeks)

A company focusing on secure password storage has become a victim of a data leak; two cybercriminals have been arrested with millions in profits; and a French energy company has discovered that weak password encryption does not pay off.

Passwords are “safe”

LastPass became a target of another cyberattack, leading to a data breach. Cybercriminals successfully managed to compromise the cloud storage service that the company shared with its affiliate GoTo, and gained access to customer data. The company declares that thanks to its “Zero Knowledge” architecture, all passwords remained safely encrypted.

Spread of banking trojan

Cleafy security researchers have discovered 3 applications distributing the SharkBot banking trojan. The applications X-File Manager, FileVoyager and LiteCleaner M, which have already been removed from the Google Play Store, were installed a total of approximately 16,000 times. Users of the mentioned apps should immediately uninstall them and change their bank account passwords.

Arrest of two cyber criminals

Estonian police arrested two suspects for cryptocurrency fraud and money laundering conspiracy. The cybercriminals allegedly defrauded hundreds of thousands of victims and are jointly responsible damages worth 575 million dollars.

Insecure sports betting site

Sports betting site DraftKings will reimburse 300 thousand dollars in lost funds after attackers gained access to the accounts of several of its users. The attack was probably caused by “bombarding” the login form with leaked combinations of emails and passwords from other services.


  • An app vulnerability found in Hyundai and Genesis cars (models since 2021), discovered by security researchers at Yuga Labs, allowed hackers to remotely flash, unlock, start, locate and honk the cars.
  • French electricity provider Électricité de France was fined 600,000 euros for violating GDPR by encrypting customer login passwords using a cryptographically broken MD5 algorithm.
  • A new Australian law allows companies that suffered large-scale data breaches to be fined up to a maximum of 50 million Australian dollars (32.5 million euros).
  • Proofpoint security researchers warn of a re-emergence of Emotet botnet activity. After apparent inactivity from July to November 2022, the botnet has begun sending out hundreds of thousands of malicious emails daily.
  • The Keralty multinational healthcare organization suffered a RansomHouse ransomware attack. The attack knocked out websites and scheduling of medical appointments, and is under investigation.
  • Zimperium security researchers discovered an Android campaign primarily targeting Vietnamese Facebook (Meta) users. As part of the campaign, the attackers obtained data from more than 300,000 victims.

« Späť na zoznam