Articles of interest from the week of December 12, 2022

Notice of Recent Security Incident - The LastPass Blog

LastPass has determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of their customers’ information. They state that their customers’ passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture. (LastPass)

$858 Billion Defense Bill Focuses Heavily on Cyber

Congress is poised to vote in coming days on an $858 billion annual defense policy bill that contains significant spending increases for U.S. Cyber Command and other efforts to bolster national cybersecurity defenses. (CyberScoop)

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

InfraGard, a program run by the U.S. Federal Bureau of Investigation (FBI) to build cyber and physical threat information-sharing partnerships with the private sector, this week saw its database of contact information on more than 80,000 members go up for sale on an English-language cybercrime forum. Meanwhile, the hackers responsible are communicating directly with members through the InfraGard portal online — using a new account under the assumed identity of a financial industry CEO that was vetted by the FBI itself. (Krebs on Security)

Apple Finally Adds Encryption to iCloud Backups

Apple has rolled out a number of security features that will now offer end-to-end encryption to protect data, including backups, contacts, notes, photos, and wallet passes. The company also announced hardware Security Keys for Apple ID. (Computerworld)

Indiana Sues TikTok Alleging Chinese Access to User Data, Mature Content Exposure

Indiana sued Chinese-owned short-video sharing app TikTok on Wednesday over allegations that it is deceiving users about China's access to their data and exposing children to mature content. The office of Indiana Attorney General Todd Rokita, said the popular app, owned by ByteDance, violates the state's consumer protection laws by not disclosing the Chinese government's potential to access sensitive consumer information. (Reuters)

LABScon Replay | The Mystery of Metador

The term ‘Magnet of Threats’ is used to describe targets so desirable that multiple threat actors regularly cohabitate on the same victim machine in the course of their collection. In the process of responding to a series of tangled intrusions at one of these Magnets of Threats, SentinelLabs researchers encountered an entirely new threat actor: ‘Metador’.

Metador’s intrusions were located primarily in telcos, ISPs, and universities in the Middle East and Africa, but that is likely only a small portion of the operations of what is clearly a long-running threat actor of unknown origin. (SentinelOne)