LastPass reveals details of August hack that gave threat actor access to its development environment for four days


Last month, LastPass suffered a cyberattack and the company shared some details about what had happened shortly afterwards. Now, having conducted further investigations, more information has been revealed including the fact that the attacker had access to the LastPass development environment for four days.
The company concedes that it is not clear how the attacker was able to gain access but says: "the threat actor utilized their persistent access to impersonate the developer once the developer had successfully authenticated using multi-factor authentication". LastPass has also revealed the impact of the four-day security incident in the name of providing "transparency and peace-of-mind to [its] consumer and business communities".
CDP: A priority in the evolution of ransomware recovery


The first ransomware appeared in 1989. It was distributed via floppy disks; its encryption could be easily reversed, and the ransom of $189 was to be paid to a PO box in Panama. Since those humble beginnings, ransomware has evolved into the massive international cybercrime it is today, that causes billions in damage to organizations big or small.
As new successful attacks are reported daily, it seems that the defenses against the ever more sophisticated attack vectors are lagging the attackers. As many organizations continue to struggle to defend themselves against ransomware, it is worth looking at the currently available technologies and how effective they are in combating it.
Get 'Microsoft 365 Fundamentals Guide' ($24.99 value) FREE for a limited time


With its extensive set of tools and features for improving productivity and collaboration, Microsoft 365 is being widely adopted by organizations worldwide.
This book will help not only developers but also business people and those working with information to discover tips and tricks for making the most of the apps in the Microsoft 365 suite.
Best Windows apps this week


Five-hundred-and-eight in a series. Welcome to this week's overview of the best apps, games and extensions released for Windows 10 and 11 on the Microsoft Store and elsewhere in the past seven days.
Microsoft 365 apps can now be updated without user interruption, thanks to the new "update under lock" feature.
Security and compliance issues hold back innovation


Three quarters of C-suite executives responding to a new survey say that compliance challenges and security challenges limit their company's ability to innovate.
The study from software delivery platform CloudBees also shows executives overwhelmingly favor a shift left approach, a strategy of moving software testing and evaluation to earlier in the development lifecycle, placing the burden of compliance on development teams.
Three-quarters of organizations have suffered an API security incident in the last year


Over three-quarters (76 percent) of respondents in a new survey have suffered an API security incident in the last 12 months, primarily caused by dormant/zombie APIs, authorization vulnerabilities, and web application firewalls.
The research from Noname Security also shows that 74 percent of cybersecurity professionals don’t have a complete API inventory or know which APIs return sensitive data.
Microsoft Teams gains language interpretation for multi-lingual environments


Recognizing the fact that many groups, organizations and work forces are made up of multi-lingual members from many countries, Microsoft has made language interpretation Generally Available for users of Microsoft Teams.
Rather than offering automatic translation of speech, language interpretation allows professional interpreters to convert what a speaker says into another language in real-time.
Microsoft Teams for Windows, macOS and Linux insecurely stores authentication tokens in unprotected cleartext -- and a fix is NOT in the pipeline


Researchers from cybersecurity firm Vectra have issued a warning that Microsoft Teams stores authentication tokens in an unprotected form that could easily be abused by hackers.
The desktop apps for Windows, macOS and Linux all store authentication tokens in cleartext, and this can be used by an attacker to steal an identity and log into accounts. This is clearly worrying, but what is more concerning is Microsoft's reaction; the company says that the issue does not require "immediate servicing".
Why virtualization is making enterprise data warehouses obsolete [Q&A]


For many years the database has been at the heart of enterprise IT. But the shift to the cloud has led to massive challenges with migrations proving both slow and expensive.
A different way to approach this is to use virtualization, allowing existing applications to run on any modern cloud platform without being rewritten or replaced. We spoke to Mike Waas founder and CEO of Datometry, a SaaS database virtualization platform, to find out more.
How to get verified on Twitter -- social network revamps its guide


Users of Twitter crave different things -- everything from an edit button (now available to some) to account verification.
For anyone seeking the much sought-after blue tick, Twitter has revamped its Help Center pages, providing detailed information about how to get verified. While not complicated, the updated guide provides clear information about exactly how to apply, and how to increase your chances of a successful application for verification.
Microsoft releases PowerToys v0.62.1 to fix various bugs


The last update to Microsoft's PowerToys utility collection was a big one, adding no fewer than three new tools. Now there is a smaller, but still significant, update available in the form of PowerToys v0.62.1.
Although this particular release may not be quite as exciting as its predecessor, the fact that it addresses various issues with the software means that it is still well worth downloading.
Uber suffers 'cybersecurity incident' with hackers gaining access to internal systems and vulnerability reports


Uber is working with law enforcement after it became the latest company to fall victim to a cyber attack. Hackers were able to breach its internal systems and gain access to a range of data including emails, vulnerability reports, its HackerOne bug bounty program and more.
The attackers were also able to access Uber's Slack server, going as far as posting messaging to it. At the moment, it is not clear whether customer data has been exposed in the attack which seems to have come as the result of extracting passwords from an employee via social engineering.
Employees take risks to avoid login hassles


A new report from 1Password reveals that 43 percent of employees admit to risky online behaviors such as sharing logins, offloading tasks to others, or even abandoning certain tasks altogether to circumvent complicated login procedures.
Having to remember multiple logins heightens stress levels and strains mental health according to 41 percent of respondents. While 37 percent say that the onboarding process at their current job was time-consuming, confusing or challenging when it came to logging into work-related accounts.
US businesses unprepared for rise in cyberattacks


The average US business faces around three successful cyberattacks each year, and while most agree that attacks are set to increase, 32 percent still lack a management platform for IT secrets, like API keys, database passwords and privileged credentials, posing a significant risk to organizational security.
A new US Cybersecurity Census Report from Keeper Security shows most organizations think they're prepared to fend off cyberattacks, with 64 percent of respondents rating their preparedness at least an eight on a 10-point scale and 28 percent rating themselves as a 10/10.
The future is electric: Why electric cars will take over sooner than you think


We’re currently experiencing a boom period in electric vehicles. Right now, the RAC estimates there are at least 456,000 battery electric cars on the roads up and down the UK, with one in eight new cars being plug-ins.
The UK government’s strategy to combat climate change involves planning to stop the sale of new petrol and diesel vehicles by 2030, and for them to be zero emission by 2035. While these goals may seem lofty if you’ve never considered even test-driving an electric vehicle, the sales and registration figures alone are encouraging enough that it’s possible.
Most Commented Stories
BetaNews, your source for breaking tech news, reviews, and in-depth reporting since 1998.
© 1998-2025 BetaNews, Inc. All Rights Reserved. About Us - Privacy Policy - Cookie Policy - Sitemap.