Security Alerts & News
by Tymoteusz A. Góral

History
#2251 More LastPass flaws: researcher pokes holes in 2FA
Recently we’ve been writing about LastPass more than seems healthy.

March saw two rounds of serious flaws made public by Google’s Tavis Ormandy (quickly fixed), which seemed like a lot for a single week. Days ago, news emerged of a new issue (also fixed) in the company’s two-factor/two-step authentication (2FA) security.

To coin a phrase, all serious flaws are serious – but some are more serious than others.

This one matters for two reasons, only one of which will sound flippant: it wasn’t discovered by Tavis Ormandy, who at times has seemed to be writing a novella on flaw-hunting with the company’s name on it. That’s fine – researching vulnerabilities is his day job, after all.
Read more
#2256 iCloud support scams
#2255 Healthcare CERT warns about ‘Mole’ ransomware – what you need to know
#2254 Facebook tracks scary-specific details about your life. Here’s how to find what it knows
#2253 Linux Shishiga malware using LUA scripts
#2252 Cyberespionage, ransomware big gainers in new Verizon breach report
#2251 More LastPass flaws: researcher pokes holes in 2FA
#2250 FalseGuide malware victim count jumps to 2 million
#2249 UK man gets two years in jail for running ‘Titanium Stresser’ attack-for-hire service
#2248 How free hacking tools on the web could be leading kids into cybercrime
#2247 Hipchat resets user passwords after possible breach
#2246 Pawn storm abuses open authentication in advanced social engineering attacks
#2245 Webroot 'mistakenly' flags Windows as malware and Facebook as phishing site
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12