LastPass Says DevOps Engineer Home Computer Hacked
Security Week: We reported in December that LastPass, a popular password manager application, was hacked in August and it’s been confirmed that they have been breached again. On Monday, LastPass said that the same attacker from the August breach hacked into an employee’s home computer and secured a decrypted vault only accessible to 4 employees. Access to the vault provided encryption keys for customer vault backups stored in Amazon S3 buckets. More to come on this breach and its impact on customers.
How I Broke Into a Bank Account With an AI-Generated Voice
Vice: Deeply disturbing news from @josephfcox as he was able to break into his bank account using an AI-generated voice. Voice verifications are used at banks across the U.S. and Europe to allow customers to log into their account over the phone. Some banks proclaim that voice identification is as safe and secure as fingerprints but this experiment shatters the idea that voice-based biometric authentication provides foolproof protection against synthetic voices. The author used a free voice creation service called ElevenLabs, an AI-voice company. Although the likelihood of real-time abuse is currently low, some experts are suggesting that banks abandon voice authentication altogether.
US Marshals Ransomware Hit Is ‘Major’ Incident
Dark Reading: The US Marshals Service (USMS), which is in charge of hunting down fugitives and managing the Witness Security Program, experienced a major ransomware attack where hackers made off with a large amount of very sensitive data. The affected system held sensitive information related to law enforcement, including legal documents, administrative details, and personally identifiable data about individuals involved in USMS investigations, as well as certain USMS employees and third parties. While the Witness Security Program was not affected, the attack is a major incident to the USMS system and a concrete motive for this breach will hopefully emerge once the investigation concludes.
One out of every 10 records in the cloud is exposed to all employees. (source)
U.S. businesses spend an average of $10,000 per employee on regulatory costs. (source)
Charlies is a 14 year cyber security expert. He started his career in the U.S. armed forces and then transitioned into commercial roles. A security engineer by training, he's well-versed in tool deployment and administration.
Ellen bring a decade of GRC expertise to the TalPoint community. She's knowledgeable on a variety of frameworks and employs a methodical approach to compliance. She's available for needs assessments, gap assessments, internal audits, and for certain frameworks running independent 3rd party audits.
Zachary bring a 20+ year career in risk management to the TalPoint community. He's worked across healthcare, finance, and supply chain manufacturing. His broad experience offers both a holistic view of risk as well as a common sense approach to risk management.