Week in review: LastPass breach disaster, online tracking via UID smuggling, ransomware in 2023

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

LastPass says attackers got users’ info and password vault data
The information couldn’t come at a worst time, as businesses are winding down their activities and employees and users are thick in the midst of last-minute preparations for end-of-year holidays.

New Microsoft Exchange exploit chain lets ransomware attackers in (CVE-2022-41080)
Ransomware-wielding attackers are using a new exploit chain that includes one of the ProxyNotShell vulnerabilities (CVE-2022-41082) to achieve remote code execution on Microsoft Exchange servers.

Make sure your company is prepared for the holiday hacking season
We’re coming to that time of the year when employees are excited about the holidays and taking time off to be with their loved ones. But while employees are preparing for some rest and relaxation, hackers are gearing up for their busy season.

5 cybersecurity trends accelerating in 2023
Netwrix has released key cybersecurity trends that will affect organizations of all sizes in 2023.

What happens once scammers receive funds from their victims
In this Help Net Security video, Ronnie Tokazowski, Principal Threat Advisor at Cofense, offers insight into the world’s most lucrative cybercrime – business email compromise (BEC).

APIs are placing your enterprise at risk
The recent push to focus on API security comes at a critical time where more enterprises are relying on enterprise mobility, meaning increasing a reliance on mobile app connectivity.

UID smuggling: A new technique for tracking users online
Advertisers and web trackers have been able to aggregate users’ information across all of the websites they visit for decades, primarily by placing third-party cookies in users’ browsers.

Ransomware predictions for 2023
In this Help Net Security video, Dave Trader, Field CISO at Presidio, talks about the evolution of ransomware attacks and outlines what we can expect in 2023.

Amplified security trends to watch out for in 2023
In 2023 and beyond, organizations can expect to continue dealing with many of the same threats they face today but with one key difference: expect criminals to leverage technological advancements to optimize the effectiveness of their attacks.

85% of attacks now use encrypted channels
Malware continues to pose the greatest threat to individuals and businesses across nine key industries, with manufacturing, education and healthcare being the most commonly targeted, according to Zscaler.

The benefit of adopting a hacker mindset for building security strategies
As VP of Research at Pentera, Alex Spivakovsky leads a team of former pen-testers, red-teamers, and incident response experts whose job is to bypass existing security controls.

Open source vulnerabilities add to security debt
The number of open source vulnerabilities that Mend identified and added to its vulnerability database in the first nine months of 2022 was 33 percent greater than the first nine months of 2021, reflecting both the growth in the number of published open-source packages and the acceleration of vulnerabilities.

Adversarial risk in the age of ransomware
Éireann Leverett, Technology and Risk Entrepreneur, makes audience think about ransomware risks from more that one perspective, and that includes the perspective of the threat actors. This video was recorded at IRISSCON 2022, an annual conference organized by IRISSCERT.

CISO roles continue to expand beyond technical expertise
Marlin Hawk has tracked and analyzed the profiles of 470 CISOs year-over-year to understand the changing dynamics in this critical leadership position.

Connected homes are expanding, so is attack volume
78% Americans report unsafe online behaviors that open them up to cyber threats, such as reusing or sharing passwords, skipping software updates and more – a 14% increase from just two years ago, according to Comcast.

Companies overwhelmed by available tech solutions
92% of executives reported challenges in acquiring new tech solutions, highlighting the complexities that go into the decision-making process, according to GlobalDots.