LastPass says a hacker had access to its systems for four days in August 2022 but there is no evidence they accessed customer data or encrypted password vaults (Sergiu Gatlan/BleepingComputer)

Sergiu Gatlan / BleepingComputer:
LastPass says attackers accessed customers’ data after breaching its cloud storage using information stolen during a security incident in August 2022  —  LastPass says unknown attackers breached its cloud storage using information stolen during a previous security incident from August 2022.

Sergiu Gatlan / BleepingComputer:
Dropbox says hackers stole code and some API keys from 130 GitHub repositories via a phishing campaign, but its core apps and infrastructure were unaffected  —  Dropbox disclosed a security breach after threat actors stole 130 code repositories after gaining access to one of its GitHub …

Andrew J. Hawkins / The Verge:
Uber says there is no evidence that sensitive user info, like trip histories, was accessed during the breach, and all of its products are currently operational  —  Uber says there is “no evidence” that any of its users’ private information was compromised in a breach of its internal computer systems.

Lawrence Abrams / BleepingComputer:
Security engineer says Uber hacker had access to its HackerOne bug bounty program; source: the hacker downloaded all vulnerability reports before losing access  —  Uber suffered a cyberattack Thursday afternoon with a hacker gaining access to vulnerability reports and sharing screenshots …

Sergiu Gatlan / BleepingComputer:
Microsoft says hackers used vulnerabilities in Boa web server, discontinued in 2005 but pervasive across IoT devices, to target the Indian power sector  —  Microsoft said today that security vulnerabilities found to impact a web server discontinued since 2005 have been used to target and compromise organizations in the energy sector.

Lawrence Abrams / BleepingComputer:
Some Uber employee records, corporate reports, and IT information is leaked online; Uber says it thinks the data is related to a breach of a third-party vendor  —  Uber has suffered a new data breach after a threat actor leaked employee email addresses, corporate reports …