LastPass says attackers accessed customers’ data after breaching its cloud storage using information stolen during a security incident in August 2022 (Sergiu Gatlan/BleepingComputer)

Sergiu Gatlan / BleepingComputer:
LastPass says a hacker had access to its systems for four days in August 2022 but there is no evidence they accessed customer data or encrypted password vaults  —  LastPass says the attacker behind the August security breach had internal access to the company’s systems for four days until they were detected and evicted.

Sergiu Gatlan / BleepingComputer:
The FBI and CISA say an Iranian-backed threat group hacked a US Federal Civilian Executive Branch and deployed XMRig cryptomining malware via the Log4Shell flaw  —  The FBI and CISA revealed in a joint advisory published today that an unnamed Iranian-backed threat group hacked …

Sergiu Gatlan / BleepingComputer:
2K, owned by Take Two Interactive and publisher of Bioshock, Xcom, and popular sports games, says its help desk was hacked and sent customers links to malware  —  American video game publisher 2K has confirmed that its help desk platform was hacked and used to target customers …

Lawrence Abrams / BleepingComputer:
Security engineer says Uber hacker had access to its HackerOne bug bounty program; source: the hacker downloaded all vulnerability reports before losing access  —  Uber suffered a cyberattack Thursday afternoon with a hacker gaining access to vulnerability reports and sharing screenshots …

Sergiu Gatlan / BleepingComputer:
Dropbox says hackers stole code and some API keys from 130 GitHub repositories via a phishing campaign, but its core apps and infrastructure were unaffected  —  Dropbox disclosed a security breach after threat actors stole 130 code repositories after gaining access to one of its GitHub …

Sergiu Gatlan / BleepingComputer:
Google updates Chrome to address an actively exploited high-severity zero-day vulnerability in Mojo, its sixth patch for zero-day vulnerabilities in 2022  —  Google has released Chrome 105.0.5195.102 for Windows, Mac, and Linux users to address a single high-severity security flaw …