Top Cybersecurity headlines ::
Meta, Google and other social media sites are sharing user data and chat logs to prosecute individuals in states where abortion is illegal. Since the Supreme Court overturned U.S. national abortion law last year, there have been several cases where prosecutors have relied on data collected by online pharmacies, social media posts, and user data requests to charge women who were seeking an abortion. Online pharmacies that sell abortion medication share sensitive information with Google and other third-party sites, including users’ web addresses, relative location and search data, which the third parties may eventually be asked to turn over to law enforcement. The large companies who manage this data rarely turn down law enforcement requests for data. (Insider, Mashable)
After the one-year anniversary of Russia’s invasion of Ukraine, experts are looking at how this has become one of the world’s first hybrid wars, including Russia’s many cyber weapons its deployed against Ukraine over the past year. Other countries who feel they may be vulnerable to large-scale cyber attacks from nation-states (such as Taiwan against China) can learn quite a bit from how Ukraine has responded so far to Russian attacks. A new deep-dive report also outlines how crucial a cyber attack against the Viasat satellite network helped Russia prepare for its ground invasion just a few days prior. (NPR, Bloomberg)
Password management company LastPass said attackers accessed a decrypted vault available to only a handful of company developers by hacking an employee’s home computer in August. The new details add on to a data breach the company first disclosed several months ago. LastPass said an unknown threat actor stole valid login credentials from a senior DevOps engineer and accessed the contents of a LastPass data vault. That vault contained access to a shared cloud storage environment that included encryption keys for customers’ vault backups stored on Amazon S3 buckets. The attackers reportedly exploited a flaw in Plex, a media-sharing software, to access the user’s home device in the first place. Plex disclosed its own data breach in late August. (Ars Technica, Wired)
