Malspam sent from Microsoft Outlook that is spreading #LogMeIn GoToResolve RMM, enabling threat actors to access the victim's machine from remote 💻🔍🕵️

IOCs:
📡 adwestmailcenter .com ➡️ Landing page
📡 insightme .im ➡️ fake PDF download

Payload hosted on Cloudflare R2 bucket, but already got nuked due to an abuse report from URLhaus 🙌
https://urlhaus.abuse.ch/url/3751500/

LogMeIn #GoToResolve payload 📄
https://bazaar.abuse.ch/sample/77e22f4e1af7758d6f7284f32a92539ea36a527fa89c8c6765f10a3f98a8d13e/

I canceled #lastpass premium years ago (while they were part of #logmein), then they spun off or something and guess what - my premium subscription was reinstated 😡

I've successfully had the charges refunded by my CC at least 2 years now and the charge appeared again for this year.

I signed into LastPass and sure enough, a premium subscription was again associated with my account. I canceled it - again.

Did LastPass send me a cancellation confirmation email? No. Is there a way for me to

1/2

Tiny IT Pro Tip:
If you don't get a lot of requests for login help through your online portal, it may be that your system rocks...
Or, it may be that you're requiring users to log in to said portal, to get help *checks notes* ...logging in 🤦‍♀️

#IT #techSupport #helpdesk #brilliant #YouCanThankMeLater #ServiceNow #LogMeIn

#lastpass #databreach was just the tip of the iceberg. The parent company #GoTo, formerly #LogMeIn suffered a #databreach too. According to the news, #customer #backups and #encryption keys were stolen by an unidentified actor from the #cloud #storage. I wonder how many businesses were affected, how many are aware and will manage this kind of incident. (And why the encryption keys were in the cloud too).

Via @RightsChain

https://rightschain.net/en/newsroom/news/2023-01-25-lastpass-parent-company-data-breach-compromises-customer-s-backups-the-hacker-news.php

GoTo says hackers stole customers' backups and encryption key

https://www.bleepingcomputer.com/news/security/goto-says-hackers-stole-customers-backups-and-encryption-key/
#GoTo #CyberSecurity #CyberCrime #DataPrivacy #DataBreach #Security #LogMeIn

So, I got on board with #Lastpass years ago, pre their acquisition by #LogMeIn, and many respected and knowledgeable security experts were praising their processes, methods, disclosure. I know that the LogMeIn acquisition was seen as the beginning of the end for Lastpass, with staff cuts, code environment changes, and other poor practices known to LogMeIn.

It's that I'm hearing people attacking the same features that were previously praised, and I'm sensing some cognitive dissonance around "are we critically reviewing the tech, or dog piling a target?" probably some of both, and it is probably time to move off Lastpass, but there's an undercurrent of hypocrisy that's gnawing at me...

https://www.theverge.com/2022/12/28/23529547/lastpass-vault-breach-disclosure-encryption-cybersecurity-rebuttal

I stopped using #LastPass not long after #LogMeIn bought it — their track record was not good and I didn't feel my data would be safe — #security problems do and will always happen, but LastPass now admits attackers have a copy of customers’ password vaults (this was from the August 2022 incident)...

Read more: https://thehackernews.com/2022/12/lastpass-admits-to-severe-data-breach.html and LastPass blog https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/

#privacy #passwords #passwordmanager #backup #userdata