Critical Security Update: April 20, 2024 (LastPass, Whales Market, Palo Alto Networks, Microsoft Servers)
Critical Security Update
LastPass, Whales Market, Palo Alto Networks, Microsoft Servers
Risk 1: HIGH
Issue: LastPass is, once again, in the news. A malicious group is using both phishing and vishing attacks to obtain password vault credentials directly from users. The focus is on crypto but could impact entire LastPass accounts.
Resolution: LastPass users should never give out their credentials. Ever. A LastPass employee would have access to the portion of your account for troubleshooting already; there is never a need to provide credentials. Also, users should go directly to LastPass’s websites, not using e-mail based links. LastPass will not call you without notice.
Risk 2: Medium
Issue: A recent Google ad with pictures of whales is being used in phishing attempts to drain crypto wallets on the Whales Market platform.
Resolution: Users on Whales Market should immediately change their password and be careful to only go directly to the platform site instead of following ads.
Risk 3: Medium
Issue: Palo Alto Networks has announced a large vulnerability within their firewall devices allowing critical command injections - the ability to remotely execute administrative commands. This impacts over 22,000 firewall devices.
Resolution: Users of Palo Alto hardware should update their systems (PAN-OS) immediately.
Risk 4: Low
Issue: Microsoft “mistakenly” added copilot to its list of automatically installed apps with its Microsoft Server platform. Copilot was installed on thousands of servers without authorization. Microsoft has stated no data was shared.
Resolution: This is the second mistake in deployments from Microsoft over the course of the last month. If you recall, the last one was mislabeled security updates and now the copilot deployment. Microsoft platform users should pay extra attention to what automatic updates they have in place.
Announced Data Breaches
United Nations Development Programme
Hospital Simone Veil
Frontier Communications
MITRE
UnitedHealth
Cisco Duo