LastPass Customer Cloud Based Password Vaults Breach

 From the LastPass blog Today December 23

"To date, we have determined that once the cloud storage access key and dual storage container decryption keys were obtained, the threat actor copied information from backup that contained basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service,"

The vaults are encrypted, BUT

the encryption is proprietary and a previous LastPass breach stole source code.

AND LastPass customers can expect an increase in phishing and other attacks

Apple Updates Everything December 13, 2022

 Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device.

• iCloud for Windows 14.1
• Safari 16.2
• macOS Monterey 12.6.2
• macOS Big Sur 11.7.2
• tvOS 16.2
• watchOS 9.2
• iOS 15.7.2 and iPadOS 15.7.2
• iOS 16.2 and iPadOS 16.2
• macOS Ventura 13.1