LastPass: Hackers targeted employee in failed deepfake CEO call

LastPass revealed this week that threat actors targeted one of its employees in a voice phishing attack, using deepfake audio to impersonate Karim Toubba, the company's Chief Executive Officer.
While 25% of people have been on the receiving end of an AI voice impersonation scam or know someone who has, according to a recent global study, the LastPass employee didn't fall for it because the attacker used WhatsApp, which is a very uncommon business channel.
Kosak added the attack failed and had no impact on LastPass.
The company still chose to share details of the incident to warn other companies that AI-generated deepfakes are already being used in executive impersonation fraud campaigns.
The deepfake audio used in this attack was likely generated using deepfake audio models trained on publicly available audio recordings of LastPass' CEO, likely this one available on YouTube.
LastPass' warning follows a U.S. Department of Health and Human Services alert issued last week regarding cybercriminals targeting IT help desks using social engineering tactics and AI voice cloning tools to deceive their targets.
The use of audio deepfakes also allows threat actors to make it much harder to verify the caller's identity remotely, rendering attacks where they impersonate executives and company employees very hard to detect.
Europol warned in April 2022 that deepfakes may soon become a tool that cybercriminal groups routinely use in CEO fraud, evidence tampering, and non-consensual pornography creation.
Malicious PowerShell script pushing malware looks AI-written.
Chrome Enterprise gets Premium security but you have to pay for it.
Visa warns of new JSOutProx malware variant targeting financial orgs.
Google now blocks spoofed emails for better phishing protection.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 11 Apr 2024 22:05:12 +0000


Cyber News related to LastPass: Hackers targeted employee in failed deepfake CEO call

LastPass Free vs. Premium: Which Plan Is Right for You? - LastPass is a password manager that integrates with web browsers and other applications to securely save and autofill passwords. LastPass Free comes at no cost and provides features like unlimited password management and dark web monitoring. LastPass ...
10 months ago Techrepublic.com
LastPass breach linked to theft of $4.4 million in crypto - Hackers have stolen $4.4 million in cryptocurrency on October 25th using private keys and passphrases stored in stolen LastPass databases, according to research by crypto fraud researchers who have been researching similar incidents. The news comes ...
1 year ago Bleepingcomputer.com
LastPass is enforcing some security changes to user accounts - LastPass is making some changes to enhance the security of its to user accounts. The news comes as a follow-up to the company's plans to enforce stronger passwords a few months ago. ADVERTISEMENT. A brief recap of the LastPass security breaches. ...
11 months ago Ghacks.net
LastPass: Hackers targeted employee in failed deepfake CEO call - LastPass revealed this week that threat actors targeted one of its employees in a voice phishing attack, using deepfake audio to impersonate Karim Toubba, the company's Chief Executive Officer. While 25% of people have been on the receiving end of an ...
8 months ago Bleepingcomputer.com
LastPass now requires 12-character master passwords for better security - LastPass notified customers today that they are now required to use complex master passwords with a minimum of 12 characters to increase their accounts' security. Even though LastPass has repeatedly said that there is a 12-character master password ...
11 months ago Bleepingcomputer.com
Timeline of the Latest LastPass Data Breaches - A Complete Overview - LastPass, a popular password management system, has been the target of malicious hackers several times in the last few years. In this article, we’ll take a look at the latest LastPass data breaches and what happened in each incident. ...
1 year ago Csoonline.com
Indian Government Warns Social Media Platforms Over Deepfake Misinformation - In a strong statement directed at social media platforms, the government of India has emphasized the critical need for swift identification and removal of misinformation, including deepfakes, or risk facing legal consequences. This warning follows a ...
10 months ago Cysecurity.news
Security Breach at LastPass: Customer Data Taken - A recent security breach has exposed customer data from LastPass, a password manager. LastPass has confirmed that a third party was able to access some of the data, including users’ email addresses, hashed passwords, and other account and profile ...
1 year ago Hackread.com
Fake LastPass password manager spotted on Apple's App Store - LastPass is warning that a fake copy of its app is being distributed on the Apple App Store, likely used as a phishing app to steal users' credentials. The fake app uses a similar name to the genuine app, a similar icon, and a red-themed interface ...
10 months ago Bleepingcomputer.com
Fake app impersonating LastPass spotted in Apple's App Store The Register - LastPass says a rogue application impersonating its popular password manager made it past Apple's gatekeepers and was listed in the iOS App Store for unsuspecting folks to download and install. A screenshot of the fake LastPass app in the Apple App ...
10 months ago Go.theregister.com
Deepfake-Generating Apps Explode, Allowing Multimillion-Dollar Corporate Heists - Deepfake creation software is proliferating on the Dark Web, enabling scammers to carry out artificial intelligence-assisted financial fraud with previously unheard of creativity and scope. Consider what happened a few weeks back, when a Hong ...
10 months ago Darkreading.com
Got Now Suffers Security Breach After Acquisition of LastPass - Got Now, the parent company of password vault LastPass, recently suffered a massive security breach, resulting in malicious actors gaining access to LastPass user data. LastPass, a cross-platform password manager which is used as an authentication ...
1 year ago Thehackernews.com
LastPass Hikes Password Requirements to 12 Characters - Password-manager purveyor LastPass has announced it's setting new rules about the strength of customer passwords, with a new mandate that account master passwords include a minimum of 12 characters. A Jan. 2 blog post from LastPass senior principal ...
11 months ago Darkreading.com
AI, Deepfakes and Digital ID: The New Frontier of Corporate Cybersecurity - iD. The emergence of deepfakes fired the starting pistol in a cybersecurity arms race. Deepfakes will intensify the already acute pressure placed on trust and communication in the public sphere. Because of this focus, what risks being missed is the ...
6 months ago Cyberdefensemagazine.com
Deepfake attacks will cost $40 billion by 2027 - Now one of the fastest-growing forms of adversarial AI, deepfake-related losses are expected to soar from $12.3 billion in 2023 to $40 billion by 2027, growing at an astounding 32% compound annual growth rate. Deloitte sees deep fakes proliferating ...
5 months ago Venturebeat.com
CVE-2022-48998 - In the Linux kernel, the following vulnerability has been resolved: powerpc/bpf/32: Fix Oops on tail call tests test_bpf tail call tests end up as: test_bpf: #0 Tail call leaf jited:1 85 PASS test_bpf: #1 Tail call 2 jited:1 111 PASS test_bpf: #2 ...
2 months ago Tenable.com
LastPass Warns on Password App Discovered in Apple App Store - LastPass is a password manager application - a tool that allows users to create multiple secure passwords and store them all in one place, behind one strong master password. Though the fake app closely resembles the official LastPass app in terms of ...
10 months ago Darkreading.com
LastPass Enforces 12-Character Master Passwords - Two years after suffering a series of major beaches, LastPass has started implementing stricter password measures for its customers. These include the requirement for all customers to use a master password with at least 12 characters. This measure ...
11 months ago Infosecurity-magazine.com
America to offer compensation to victims of Deep Fake AI content - Deepfake technology has become a significant concern, producing computer-generated images, videos, and audio that mimic real individuals, leading to the dissemination of misleading and often absurd content. In response, the United States government, ...
9 months ago Cybersecurity-insiders.com
Deepfake Digital Identity Fraud Surges Tenfold, Sumsub Report Finds - Threat actors undertaking identity fraud have been using deepfakes ten times more in 2023 than in 2022, according to digital identity verification solutions provider Sumsub. In its third annual Identity Fraud Report, published on November 28, 2023, ...
1 year ago Infosecurity-magazine.com
Fakers Steal $26M via Video - Spearphish pivots to deepfake Zoom call, leads to swift exit of cash. A poor peon in the finance department of a large company got taken in by a deepfake of the firm's chief financial officer. Your humble blogwatcher curated these bloggy bits for ...
10 months ago Securityboulevard.com
Cofense enhances PhishMe to identify engagement and resilience gaps across all employee levels - Cofense unveiled new enhancements to its PhishMe Employee Security Awareness Training Platform. Employee Engagement Index, is set to transform how organizations manage email security risks. The introduction of the Employee Engagement Index transforms ...
5 months ago Helpnetsecurity.com
More Than 100 Deepfake Ads Featuring British Prime Minister Spread On Facebook - Facebook scammers are constantly seeking new ways to fool users, and deepfake videos are at the very cutting edge. In addition to fraud, these fake doctored videos are increasingly being used to spread misinformation online. According to researchers ...
11 months ago Facecrooks.com
Deepfake Democracy: AI Technology Complicates Election Security - Recent events, including an artificial intelligence-generated deepfake robocall impersonating President Biden urging New Hampshire voters to abstain from the primary, serve as a stark reminder that malicious actors increasingly view modern generative ...
10 months ago Darkreading.com
Holiday Hackers: How to Safeguard Your Service Desk - Hackers really don't take holidays, but they will take advantage of them. Many of these cyberattacks will zero in on the service or help desk to gain entry into network systems. Recovering accounts because of forgotten passwords is one of the ...
1 year ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)