At a glance.
- Malicious app impersonates LastPass.
- New backdoor targets MacOS users.
- French health insurance companies breached.
- Ivanti discloses another vulnerability affecting Connect Secure and Policy Secure.
Malicious app impersonates LastPass.
A malicious app impersonating the LastPass password manager made it into Apple's App Store, BleepingComputer reports. Apple has since removed the app. TechCrunch notes that although the app was available for several weeks, it doesn't seem to have had many downloads. Christofer Hoff, chief secure technology officer for LastPass, told the Register, "[We're] working with Apple to understand more broadly how an application like this passed their normally rigorous security and brand protection mechanisms. The naming convention, the iconography, and the description of the fraudulent app are all heavily borrowed from LastPass, and this appears to be a deliberate attempt to target LastPass users."