A password manager used by millions. A firewall vulnerability that just got six times worse. A messaging app scam built to steal years of private conversations. This week's cybersecurity news covers three very different attacks, and every one of them carries a lesson for small business owners on Florida's Treasure Coast, Space Coast, and South Florida.
LastPass's Vendor Breach Exposed Customer Data, Not Passwords
If you use LastPass, your master password and your vault are safe. But attackers still walked away with customer names, phone numbers, email addresses, physical addresses, and support case history, enough detail to build a convincing phishing attack.
Here's how it happened. LastPass used a third-party marketing platform called Klue for competitive intelligence. A hacking group known as Icarus broke into Klue using an old, forgotten integration credential that should have been deactivated but wasn't. From there, attackers extracted authentication tokens that gave them access to the Salesforce environments of more than a dozen Klue customers at once, including LastPass and several other well-known security companies.
Why a Third-Party Vendor Breach Is Called a Supply Chain Attack
Instead of attacking LastPass directly, the hackers went through a trusted vendor that had a hidden door into LastPass's systems. This is called a supply chain attack, and it's becoming more common because it's efficient for attackers: one breach at one vendor can open the door to dozens of organizations simultaneously. If a password manager used by millions can be exposed through a marketing tool it barely thinks about, it's worth asking what similar blind spots might exist in your own business network. This is exactly the kind of gap our Advanced Cybersecurity is built to find before an attacker does.
What LastPass Users Should Watch For
Your master password and vault contents were not compromised. But be cautious of any emails, calls, or messages claiming to be from LastPass support over the coming weeks, months, or even years. LastPass will never ask for your master password, and any message that does is a scam.
FortiGate Firewall Vulnerability Is Far Worse Than First Reported
Last week we covered FortiBleed, a credential leak affecting Fortinet firewalls and VPNs at organizations including AT&T, Chevron, and Samsung. At the time, the estimate was roughly 74,000 affected devices. That number has now grown to 430,000 FortiGate firewalls worldwide, according to a new breakdown published by security firm SOCRadar.
Inside the FortiGate Sniffer Attack Tool
This wasn't simple password exposure. Attackers assessed to be a Russian-speaking cybercrime group deployed a custom tool called FortiGate Sniffer directly onto compromised firewalls, secretly intercepting logins in real time. Between late May and mid-June, the tool ran 659 separate harvesting cycles, collecting more than 110 million credentials across 24 different authentication protocols.
What This Means If Your Business Runs Fortinet Equipment
Resetting the firewall's administrative password isn't enough. Any credential that passed through a compromised device, including Active Directory accounts, VPN logins, remote desktop access, and email accounts, should be treated as potentially exposed and changed. In one confirmed case, harvested credentials were used to breach a NATO-aligned defense contractor.
Small Businesses Are the Primary Target
Here's the detail that matters most for local business owners: this campaign deliberately targeted small and medium-sized businesses. Over 66% of victims had fewer than 200 employees, meaning companies without a full-time IT team watching for exactly this kind of threat. If your business runs on Fortinet equipment, rotating all credentials, enabling multi-factor authentication everywhere, and confirming your firewall management interface isn't exposed directly to the internet are essential first steps. Not sure where your network stands? Schedule a FREE network assessment today!
Russian Intelligence Is Targeting Signal Backup Recovery Keys
The FBI and CISA have updated a March advisory about Russian intelligence operatives targeting users of Signal, one of the most widely used secure messaging apps. The new detail: attackers are now specifically going after a feature called the Signal backup recovery key.
How the Signal Recovery Key Scam Works
Signal's optional Secure Backups feature stores an encrypted copy of your messages, photos, and documents, unlocked only by a unique 64-character recovery key that Signal itself never has access to. Attackers impersonate an account called Signal Support, warning that your backup is at risk due to a sync issue and asking you to paste your recovery key into the chat. Handing over that key gives an attacker access to your entire message history, not just future messages, going back years. Even changing your Signal number or starting a new account doesn't undo access to backups already taken. The FBI has linked this campaign to multiple Russian intelligence groups, including FSB officers and military intelligence, with targets including journalists, human rights workers, and activists, though researchers warn the tactic is spreading more broadly.
How to Protect Your Signal Account
Go into Signal's settings, navigate to backups, and generate a new recovery key. This immediately kills the old key and prevents anyone who obtained it from downloading further backups. Signal will never contact you inside the app asking for your recovery key, registration code, or PIN. Any message that does is a scam.
Two Teen Hackers Behind Major Breaches Plead Guilty
In a rare piece of good news, two more members of the hacking group Scattered Spider, responsible for the MGM Resorts and Caesars Entertainment breaches, entered guilty pleas in a London courtroom this week for their roles in the Transport for London attack, which cost an estimated $39 million and forced 28,000 employees to reset passwords in person. One defendant is separately charged in the US in connection with over 120 intrusions against 47 American companies, with victims paying more than $115 million in ransom combined; the other admitted to hacking US health care companies SM Health Care and Sutter Health. Sentencing is scheduled for July 16th, and international cooperation between the FBI, the UK's National Crime Agency, and European partners appears to be closing the gap these groups once relied on.
What Florida Business Owners Should Do Next
Three different attacks, one common thread: attackers are increasingly going after the weak links around your business, whether that's a vendor's marketing tool, an unpatched firewall, or an employee's messaging app. If you're a business owner on the Treasure Coast, Space Coast, or in South Florida and you're not confident your network is protected against threats like these, that's exactly what A Faster PC does every day. Contact A Faster PC or book a free discovery call at AFasterPC.com/discoverycall, and let's make sure your firewalls, credentials, and network are locked down before an attacker finds the gap first.
Frequently Asked Questions
Q: Was my LastPass master password exposed in this breach?
A: No. The breach happened through a third-party marketing vendor called Klue, not LastPass's own vault infrastructure. Your master password and vault contents remain secure, but attackers did access contact details like your name, phone number, email, address, and support case history.
Q: What is a supply chain attack?
A: A supply chain attack is when hackers break into a trusted vendor or partner instead of attacking a company directly, then use that vendor's access to reach the real target. In this case, attackers broke into Klue, a marketing tool, and used it to reach the Salesforce environments of LastPass and more than a dozen other companies at once.
Q: How many FortiGate firewalls are actually affected by FortiBleed?
A: The number has grown significantly since it was first reported. Initial estimates put it at roughly 74,000 devices; the current figure from security firm SOCRadar is 430,000 FortiGate firewalls worldwide.
Q: If I use a Fortinet firewall, is changing the admin password enough?
A: No. Attackers used a tool that intercepted logins flowing through compromised firewalls, so any credential that passed through, including Active Directory, VPN, remote desktop, and email logins, should be treated as potentially exposed and changed, not just the firewall's own admin password.
Q: What is the Signal recovery key scam?
A: Attackers impersonate Signal support inside the app, claiming your backup is at risk, and ask you to paste your 64-character recovery key into the chat. If you do, they can download and read your entire Signal message history going back years. Signal itself will never ask for this key.
Q: How do I protect myself from the Signal backup scam?
A: Go into Signal's settings, navigate to Backups, and generate a new recovery key. This immediately disables the old key so it can no longer be used, even if it was already compromised.
Q: Are small businesses actually being targeted by these attacks, or just large companies?
A: Small businesses are a primary target. In the FortiGate campaign, over 66% of victims had fewer than 200 employees, largely because these organizations often lack a dedicated IT team monitoring for this kind of threat.
Q: I'm a small business owner on the Treasure Coast, Space Coast, or South Florida. Where do I start if I'm not sure my network is protected?
A: A Faster PC helps Treasure Coast, Space Coast, and South Florida businesses audit their firewalls, rotate credentials, and lock down their networks against exactly these kinds of threats. A free discovery call is the easiest way to find out where you stand.
Watch the full video here: The LastPass Breach Nobody's Talking About: Why Third-Party Tools Are Your Biggest Risk.
About A Faster PC
A Faster PC is a leading managed services provider (MSP) serving Florida's Treasure Coast, Space Coast, and South Florida. A Faster PC provides responsive IT support, advanced cybersecurity solutions, cloud backup, disaster recovery, breach remediation, patch management, computer repair, and technical support for accounting offices, attorneys' offices, medical offices, dental offices, professional offices, small- to medium-sized businesses, non-profits, churches, home office users, and individuals throughout the regions. We help our clients cut costs in their Internet, TV, and telephone bills and in business operations.
Every week at 10:07 AM EST, A Faster PC hosts A Faster PC Live Technical Support which is a live Radio Show that is livestreamed to YouTube and Facebook and is available as a podcast. For various ways to listen to and watch A Faster PC Live Technical support, visit https://www.afasterpc.com/live-technical-support/.
A Faster PC services the following counties and cities: St. Lucie County including: Port St. Lucie, Fort Pierce, St. Lucie West, Tradition, St. Lucie Village; Martin County including: Stuart, Jensen Beach, Jupiter Island, Ocean Breeze Park, and Sewall's Point; Indian River County: including Vero Beach, Sebastian, Fellsmere, Indian River Shores; Palm Beach County including: Jupiter, Jupiter Inlet Colony, Juno Beach, Tequesta, Palm Beach Gardens, North Palm Beach, Palm Beach Shores, Riviera Beach, West Palm Beach, Wellington, Royal Palm Beach, Greenacres, Lake Worth Beach, Lantana, Boynton Beach, Ocean Ridge, Briny Breezes, Gulf Stream, Delray Beach, Highland Beach, and Boca Raton; Broward County including: Fort Lauderdale, Hollywood, Pompano Beach, Coral Springs, Pembroke Pines, Miramar, Davie, Plantation, Sunrise, Deerfield Beach, Lauderhill, Weston, Tamarac, Coconut Creek, Margate, Lauderdale Lakes, Oakland Park, Hallandale Beach, Cooper City, Wilton Manors, Lighthouse Point, Parkland, Lauderdale-by-the-Sea, Sea Ranch Lakes, Lazy Lake, Hillsboro Beach, Southwest Ranches, North Lauderdale, Dania Beach; Miami-Dade County including: Miami, Miami Beach, Hialeah, Miami Gardens, Coral Gables, Homestead, Doral, North Miami, Aventura, Kendall, Cutler Bay, Sunny Isles Beach, Key Biscayne, Pinecrest, Surfside, Bal Harbour, North Miami Beach, Palmetto Bay, Miami Springs, Opa-locka, Miami Lakes, Florida City, South Miami, Sweetwater, West Miami, Bay Harbor Islands, Biscayne Park, El Portal, Golden Beach, Hialeah Gardens, Indian Creek, Medley, North Bay Village, and Virginia Gardens; and Okeechobee County including: Okeechobee, Taylor Creek, Cypress Quarters, Fort Drum, and Basinger.


