In this week's Cyber Blurbs Roundup, we talk about LastPass’s consequential decision to devalue its free plan, the malware already infecting Apple’s latest computers, and the latest reason to hate the DMV.

Let’s get to it:

LastPass Nerfs its Free Tier 

And now a moment of silence for all your frugal friends and colleagues who’ve been taking advantage of a too-good-to-be-true opportunity for enhanced security. LastPass, one of just a handful of password managers to offer a free option, is making changes. Earlier this month, the company announced that it would no longer support its free plan in the same capacity. 

That’s not to say LastPass won’t offer a free plan of any kind. It will. It just won’t be nearly as enticing.

LastPass says it will still allow users on its unpaid tier to access its app across multiple devices… it’s just that those devices will have to belong to the same family of device. Meaning, you’ll be able to access the app across multiple desktops or multiple mobile devices, but not desktops and mobile devices. That sudden luxury will come at the expense of some of your hard-earned stimulus dollars. 

It’s not all bad news, though. The company’s cheapest pricing plan — which offers the right to access the app across devices of a different category — will only run you $3 a month (billed annually at $36). You might even consider pocketing some of that money by splitting the bill with a family plan, which will only run you $4 a month (billed annually at $48) for up to six users. It’ll make sharing your Netflix password that much easier. 

You might, you know, also consider leaving LastPass. Plenty of people are moving onto Bitwarden, an open-source password manager that offers most of what users are probably looking for: free and easy. Bitwarden also offers a “premium” account for less than $1 a month (billed annually at $10). That’ll net you some goodies like personal storage and emergency access. 

For those reading this wondering why a password manager should even be considered, well, we’ve got you covered. 

Apple’s New Computers Already Vulnerable

The advent of any new technology is often followed by individuals looking to compromise said new technology. Hackers, in essence, ruin everything. Apple’s still-new M1 Macs are not immune from this reality. 

Unveiling the next generation of Apple computers last fall, the tech community largely praised Apple for its updated work stations. The computers were equipped with ARM-based M1 processors, a marked shift from the company’s relationship with Intel. That, for those unfamiliar with the lexicon (fancy word for “words”), gives Apple greater control over how its computers operate. The newer Macs are said to be faster, more powerful, and more energy-efficient. 

But the honeymoon phase, as is often the case, was not destined to last. Noted Mac security researcher Patrick Wardle published some findings earlier this month, stating that a Safari adware extension previously developed for the last-gen Macs has now been redeveloped for the latest iteration. 

“This shows that malware authors are evolving and adapting to keep up with Apple's latest hardware and software,” Wardle told WIRED. “As far as I know, this is the first time we've seen this.”

This adware is said to pose as a legitimate Safari extension that ultimately collects user data while also pushing unwanted pop-up ads that may lead to other malicious websites. 

A separate piece of malware has security researchers equally concerned, with ArsTechnica reporting that nearly 30,000 M1 Macs are said to be infected by malware that has yet to reveal its full intentions.

Ransomware Attack Puts California DMV Customers at Risk

Just when you thought the DMV couldn’t get any worse, it goes and does. California’s Department of Motor Vehicles issued a statement warning of a potential data breach after one of its contractors suffered a ransomware attack.

Automatic Funds Transfer Services (AFTS), a Seattle-based company responsible for verifying changes of address for the DMV since 2019, was hit by a ransomware strain earlier this month.

The DMV says the last 20 months of data may have been compromised, including names, addresses, license plate numbers, and vehicle identification numbers. Fortunately for anybody at risk, the DMV says AFTS does not have access to more sensitive data such as Social Security numbers, dates of birth, voter registration, immigration status, or driver’s license information. 

Despite not having overly sensitive data breached, California DMV director Steve Gordon tells TechCrunch it’ll continue looking at additional ways of implementing stronger security protocols to protect information in its database.