![]() ![]() ![]() "Threat actors will use any security gap or weakness to initially breach the network, and then move laterally across to their intended target – in this case it was corporate data from cloud storages." "People assume that if a personal home computer has nothing of value on it, then it won't be a target for cyber-criminals however, this is simply not true," Mackay added. ![]() "The threat actor was also able to copy a backup of customer vault data from the encrypted storage container, which is stored in a proprietary binary format that contains both unencrypted data, such as website URLs, as well as fully-encrypted sensitive fields, such as website usernames and passwords, secure notes, and form-filled data," LastPass continued.Īccording to Martin Mackay, CRO at Versa Networks, the breach updates by LastPass are a stark reminder that remote working and BYOD (bring your own device) are increasingly blurring the lines between home and work networks. These include company names, end-user names, billing addresses, email addresses and telephone numbers, as well as the IP addresses used by customers to access the LastPass website. "We have determined that once the cloud storage access key and dual storage container decryption keys were obtained, the threat actor copied information from backup that contained basic customer account information and related metadata," the company wrote. This information was then used by the threat actor between August and October to steal credentials and keys later used to access and decrypt certain storage volumes within the cloud-based storage service in the December attack. LastPass has revealed that the threat actor who breached the company's systems in August 2022 did so by leveraging source code and technical information that were obtained from the company's development environment via a home computer belonging to a DevOps engineer.įrom a technical standpoint, LastPass said information was obtained via a keylogger installed on the employee's device by exploiting a remote code execution (RCE) vulnerability in a third-party media software package. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |