“The threat actor was able to capture the employee’s master password as it was entered after the employee authenticated with MFA and gained access to the DevOps engineer’s LastPass corporate vault,” detailed the company´s recent security incident report. Infoblox discovers rare Decoy Dog C2 exploitĪt RSA, Akamai put focus on fake sites, API vulnerabilitiesĮlectronic data retention policy (TechRepublic Premium) Must-read security coverageġ0 best antivirus software for businesses in 2023 The second attack targeted a DevOps engineer’s home computer. Exploiting a third-party media software package vulnerability, the bad actor then launched the second coordinated attack. The first attack was critical, as the hacker was able to leverage information the threat actor stole during the initial security incident. How the LastPass attacks happened and what was compromisedĪs reported by LastPass, the hacker initially breached a software engineer’s corporate laptop in August.
The global password manager company released a report on Wednesday with new findings from its security incident investigation, along with recommended actions for users and businesses affected. LastPass was hacked twice last year by the same actor one incident was reported in late August 2022 and the other on November 30, 2022.
The investigation now reveals the password manager company's data vault was compromised. LastPass attacks began with a hacked employee's home computer. LastPass releases new security incident disclosure and recommendations
0 kommentar(er)
