3/2/2024 0 Comments Hacker news lastpassTargeting the DevOps engineer’s home computer and exploiting a vulnerable third-party media software package (Plesk, according to an Ars Technica source) to be able to remotely execute code remote code. How did the attacker do it? As it turns out, they stole access credentials from a senior DevOps engineer by: “The second incident saw the threat actor quickly make use of information exfiltrated during the first incident, prior to the reset completed by our teams, to enumerate and ultimately exfiltrate data from the cloud storage resources,” the company explained. The second incident went initially unnoticed, LastPass says, the tactics, techniques, and procedures (TTPs) and the indicators of compromise (IOCs) of the second incident “were not consistent with those of the first.” It was only later determined that the two incidents were related. Getting into the LastPass corporate vault The results of both breaches are catastrophic and the list of data and secrets stolen/compromise as a result is extensive. LastPass is, once again, telling customers about a security incident related to the August 2022 breach of its development environment and subsequent unauthorized access to the company’s third-party cloud storage service that hosted backups: “The threat actor leveraged information stolen during the first incident, information available from a third-party data breach, and a vulnerability in a third-party media software package to launch a coordinated second attack.”
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |