An employee of LastPass was responsible for the massive breach at the company as he failed to update Plex on his home computer when he was updating Plex on his work computer. A potential danger lurks in failing to keep software up-to-date, as this is a sobering reminder of the risks involved.
In a recent report on the embattled password management service, it was revealed that unidentified actors used information stolen from a previous incident that occurred before August 12, 2022, to launch a coordinated second attack between August and October 2022 based on information that was obtained from a third-party data breach and vulnerabilities in third-party media software packages.
In the end, an intrusion led to the adversary stealing information about customers and password vault data, which was partially encrypted.
Secondly, an attack targeted one of the DevOps engineers, forging credentials and breaching the cloud storage environment by infecting the engineer’s home computer with keylogger malware.
In addition to a critical severity vulnerability, CISA added a known exploited vulnerability to its Known Exploited Vulnerabilities (KEV) section (tracked as CVE-2021-39144), exploited by third parties since early December.
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: