![]() I am a LastPass personal user, and use LastPass for 'work' passwords too, as my company hasn't agreed on a password manager solution at this stage.īeing a large enterprise, this means I can't install the LastPass browser extension - which obviously makes the experience less seamless. Given the apparent failings in its ability to respond swiftly to alerts, it has also revised its threat detection and response coverage, and on-boarded new automated and managed services to assist with this, including custom analytics to detect potential abuse of AWS resources.All I want is a simple button to bring up the password generator, and allow that to populate the password in the New Password screen within the Vault Website (for people who - in particular situations, cannot use the web extension/mobile apps) Since the attack, LastPass has taken a number of steps to harden its own cyber security, including rotating critical and high-privilege credentials, revoking and reissuing the compromised certificates, and applying additional hardening measures to its AWS S3 resources. Ultimately, LastPass said, it had AWS to thank – it was the supplier’s GuardDuty Alerts that flagged anomalous behaviour as the attacker tried to use cloud identity and access management roles to perform unauthorised activity. The fact that the unlucky engineer’s valid credentials were being used to access a shared cloud storage environment made it harder to differentiate between legitimate and illegitimate activity. LastPass said that due to the differing tactics, techniques and procedures (TTPs) used in the attack chain, it had not been immediately obvious that what appeared at first to be two different incidents were in fact linked.Īdditionally, it added, alerting and logging had been enabled throughout the events but did not immediately indicate the anomalous behaviour that later became more obvious. It added that the engineer in question has been receiving support in hardening their home network and equipment. LastPass CEO Karim Toubba said no customer data or password details were compromised, and the company does not recommend an immediate course of action to users.The August 2022 cyber attack on LastPass seems to have begat another incident, according to company CEO Karim Toubba.LastPass disclosed a breach last month in which a threat actor stole personal customer information, including billing addresses and encrypted website login details.TechTarget Security’s Risk and Repeat podcast discusses the fallout of the recent LastPass breach, in which a threat actor stole encrypted logins and unencrypted website URLs from the password manager.“The threat actor then exported the native corporate vault entries and content of shared folders, which contained encrypted secure notes with access and decryption keys needed to access the AWS S3 LastPass production backups, other cloud-based storage resources and some related critical database backups,” the organisation said. The threat actor was able to capture the employee’s master password as it was entered, after the employee authenticated with MFA, and gain access to the DevOps engineer’s LastPass corporate vault. “This was accomplished by targeting the DevOps engineer’s home computer and exploiting a vulnerable third-party media software package, which enabled remote code execution capability and allowed the threat actor to implant keylogger malware. “Due to the security controls protecting and securing the on-premise datacentre installations of LastPass production, the threat actor targeted one of the four DevOps engineers who had access to the decryption keys needed to access the cloud storage service,” LastPass revealed in a new update. Initially, LastPass revealed only that the attacker targeted a developer’s endpoint, but the investigation has now turned up more details. The cyber criminals also accessed a backup of customer vault data including encrypted fields, but as these are encrypted with 256-bit AES encryption and can only be decrypted using a key derived from the user’s master password, which is never known by LastPass, this would be very difficult to achieve as long as the user was following recommended best practice. They then used the information obtained at that point – prior to a reset completed by LastPass – to enumerate and exfiltrate data from cloud storage resources, in a second, deeper and longer-lasting intrusion, disclosed in December 2022, that saw them access customer data.Ĭompromised customer data included account information such as company and user names, billing addresses, email addresses, telephone numbers and IP addresses from where they accessed LastPass. ![]() The first attack took place in August 2022, and saw LastPass praised for its swift response to the incident, which saw the attacker access some source code and proprietary technical information.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |