![]() ![]() The threat actor gained entry to the DevOps engineer’s LastPass business vault using this technique, which also allowed it to capture the employee’s master password as it was being typed. By taking advantage of a remote code execution flaw in a piece of third-party media software, the hackers successfully installed a keylogger on the employee’s device. The threat actor chose one of the four LastPass DevOps engineers because they had access to the decryption keys. LastPass: DevOps engineer hacked to steal password vault data in 2022 breach – - BleepingComputer FebruHackers Choose A LastPass DevOps System The stolen information from the first hack was used in this second coordinated effort to access the company’s encrypted Amazon S3 buckets. The business has now revealed further information about the attack’s execution strategy.Īccording to LastPass, the hackers installed a keylogger on the computer of a senior DevOps engineer using information acquired in an August data breach, information from another data breach, and a remote code execution vulnerability. Threat actors took customer data and password vault data that was only partially encrypted, according to the company’s original disclosure of the breach in December. The well-known password manager LastPass has revealed additional details about a planned attack that led to data loss from Amazon AWS cloud storage servers for over two months. Threat actors obtained partially encrypted password vault data and customer data from LastPass in December. ![]() ![]() LastPass detailed an “organized second attack” in which a threat actor took data from Amazon AWS cloud storage servers for two months. LastPass DevOps engineers were compromised because they had access to the decryption keys. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |