wiredmikey shares a report from SecurityWeek: Password administration software program agency LastPass says one in all its DevOps engineers had a private dwelling pc hacked and implanted with keylogging malware as a part of a sustained cyberattack that exfiltrated company information from the cloud storage assets. LastPass on Monday fessed up a “second assault” the place an unnamed risk actor mixed information stolen from an August breach with data obtainable from a third-party information breach, and a vulnerability in a third-party media software program bundle to launch a coordinated assault. […]
LastPass labored with incident response specialists at Mandiant to carry out forensics and located {that a} DevOps engineer’s dwelling pc was focused to get round safety mitigations. The attackers exploited a distant code execution vulnerability in a third-party media software program bundle and planted keylogger malware on the worker’s private pc. “The risk actor was capable of seize the worker’s grasp password because it was entered, after the worker authenticated with MFA, and acquire entry to the DevOps engineer’s LastPass company vault,” the corporate stated. “The risk actor then exported the native company vault entries and content material of shared folders, which contained encrypted safe notes with entry and decryption keys wanted to entry the AWS S3 LastPass manufacturing backups, different cloud-based storage assets, and a few associated essential database backups,” LastPass confirmed. LastPass initially disclosed the breach in August 2022 and warned that “some supply code and technical data had been stolen.”
SecurityWeek provides: “In January 2023, the corporate stated the breach was far worse than initially reported and included the theft of account usernames, salted and hashed passwords, a portion of Multi-Issue Authentication (MFA) settings, in addition to some product settings and licensing data.”
