![]() It led to gaining access to the DevOps engineer’s LastPass corporate vault. This allowed the hackers to capture the employee’s master password. It was done by exploiting a remote code execution vulnerability in a third-party media software package. The threat actors were successful to install a keylogger on the employee’s device. As only four DevOps engineers had access to the decryption keys, the hackers targeted one of the engineers. It is in a use to gain access to the encrypted Amazon S3 buckets. The company discloses that the hackers are using data stolen. ![]() Company disclosure on LastPass data theft ![]() It also includes a remote code execution vulnerability to install a keylogger on a senior DevOps engineer’s computer. It includes threat actors, information stolen in an August breach, data from another data breach. LastPass now offers additional information on the attack. ![]() The company disclosed a breach in December 2022, where hackers stole partially encrypted password vault data and customer information. The result was LastPass data theft from its Amazon AWS cloud storage servers for over two months. LastPass, a popular password management service, has revealed that it was hit by a coordinated second attack in 2022. LastPass data theft: DevOps engineer hacked to steal password ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |