Another day, another LastPass security breach disclosure.
A threat actor was able to target a security vulnerability in Plex to enable remote code execution that allowed for installation of a keylogger on a senior DevOps engineer's home computer. The employee's master password was captured and used to gain access to the LastPass corporate vault.
The engineer was "one of only four LastPass employees with access to the corporate vault," which contained the decryption keys needed to access the AWS S3 LastPass production backups.
#LastPass #InfoSec #Hack #Plex #Security #Disclosure #ArsTechnica #DanGoodin
#lastpass #infosec #hack #plex #security #disclosure #arstechnica #dangoodin
Microsoft Patch Tuesday, July 2022 Edition https://krebsonsecurity.com/2022/07/microsoft-patch-tuesday-july-2022-edition/ #MicrosoftPatchTuesdayJuly2022 #CVE-2022-22022 #CVE-2022-22029 #CVE-2022-22038 #CVE-2022-22039 #CVE-2022-22041 #CVE-2022-22047 #CVE-2022-30206 #CVE-2022-30221 #CVE-2022-30226 #SecurityTools #ImmersiveLabs #SergiuGatlan #TimetoPatch #GregWiseman #KevinBreen #DanGoodin #Tenable #Rapid7
#microsoftpatchtuesdayjuly2022 #CVE #SecurityTools #ImmersiveLabs #sergiugatlan #TimetoPatch #GregWiseman #KevinBreen #dangoodin #Tenable #rapid7
Microsoft Patch Tuesday, July 2022 Edition - Microsoft today released updates to fix at least 86 security vulnerabilities in it... https://krebsonsecurity.com/2022/07/microsoft-patch-tuesday-july-2022-edition/ #microsoftpatchtuesdayjuly2022 #cve-2022-22022 #cve-2022-22029 #cve-2022-22038 #cve-2022-22039 #cve-2022-22041 #cve-2022-22047 #cve-2022-30206 #cve-2022-30221 #cve-2022-30226 #securitytools #immersivelabs #sergiugatlan #timetopatch #gregwiseman #kevinbreen #dangoodin #tenable
#tenable #dangoodin #kevinbreen #gregwiseman #timetopatch #sergiugatlan #immersivelabs #securitytools #cve #microsoftpatchtuesdayjuly2022
Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code https://krebsonsecurity.com/2022/04/leaked-chats-show-lapsus-stole-t-mobile-source-code/ #MobileDeviceManagement #emergencydatarequest #Ne'er-Do-WellNews #ALittleSunshine #sourcecodetheft #ElectronicArts #RecursionTeam #RussianMarket #T-MobileAtlas #Breadcrumbs #SIMSwapping #Lapsus$Jobs #SIMswapping #WhiteDoxbin #Flashpoint #Bitbucket #DanGoodin #microsoft #Everlynn #Michelin #SWATting #T-Mobile #Genesis #Globant #LAPSUS$ #Samsung #Amtrak #Mox
#MobileDeviceManagement #emergencydatarequest #ne #ALittleSunshine #sourcecodetheft #electronicarts #recursionteam #russianmarket #t #Breadcrumbs #simswapping #lapsus #whitedoxbin #flashpoint #bitbucket #dangoodin #microsoft #everlynn #michelin #SWATting #genesis #Globant #samsung #amtrak #mox
Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code - KrebsOnSecurity recently reviewed a copy of the private chat messages between memb... https://krebsonsecurity.com/2022/04/leaked-chats-show-lapsus-stole-t-mobile-source-code/ #mobiledevicemanagement #emergencydatarequest #neer-do-wellnews #alittlesunshine #sourcecodetheft #electronicarts #recursionteam #russianmarket #t-mobileatlas #breadcrumbs #simswapping #lapsus$jobs #whitedoxbin #flashpoint #bitbucket #dangoodin #microsoft #amtrak
#amtrak #microsoft #dangoodin #bitbucket #flashpoint #whitedoxbin #lapsus #simswapping #breadcrumbs #t #russianmarket #recursionteam #electronicarts #sourcecodetheft #alittlesunshine #neer #emergencydatarequest #mobiledevicemanagement
Actions Target Russian Govt. Botnet, Hydra Dark Market https://krebsonsecurity.com/2022/04/actions-target-russian-govt-botnet-hydra-dark-market/ #GermanFederalCriminalPoliceOffice #MainIntelligenceDirectorate #U.S.DepartmentofTreasury #U.S.DepartmentofJustice #FederalSecurityService #Ne'er-Do-WellNews #CyclopsBlink #Dragonfly2.0 #WebFraud2.0 #ArsTechnica #HydraMarket #Ransomware #BeserkBear #RussianFSB #VoodooBear #WatchGuard #DanGoodin #VPNFilter #Garantex #NotPetya #Sandworm #Trisis #Triton
#GermanFederalCriminalPoliceOffice #MainIntelligenceDirectorate #U #FederalSecurityService #ne #cyclopsblink #dragonfly2 #WebFraud2 #arstechnica #HydraMarket #ransomware #BeserkBear #RussianFSB #VoodooBear #watchguard #dangoodin #vpnfilter #garantex #NotPetya #sandworm #Trisis #triton
Another 0-Day Looms for Many Western Digital Users https://krebsonsecurity.com/2021/07/another-0-day-looms-for-many-western-digital-users/ #LatestWarnings #TheComingStorm #WesternDigital #RadekDomanski #PedroRibeiro #TimetoPatch #ArsTechnica #MyBookLive #MyCloudOS3 #MyCloudOS5 #DanGoodin #Pwn2Own
#LatestWarnings #TheComingStorm #westerndigital #radekdomanski #pedroribeiro #TimetoPatch #arstechnica #MyBookLive #mycloudos3 #mycloudos5 #dangoodin #pwn2own
Another 0-Day Looms for Many Western Digital Users - Some of Western Digital’s MyCloud-based data storage devices. Image: WD.
Countless... https://krebsonsecurity.com/2021/07/another-0-day-looms-for-many-western-digital-users/ #latestwarnings #thecomingstorm #westerndigital #radekdomanski #pedroribeiro #timetopatch #arstechnica #mybooklive #mycloudos3 #mycloudos5 #dangoodin #pwn2own
#pwn2own #dangoodin #mycloudos5 #mycloudos3 #MyBookLive #arstechnica #timetopatch #pedroribeiro #radekdomanski #westerndigital #thecomingstorm #latestwarnings
Iowa Prosecutors Drop Charges Against Men Hired to Test Their Security https://krebsonsecurity.com/2020/01/iowa-prosecutors-drop-charges-against-men-hired-to-test-their-security/ #DallasCountyAttorneyCharlesSinnard #StateSen.AmySinclair #Sen. ZachWhiting #ALittleSunshine #ChrisNickerson #GaryDeMercurio #MatthewLinholm #DallasCounty #ArsTechnica #ChadLeonard #TomMcAndrew #JustinWynn #DanGoodin #Coalfire
#DallasCountyAttorneyCharlesSinnard #StateSen #Sen #ALittleSunshine #ChrisNickerson #GaryDeMercurio #MatthewLinholm #DallasCounty #arstechnica #ChadLeonard #TomMcAndrew #JustinWynn #dangoodin #coalfire