Colin Sullender · @shiruken
175 followers · 1026 posts · Server octodon.social

Another day, another LastPass security breach disclosure.

A threat actor was able to target a security vulnerability in Plex to enable remote code execution that allowed for installation of a keylogger on a senior DevOps engineer's home computer. The employee's master password was captured and used to gain access to the LastPass corporate vault.

The engineer was "one of only four LastPass employees with access to the corporate vault," which contained the decryption keys needed to access the AWS S3 LastPass production backups.

arstechnica.com/information-te

#lastpass #infosec #hack #plex #security #disclosure #arstechnica #dangoodin

Last updated 2 years ago

dispatch · @dispatch
472 followers · 2723 posts · Server ioc.exchange
ITSEC News · @itsecbot
856 followers · 32559 posts · Server schleuss.online

Microsoft Patch Tuesday, July 2022 Edition - Microsoft today released updates to fix at least 86 security vulnerabilities in it... krebsonsecurity.com/2022/07/mi -2022-22022 -2022-22029 -2022-22038 -2022-22039 -2022-22041 -2022-22047 -2022-30206 -2022-30221 -2022-30226

#tenable #dangoodin #kevinbreen #gregwiseman #timetopatch #sergiugatlan #immersivelabs #securitytools #cve #microsoftpatchtuesdayjuly2022

Last updated 2 years ago

dispatch · @dispatch
472 followers · 2723 posts · Server ioc.exchange
ITSEC News · @itsecbot
856 followers · 32557 posts · Server schleuss.online
dispatch · @dispatch
472 followers · 2723 posts · Server ioc.exchange
dispatch · @dispatch
472 followers · 2723 posts · Server ioc.exchange
ITSEC News · @itsecbot
856 followers · 32557 posts · Server schleuss.online
dispatch · @dispatch
472 followers · 2723 posts · Server ioc.exchange