1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • LastPass reveals exactly how it was hacked

    From TechnologyDaily@1337:1/100 to All on Tue Feb 28 15:30:03 2023
    LastPass reveals exactly how it was hacked

    Date:
    Tue, 28 Feb 2023 15:16:24 +0000

    Description:
    LastPass lays out the process by which its systems were infiltrated.

    FULL STORY ======================================================================

    LastPass has shared more details about the December data breach that shook
    the industry, with the attack sounding like it came straight out of a spy movie.

    In a security advisory , the password manager said two incidents, seemingly unrelated, which were actually part of a larger campaign. It also said that the threat actors specifically targeted one of four DevOps engineers, further highlighting the sophistication of the entire campaign.

    The LastPass investigation concluded that there were two incidents - one that was spotted in August 2022, and one that was spotted in December. Accessing
    S3 buckets

    The threat actors used the information obtained in the first attack, as well as information from an entirely separate cybersecurity incident, to identifythe company's encrypted cloud storage Amazon S3 buckets.

    But to access the buckets, they needed decryption keys, which only four LastPass DevOps engineers possessed. So, they targeted one of them, going after a remote code execution vulnerability found in a third-party media software package installed on their private computer. This allowed them to install a keylogger which helped bypass security protections, and then some. Read more

    LastPass is being sued following major cyberattack


    LastPass and GoTo report possible cyberattack


    What is Passkey?

    "The threat actor was able to capture the employee's master password as it
    was entered, after the employee authenticated with MFA, and gain access to
    the DevOps engineer's LastPass corporate vault," the company explained.

    "The threat actor then exported the native corporate vault entries and
    content of shared folders, which contained encrypted secure notes with access and decryption keys needed to access the AWS S3 LastPass production backups, other cloud-based storage resources, and some related critical database backups."

    As the attackers were using valid login information, the companys cybersecurity team did not identify the activity as malicious. Consequently, the threat actor was lurking in the companys storage servers for two months.

    Now, post-festum, LastPass said it updated its security posture, and started rotating sensitive credentials and authentication keys and tokens. Furthermore, it regularly revokes certificates, requires extra logging and alerting, and started enforcing tougher security policies. These are the best password generators out there

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/lastpass-reveals-exactly-how-it-was-hacked


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)