The malware then recorded the keystrokes on the engineer’s computer, enabling the hacker to capture the master password for the employee’s password vault at LastPass. ![]() “This was accomplished by targeting the DevOps engineer’s home computer and exploiting a vulnerable third-party media software package, which enabled remote code execution capability and allowed the threat actor to implant keylogger malware,” LastPass said. ![]() In Monday’s update, LastPass added that only four DevOps engineers at the company possessed the necessary decryption keys through a “highly restricted set of shared folders.” However, the hacker circumvented the company’s security safeguards by serving malware to one of the DevOps engineers at their home. The company held its encrypted password vault data in a cloud-based backup system, which required both Amazon AWS Access Keys and the LastPass-generated decryption keys in order to enter. One lingering question had been how the culprit broke into LastPass, despite its various security safeguards.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |