LastPass Archives - Cyber Security Minute

Hacked home computer of engineer led to second LastPass data breach

Issued by: CSO Online

Password management company LastPass, which was hit by two data breaches last year, has revealed that data exfiltrated during the first intrusion, discovered in August, was used to target the personal home computer of one of its devops engineers and launch a second successful cyberatttack, detected in November. The threat actor involved in the breaches…

Application Security

LastPass: hackers breached the computer of a DevOps engineer in a second attack

Issued by: Security Affairs

Password management software firm LastPass disclosed a “second attack,” a threat actor used data stolen from the August security breach and combined it with information available from a third-party data breach. Then the attackers exploited a flaw in a third-party media software package to target the firm. “Our investigation has revealed that the threat actor…

Application Security

Twitter data of “+400 million unique users” up for sale – what to do?

Issued by: Naked Security

Hot on the heels of the LastPass data breach saga, which first came to light in August 2022, comes news of a Twitter breach, apparently based on a Twitter bug that first made headlines back in the same month. According to a screenshot posted by news site Bleeping Computer, a cybercriminal has advertised: I’m selling…

Software Security

Critical “10-out-of-10” Linux kernel SMB hole – should you worry?

Issued by: Naked Security

Just before the Christmas weekend – in fact, at about the same time that beleaguered password management service LastPass was admitting that, yes, your password vaults were stolen by criminals after all – we noticed a serious-sounding Linux kernel vulnerability that hit the news. The alerts came from Trend Micro’s Zero Day Initiative (ZDI), probably…

Application Security

LastPass revealed that encrypted password vaults were stolen

Issued by: Security Affairs

In August password management software firm LastPass disclosed a security breach, threat actors had access to portions of the company development environment through a single compromised developer account and stole portions of source code and some proprietary technical information. In response to the incident, the company deployed containment and mitigation measures and implemented additional enhanced…

Malware & Threats

LastPass Found No Code Injection Attempts Following August Data Breach

Issued by: Security Week

The GoTo-owned company announced on August 25 that unknown intruders had gained access to the LastPass development environment and stole “portions of source code and some proprietary LastPass technical information”. At the time, the company posted a notice online, saying that no user data or master passwords were compromised in the incident, and that its…