![]() ![]() ![]() “The second incident saw the threat actor quickly make use of information exfiltrated during the first incident, prior to the reset completed by our teams, to enumerate and ultimately exfiltrate data from the cloud storage resources,” LastPass added. “Our investigation has revealed that the threat actor pivoted from the first incident, which ended on August 12, 2022, but was actively engaged in a new series of reconnaissance, enumeration, and exfiltration activities aligned to the cloud storage environment spanning from Augto October 26, 2022,” the company explained in a note posted online. LastPass on Monday fessed up a “second attack” where an unnamed threat actor combined data stolen from an August breach with information available from a third-party data breach, and a vulnerability in a third-party media software package to launch a coordinated attack. Password management software firm LastPass says one of its DevOps engineers had a personal home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud storage resources.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |