LastPass breach caused by engineer’s outdated Plex software.
March 9th, 2023 - Written By CyberLabs
The LastPass breach was brought on by an engineer who neglected to update Plex on his personal computer. The LastPass recently revealed a “second attack,” in which a threat actor combined information obtained from a third-party data breach with information obtained from the August security breach. Then, to target the company, the attackers used a weakness in a third-party media software program. LastPass disclosed that a sophisticated cyberattack included hacking into a DevOp engineer’s personal computer.
One of the four DevOps engineers who had access to the decryption keys required to access the cloud storage service was the focus of the attackers. The DevOp engineer’s computer had a keylogger installed by the hackers, who also stole his master passcode. The company’s inquiry, which was assisted by the cybersecurity business Mandiant, established that the DevOps engineer’s home computer had been attacked. By taking advantage of a deserialization of untrusted data in Plex Media Server on Windows, the hackers gained access to the employee’s home machine. A remote, authenticated attacker can use the vulnerability, tracked as CVE-2020-5741 (CVSS score: 7.2), to run any Python code.
“We have recently been made aware of a security vulnerability related to Plex Media Server. This issue allowed an attacker with access to the server administrator’s Plex account to upload a malicious file via the Camera Upload feature and have the media server execute it. This could be done by setting the server data directory to overlap with the content location for a library on which Camera Upload was enabled. This issue could not be exploited without first gaining access to the server’s Plex account. This issue has been assigned CVE-2020-5741” reads the advisory published by Plex on the issue CVE-2020-5741
It is important to note that the LastPass employee never updated company-provided security updates.
Source
https://thehackernews.com/2023/03/lastpass-hack-engineers-failure-to.html
Lastly on LastPass Breach,