LastPass

Pierluigi Paganini March 13, 2023
CISA adds Plex Media Server bug, exploited in LastPass attack, to Known Exploited Vulnerabilities Catalog

US CISA added remote code execution vulnerability in Plex Media Server to its Known Exploited Vulnerabilities Catalog. U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a remote code execution (RCE) vulnerability in the Plex Media Server, tracked as CVE-2020-5741 (CVSS score: 7.2), to its Known Exploited Vulnerabilities Catalog. The three-year-old high-severity flaw is a deserialization of […]

Pierluigi Paganini March 07, 2023
LastPass hack caused by an unpatched Plex software on an employee’s PC

The LastPass data breach was caused by the failure to update Plex on the home computer of one of the company updates. The security breach suffered by LastPass was caused by the failure to update Plex on the home computer of one of its engineers. Recently, the password management software firm disclosed a “second attack,” […]

Pierluigi Paganini February 27, 2023
LastPass: hackers breached the computer of a DevOps engineer in a second attack

Threat actors hacked the home computer of a DevOp engineer, they installed a keylogger as part of a sophisticated cyber attack. Password management software firm LastPass disclosed a “second attack,” a threat actor used data stolen from the August security breach and combined it with information available from a third-party data breach. Then the attackers […]

Pierluigi Paganini December 23, 2022
LastPass revealed that encrypted password vaults were stolen

The data breach suffered by LastPass in August 2022 may have been more severe than previously thought. In August password management software firm LastPass disclosed a security breach, threat actors had access to portions of the company development environment through a single compromised developer account and stole portions of source code and some proprietary technical information. […]

Pierluigi Paganini December 01, 2022
Lastpass discloses the second security breach this year

LastPass disclosed a new security breach, threat actors had access to its cloud storage using information stolen in the August 2022 breach. Password management solution LastPass disclosed a new security breach, the attackers had access to a third-party cloud storage service using information stolen in the August 2022 breach. The impacted cloud storage service is […]

Pierluigi Paganini September 17, 2022
LastPass revealed that intruders had internal access for four days during the August hack

The Password management solution LastPass revealed that the threat actors had access to its systems for four days during the August hack. Password management solution LastPass shared more details about the security breach that the company suffered in August 2022. The company revealed that the threat actor had access to its network for four days […]

Pierluigi Paganini August 25, 2022
LastPass data breach: threat actors stole a portion of source code

Password management software firm LastPass has suffered a data breach, threat actors have stole source code and other data. Password management software firm LastPass disclosed a security breach, threat actors had access to portions of the company development environment through a single compromised developer account and stole portions of source code and some proprietary technical […]

Pierluigi Paganini December 28, 2021
LastPass investigated recent reports of blocked login attempts

Password manager app LastPass confirmed that threat actors have launched a credential stuffing attack against its users. While LastPass says that it is not aware that some of its accounts were compromised in the recent credential stuffing attacks that started on Monday, numerous LastPass users claim that their master passwords have been compromised after receiving […]

Pierluigi Paganini September 16, 2019
A flaw in LastPass password manager leaks credentials from previous site

A flaw in LastPass password manager leaks credentials from previous site An expert discovered a flaw in the LastPass password manager that exposes login credentials entered on a site previously visited by a user. Tavis Ormandy, the popular white-hat hacker at Google Project Zero, has discovered a vulnerability in the LastPass password manager that exposes […]

Pierluigi Paganini March 29, 2017
Google hacker found a third flaw in the LastPass password manager in a few weeks

The Google hacker Tavis Ormandy discovered a third flaw in LastPass password manager in a few weeks, the expert provided a few details about the issue. A couple of weeks ago, the notorious Google Project Zero hacker Tavis Ormandy discovered numerous vulnerabilities in the Chrome and Firefox extensions of the LastPass password manager. Wrote a quick exploit […]