![]() ![]() The keylogger malware that was installed through this attack captured the employee’s master password to their LastPass corporate vault. This is a high severity flaw with a CVSS base score of 7.2/10, however it was also patched immediately after disclosure, in Plex Media Server v1.19.3 published in May 2020. The location of the server data directory is overlapped with the library that allows camera uploads, so the media server can be tricked into executing the code in the file. This allows for a remote authenticated attacker to execute arbitrary Python code by uploading a malicious file to the Camera Upload feature of the vulnerable software. The exploited vulnerability CVE-2020-5741 causes the deserialisation of untrusted data in Plex Media Server on Windows. This software vulnerability was patched in May 2020, with a spokesperson for the company explaining “The version that addressed this exploit was roughly 75 versions ago”. New details have been revealed about how the keylogger was installed on a senior employee’s computer, including that the point of failure was a vulnerability in Plex Media Server software running on the employee’s home network. ![]() Although not a lot of information was revealed by the company at the time of the attack, they did confirm that the attackers were able to access internal systems for four days before being evicted. Although the attacker was able to access the development environment, proper segregation of the network including physical separation from the production environment protected customer’s data and vaults from being accessed at this time. Information from the first breach was used to carry out the second attack, and a keylogger was installed on a senior DevOp’s engineer’s home computer, which was key to the success of the November attack.Ī developer account was compromised that allowed attackers to gain access to technical information about LastPass and resulted in the exfiltration of some portions of LastPass source code. LastPass suffered two large-scale and public data breaches last year, the first in August to steal source code, and the second in November where partially encrypted password vault data and customer information was stolen.
0 Comments
Leave a Reply. |