Hello folks,
Kim Komando sent out a breaking news about Lastpass’s recent breach.
I believe Security Now also has this, but I sent them the article from Kim in case.
Here is Steve’s tweet.
Steve Gibson: “The NSA @ Home”
Security Now! #912 show notes:
https://bit.ly/3EOcEML
A Windows Update goof, Pasting plaintext, Edge’s built-in VPN, LastPass’s breach update, Signal reacts to UK anti-privacy, A large PyPI attack, QNAP’s news, a BAD BIOS bug, and The NSA’s advice to home users.
LastPass hacked again – Is it time to say goodbye?
I might just have to consider this. They link to Lastpass, but I couldn’t find anything definitive at the moment.
We can’t blame Lastpass as a company, but the problem is, they’ve never been forthright. The fact we’re now learning that an employee was phished doesn’t make it any better. To top it off, they installed a Keylogger.
This means, they can get the employee’s master password and then its game over. Question, did the employee use two-factor as part of his access as an employee? From what I’ve read, it doesn’t seem like he did, but I don’t want to come out and say that it is true without some article indicating this.
Sans News Bites for today, February 28th also has notes on this. I have not read Sans yet. Sans also has stuff that has been sent to TSB’s email list that I have not read yet either. More from Sans later.
We better pay attention to this, I don’t think its over yet.
Thanks for reading, make it a great day!
Discover more from Jared's Technology podcast network
Subscribe to get the latest posts sent to your email.