Post-review actions: Identify at-risk super admin accounts and determine super admins that have a weak master password or iteration count should take the following actions:.Conduct security review: Businesses should conduct comprehensive security reviews to determine further actions to a LastPass Business account.Review super admins with “Permit super admins to reset master passwords” policy rights: If the policy to permit super admins to reset master passwords is enabled, and users identify super admins with a weak master password and/or low iterations, their LastPass tenant may be at risk.Follow master password and iterations best practices: Ensure that your super admin users have strong master passwords and strong iteration counts.LastPass super admin recommendations include the following. Given their extensive powers, the company issued special recommendations for super admin users after the attacks. Super admin LastPass users have additional privileges that go beyond the average administrator. Reset SCIM, Enterprise API and SAML keys.Deprecation of Password apps (Push Sites to Users).The iteration counts for master passwords.The more comprehensive guide includes 10 points: The Security Bulletin: Recommended Actions for LastPass Business Administrators was prepared exclusively after the event to help businesses that use LastPass. Dark web monitoring alerts users when their email addresses appear in dark web forums and sites. LastPass also asked users to use the Security Dashboard to check the security score of their current password strength, to turn on and check the dark web monitoring feature, and to enable default MFA. To reset LastPass master passwords, users can follow the official LastPass guide. LastPass master passwords should be ideally 16 to 20 characters long, contain at least one upper case, lower case, numeric, symbols, and special characters, and be unique - that is, not used on another site. The company also urged users to reset their passwords. The Security Bulletin: Recommended actions for LastPass free, premium, and families includes best practices primarily centered on master passwords, guides to creating strong passwords and enabling extra layers of security such as multifactor authentication. Here are the key details from those bulletins. LastPass issued recommendations for affected users and businesses in two security bulletins. After the hacker had the decrypted vault, the cybercriminal exported the entries, including the decryption keys needed to access the AWS S3 LastPass production backups, other cloud-based storage resources and related critical database backups. The second attack was highly focused and well-researched, as it targeted one of only four LastPass employees who have access to the corporate vault. The LastPass vault also includes access to the shared cloud-storage environment that contains the encryption keys for customer vault backups stored in Amazon S3 buckets where users store data in their Amazon Web Services cloud environment. ![]() ![]() LastPass has confirmed that during the second incident, the attacker accessed the company´s data vault, cloud-based backup storage - containing configuration data, API secrets, third-party integration secrets, customer metadata - and all customer vault data backups. “The threat actor was able to capture the employee’s master password as it was entered after the employee authenticated with MFA and gained access to the DevOps engineer’s LastPass corporate vault,” detailed the company´s recent security incident report. Must-read security coverageĪtlas VPN Review (2023): Features, Pricing, AlternativesĪustralia, New Zealand Enterprises Spend Big on Security - But Will It Be Enough? ![]() The second attack targeted a DevOps engineer’s home computer. Exploiting a third-party media software package vulnerability, the bad actor then launched the second coordinated attack. The first attack was critical, as the hacker was able to leverage information the threat actor stole during the initial security incident. How the LastPass attacks happened and what was compromisedĪs reported by LastPass, the hacker initially breached a software engineer’s corporate laptop in August. LastPass alternatives and impact of the hacks.How the LastPass attacks happened and what was compromised.The global password manager company released a report on Wednesday with new findings from its security incident investigation, along with recommended actions for users and businesses affected. LastPass was hacked twice last year by the same actor one incident was reported in late August 2022 and the other on November 30, 2022. The investigation now reveals the password manager company's data vault was compromised. LastPass attacks began with a hacked employee's home computer. LastPass releases new security incident disclosure and recommendations
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |