LastPass: The crooks used a keylogger to crack a corporatre password vault


There’s no date on the update, but as far as we can make out, LastPass just [2023-02-27] published a short document entitled Incident 2 – Additional details of the attack.

As you probably remember, because the bad news broke just before the Christmas holiday season in December 2022, LastPass suffered what’s known in the jargon as a lateral movement attack.

Simply put, lateral movement is just a fancy way of saying, “Once you get into the lobby, you can sneak into a dark corner of the security office, where you can wait in the shadows until the guards get up to make tea, when you can grab an access card from the shelf next to where they usually sit, which will get you into the secure area next to the cloakroom, where you’ll find the keys to the safe.”

The unknown unknowns

As we’ve previously described, LastPass spotted, in August 2022, that someone had broken into their DevOps (developement operations) network and run off with proprietary information, including source code.

But that’s a bit like coming back from vacation to find a side window smashed and your favourite games console missing… with nothing else obviously amiss.

You know what you know, because there’s broken glass on the kitchen floor and a console-shaped gap where your beloved PlayBox-5/360 games device used to be.

But you don’t know, and you can’t easily figure out, what you don’t know ..

Support the originator by clicking the read the rest link below.