![]() This is the story of compromised admin access. Therefore, this story is clearly not about BYOD facilitating a breach. Whether it's a corporate managed device or a personal one, the attacker had no trouble getting what they wanted from the company. ![]() You know what the attacker did to that EDR? They disabled it and moved on. LastPass's previous incident actually involved a corporate laptop. We don't even have to go far to refute this theory. What's stopping the attacker? An antivirus? An EDR? as if that same scenario could not be replayed on a corporate laptop. This vault contained hard-coded AWS IAM access keys to download and decrypt backups on S3 (databases with customer data and more).įollowing this disclosure-kudos to LastPass, by the way-almost every pundit jumped to the same conclusion: " Damn it, we should forbid personal devices from accessing corporate assets ", " Companies need a strong Bring Your Own Device (BYOD) policy "…īYOD this, BYOD that. This engineer was one of the four people to have access to this vault. They installed a keylogger to sniff the master password, which gave them access to the Corporate Vault. The attacker compromised media software on a DevOps engineer's home computer. Ī quick recap for those not familiar with the incident: I specifically want to focus on the second incident. Now that everyone's heads have cooled down regarding the LastPass breach reports, I'd like to circle back to the incident and explore a few threads that were promptly ignored during the outrage that ensued.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |