It seems like data breaches have become a common phenomenon nowadays, where large companies like Microsoft are not left out. Small companies like LastPass faced the same recently. It all occurred because one of its engineers failed to update Plex on their home pc. That’s the reason companies send time to time new versions of software, to keep the system at bay from intruders.
The attacker stole the badly-encrypted password vault information and some customer data.
The fortified password management system of the company showcased the intruders, who took the advantage of information stolen in the previous attack, which happened before 12th August 2022.
This was not the first attack!!
The password management system revealed that the second attack, which took place between August and October 2022, was planned based on a third-party data breach. Also, there was some susceptibility in the third-party software package, leading to the second data attack of 2022.
Though, both attacks were dangerous for the system the second attack precisely targeted one of the four DevOps engineers of LastPass. The attacker saw a vulnerability on his home pc and attacked it with keylogger malware. He obtained all the personal credentials and cracked the cloud storage environment.
How did the attacks happen?
According to the researchers, the systems got compromised because of an almost three-year-old security hole in the Plex. Although, this hole has been patched up now. But, it helped the attacker to access the victim’s home pc and carry out the code execution on the DevOps engineer’s computer. This news had been captured by the streaming media service.
A second loophole in Plex
There’s still this susceptibility; CVE-2020-5741 haunting the users of Plex Media Server on the Windows platform. It allows the remote unauthenticated intruder to execute the random Python codes on the current Operating System Software. This loophole in the system advantaged the intruder to upload a malicious folder through the Camera upload option present on it.
How did it get uncovered?
These malicious activities were first discovered by Tenable on March 2020.
Plex later reported the suspicious activity in its next version, 1.19.3.2764, which was released on 7th May 2020.
Plex confirmed that the LastPass engineer failed to update to the new version of the software and the attack was carried on a version 75 versions ago.
Measures are taken to mitigate the issues
Plex mentioned in its letter that it is mitigating this issue in the following two ways:
1) Removed the access or ability to change the location of the server’s data directory through the API.
2) Additional checks have been added in the Camera upload feature to contain uploading malicious files over the network.
For more such Cybersecurity articles stay tuned to cybermetrics.eu.
