Unfortunately, as you can read above, two-factor authentication (2FA) didn’t help in this particular attack. There’s not an awful lot left in this paragraph if you drain out the jargon, but the key phrases seem to be “compromised endpoint” (in plain English, this probably means: malware-infected computer), and “persistent access” (meaning: the crooks could get back in later on at their leisure). While the method used for the initial endpoint compromise is inconclusive, the threat actor utilized their persistent access to impersonate the developer once the developer had successfully authenticated using multi-factor authentication. He threat actor gained access to the Development environment using a developer’s compromised endpoint. N unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account.Ī follow-up announcement about a month later was similarly inconclusive: Safely store and autofill your Cornell NetID and password for any Cornell site that requires login.Ĭreate complex, unique passwords that autofill for any app or website you use (Cornell or not).Īutomatically sync your passwords so you can use them on any of your devices.Popular password management company LastPass has been under the pump this year, following a network intrusion back in August 2022.ĭetails of how the attackers first got in are still scarce, with LastPass’s first official comment cautiously stating that: One of the biggest benefits of LastPass is that you only have to remember one passphrase, thereby enabling you to create complex, strong passwords for all the websites where you save login credentials. LastPass is available for all current Cornell students, faculty, and staff. LastPass can also autofill forms, store private notes, and keep your bank and credit card information secure.
It is a browser extension and mobile app that works across operating systems and device types. LastPass is a password management service that stores all your passwords in one secure vault, which you protect with a single master passphrase. It is possible to work around the issue by instead using a different browser, the mobile app, or the website, There have been reports of an inability to log into or interact with LastPass using the LastPass Firefox browser plug-in.
0 kommentar(er)
