Brutal.
Home computer compromised by Plex(!!) which drops in a keylogger. LastPass DevOps employee then signs into their corp AWS console from home. pwned.
If someone is running Plex, they're almost definitely torrenting all sorts of shady stuff onto that same machine.
tldr: A whole security company compromised because one employee wouldn't pay for Netflix.
https://arstechnica.com/information-technology/2023/02/lastpass-hackers-infected-employees-home-computer-and-stole-corporate-vault/
AWS log with no certificate.... WTF?????
Please Login to reply.
No replies yet.
