![]() ![]() This announcement comes as the right to repair movement gains momentum in the U.S. If this is all true – that a LastPass employee was allowed to access privileged work surfaces through their personal computer, and that an employee didn’t do a three-year old update – this could be the last gasp for Last Pass’ reputation.īoth the EU and the US are looking at new legislation that would force companies to ensure the “right to repair” for cell phones, but it seems like some manufacturers are getting out ahead of potential legislation.Īt Mobile World Congress 2023, Nokia launched smartphones that come with components you can dismantle along with a repair manual from IFixit. ![]() It’s easy in hindsight to criticize a company’s response to a cyberattack, but this just keeps getting worse – especially since LastPass was created to keep company secrets safe. “For reference, the version that addressed this exploit was roughly 75 versions ago,” a LastPass spokesperson said. ![]() But LastPass’ employees never applied the patch.Īccording to that report, the vulnerability allowed those with access to a server administrator’s Plex account to upload a malicious file through the Camera Upload feature and, by overlapping the locations of the server data directory with a library that allowed Camera Uploads, it could have the media server execute malicious code. Plex released a patch on the very same day. The company did, all in all, a reasonable dump of information with a mea culpa apology and a promise to do better.īut now, according to a piece in the Android Police, Plex is saying that the vulnerability through which the exploit happened, was disclosed almost three years ago in May of 2020. LastPass revealed new details of the massive data breach it suffered last year, detailing how a malicious party installed a keylogger onto a senior engineer’s computer through a vulnerability in streaming media service Plex. LastPass might have to change its name to Last to patch…. I’m your host Jim Love, CIO of IT World Canada and TechNewsDay in the US – here’s today’s top tech news stories. Welcome to Hashtag Trending for Tuesday, March 7th. And Nokia issues a new cell phone that can be – are you sitting down? – repaired easily. Artificial Intelligence (918) Auto Tech (47) Blockchain (173) CanadianCIO (96) Careers & Education (4433) Channel Strategy (35) Cloud (2084) Communications & Telecom (420) Companies (1047) Data & Analytics (1297) Development (736) Digital Transformation (1233) Distribution (126) Diversity & Inclusion (66) Ecommerce (91) Emerging Tech (24217) End User Hardware (50) Engineering (79) Financial (164) FinTech (86) Future of Work (347) Governance (106) Government & Public Sector (6081) Human Resources (861) Infrastructure (8522) IoT (6174) ITWC Morning Briefing (129) Leadership (4287) Legal (162) Legislation (167) Managed Services & Outsourcing (4312) Marketing (61) MarTech (3) Medical (31) Mobility (3429) Not For Profit (23) Open Source (30) Operations (85) People (149) Podcasts (2119) Privacy (641) Project Management (1099) Security (8012) Service (44) Smart Home (18) SMB (59) Social Networks (202) Software (4167) Supply Chain (122) Sustainability (108) Tech in Sports (5) Women in Tech (188)Īn employee overlooked the update that could have prevented the Last Pass breach. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |