February 28, 2023
LastPass says employee’s home computer was hacked and corporate vault taken
“This was accomplished by targeting the DevOps engineer’s home computer and exploiting a vulnerable third-party media software package, which enabled remote code execution capability and allowed the threat actor to implant keylogger malware,” LastPass officials wrote. “The threat actor was able to capture the employee’s master password as it was entered, after the employee authenticated with MFA, and gain access to the DevOps engineer’s LastPass corporate vault.”
The hacked DevOps engineer was one of only four LastPass employees with access to the corporate vault. Once in possession of the decrypted vault, the threat actor exported the entries, including the “decryption keys needed to access the AWS S3 LastPass production backups, other cloud-based storage resources, and some related critical database backups.”
Plex Media Server -> DevOps engineer’s laptop -> cloud credentials -> LastPass database
Nice! That’s a really cool supply chain exploit chain. This sort of attack vector has been discussed for decades. It’s exciting to see it finally discovered in the wild.
I’m very curious how they located the engineer to hit his Plex. As it opportunistic? They were hacking Plex servers and happen to get into this one, and when they dug deeper they got lucky? Was the engineer discovered via some extreme reconnaissance OSINT-fu? I’m so curious!
LastPass says employee’s home computer was hacked and corporate vault taken | Ars Technica
Already smarting from a breach that stole customer vaults, LastPass has more bad news.
-
The camera shy hoodie
Use strobing IR LEDs embedded in a hoodie to stop CCTVs from capturing your face.
The Camera Shy Hoodie — Mac Pierce
A DIY wearable for avoiding recognition on IR security cameras.
Similar concept, but using a baseball cap
Unidentified Halo — Becca Ricks
Unidentified Halo Unidentified Halo (2016) was a collaboration with Shir David reflecting on a pervasive surveillance culture and the use of facial...
-
![Search-based software testing (SBST) generates high-coverage test cases for programs under test with a combination of test case generation and mutation. SBST’s performance relies on there being a reasonable probability of generating test cases that exercise the core logic of the program under test. Given such test cases, SBST can then explore the space around them to exercise various parts of the program. This paper explores whether Large Language Models (LLMs) of code, such as OpenAI’s Codex, can be used to help SBST’s exploration. Our proposed algorithm, CODAMOSA, conducts SBST until its coverage improvements stall, then asks Codex to provide example test cases for under-covered functions. These examples help SBST redirect its search to more useful areas of the search space. On an evaluation over 486 benchmarks, CODAMOSA achieves statistically significantly higher coverage on many more benchmarks (173 and 279) than it reduces coverage on (10 and 4), compared to SBST and LLM-only[...]](https://substackcdn.com/image/fetch/w_600,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fpbs.substack.com%2Fmedia%2FFp_iORHXgAgj8vE.png)
-
We cover the timeline, campaigns, and tools. You can find downloadable samples and YARA detection logic at:
