CERT-In issues critical security vulnerability alert to LastPass users in India

Lastpass users

India has warned LastPass users via CERT-In of a critical security vulnerability against phishing, credential stuffing, and brute force attacks. The Indian cyber-agency CERT-In warning is important because LastPass themselves admitted that hackers were able to copy a backup of customer vault data. LastPass is used to store encrypted passwords on the cloud and is regarded as a Freemium application.

According to CERT-In advisory, the data is encrypted and the threat actor could possibly perform brute force attempt to guess the master password. It could also carry out phishing, credential stuffing, or brute force attacks against connected online accounts associated with your LastPass. The sources revealed that the threat actors gained access to source code and other technical information from the developer environment to target users. Moreover, the threat actors utilized information copied from backup with basic customer account information and related metadata.

The Government-owned agency advised LastPass users to change passwords every 69-90 days on user-level accounts. This process will make sure that threat actors who make use of social engineering, brute force, and credential stuffing attacks will not be able to use your older passwords to gain access to your systems or data. It is to be noted that CERT-in also reported a security vulnerability in WordPress that could allow an attacker to execute arbitrary code on the targeted system. A malicious file will be uploaded by an attacker if the system is compromised.

DONT MISS  BlackBerry PRIV Refreshed With May Security Update

Anand Narayanaswamy is the editor-in-chief of Netans. He was recognized as a Microsoft Most Valuable Professional (MVP) for 9 years (2002 to 2011) and again as a Microsoft MVP in Surface under Windows and Devices in January 2024. He worked as a Chief Technical Editor with ASPAlliance and was part of ASPInsider program. Anand has published several articles and reviews related to various software and hardware products for various software and technology related websites. He is also active on social media and also participates as an Influencer for various brands. Anand can be reached at admin@netans.com