Subscribe to Updates

    Get the latest creative news from CRYPTO NOUNCE.

    What's Hot

    Ticketmaster sucks. Can blockchain be the cure?

    March 25, 2023

    Learn to Build a ChatGPT Bot for Only $30

    March 25, 2023

    Cardano’s efforts for scaling seem promising, but is ADA well-guarded

    March 25, 2023
    Facebook Twitter Instagram
    Facebook Twitter Instagram Vimeo
    Cryptonounce.com
    Contact
    • Business
      • Deals
      • investors
      • IPO
      • Startups
      • Wall Street
    • Markets
      • Bonds
      • Commodities & Futures
      • Currencies
      • Funds & ETFs
      • Stocks
    • Crypto
      • Alticoins News
      • Binance News
      • Bitcoins News
      • Blockchain News
      • Ethereum News
      • Token Sales News
      • XRP News
    • Technology
      • Artificial Intelligence
      • Big Data
      • Cloud Computing
      • Cybersecurity
      • Gaming
      • Internet of Things
      • Mobile
      • Social Media
      • Transportation
      • VR & AR
    • FinTech
    • Personal finance
    • Grides
      • Crypto
      • FinTech
      • Investing
      • Personal Finance Guides
      • Techonology
    • Tools
      • Coins
      • ICO List
      • Organigations
      • Events
    Cryptonounce.com
    Home » Mitigate the LastPass Attack Surface in Your Environment with this Free Tool
    Cybersecurity

    Mitigate the LastPass Attack Surface in Your Environment with this Free Tool

    AdmincryptBy AdmincryptJanuary 5, 2023No Comments5 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp VKontakte Email
    Share
    Facebook Twitter LinkedIn Pinterest Email


    Jan 05, 2023The Hacker NewsPassword Management / IT Breach

    LastPass Attack Surface

    The latest breach announced by LastPass is a major cause for concern to security stakeholders. As often occurs, we are at a security limbo – on the one hand, as LastPass has noted, users who followed LastPass best practices would be exposed to practically zero to extremely low risk. However, to say that password best practices are not followed is a wild understatement. The reality is that there are very few organizations in which these practices are truly enforced. This puts security teams in the worst position, where exposure to compromise is almost certain, but pinpointing the users who created this exposure is almost impossible.

    To assist them throughout this challenging time, Browser Security solution LayerX has launched a free offering of its platform, enabling security teams to gain visibility into all browsers on which the LastPass extension is installed and mitigate the potential impacts of the LastPass breach on their environments by informing vulnerable users and require them to implement MFA on their accounts and if required, roll out a dedicated Master Password reset procedure to eliminate adversaries’ abilities to leverage a compromised Master Password for malicious access (To request access to the free tool, fill this form)

    Recapping LastPass’s Announcement: What Data Do Adversaries Have and What’s the Risk?

    Per LastPass’s website, ‘The threat actor was also able to copy a backup of customer vault data from the encrypted storage container which is stored in a proprietary binary format that contains both unencrypted data, such as website URLs, as well as fully-encrypted sensitive fields such as website usernames and passwords, secure notes, and form-filled data.’

    The derived risk is that ‘the threat actor may attempt to use brute force to guess your master password and decrypt the copies of vault data they took. Because of the hashing and encryption methods we use to protect our customers, it would be extremely difficult to attempt to brute force guess master passwords for those customers who follow our password best practices.’

    Not Implementing LastPass Password Best Practices Exposes the Master Password to the Vault

    The last section about ‘best practices’ is the most alarming one. Password best practices? How many people maintain password best practices? The realistic – yet unfortunate – answer is: not many. That holds true even in the context of corporate-managed applications. When it comes to personal apps, it’s not an exaggeration to assume that password reuse is the norm rather than the outlier. The risk LastPass’s breach introduces apply to both use cases. Let’s understand why.

    The Actual Risk: Malicious Access to Corporate Resources

    Let’s divide organizations into two types:

    Type A: Organizations where LastPass is used as part of the company policy for vaulting passwords to access corporate-managed apps, either for all users or in specific departments. In that case, the concern is straightforward – an adversary that manages to crack or obtain an employee’s LastPass Master Password could easily access the corporate’s sensitive resources.

    Type B: Organizations where LastPass is used independently by employees (whether for personal or work use) or by specific groups in the organization, without IT knowledge, for apps of choice. In that case, the concern is that an adversary who manages to crack or obtain an employee’s LastPass Master Password would take advantage of users’ tendency for password reuse and, after compromising the passwords in the vault, will find one that is also used to access corporate apps.

    The CISO’s Dead End: Certain Threat but Extremely Low Mitigation Capabilities

    Regardless of whether an organization falls into type A or B, the risk is clear. What intensifies the challenge for the CISO in this situation is that while there is high probability – not to say certainty – that there are employees in her or his environment whose user accounts are likely to become compromised, the CISO has very limited ability to know who these employees are, let alone take the required steps to mitigate the risk they impose.

    LayerX Free Offering: 100% Visibility into LastPass Attack Surface as Well as Proactive Protection Measures

    LayerX has released a free tool that assists security teams in understanding their organization’s exposure to the LastPass breach, maps all the vulnerable users and applications, and applies security mitigations.

    LayerX’s tool is delivered as an enterprise extension to the browser your employees are using and hence provides immediate visibility into all browser extensions and browsing activities of every user. This enables CISOs to gain the following:

    • LastPass Usage Mapping: End-to-end visibility into all browsers on which the LastPass extension is installed, regardless of whether it’s part of the corporate policy (type A) or personally used (type B). The tool maps all applications and web destinations whose credentials are stored in LastPass. It should be noted that the visibility challenges for type B organizations are much more severe than for type A and cannot be addressed by any solution except for LayerX’s tool.
    LastPass Attack Surface
    LayerX’s LastPass Report
    LastPass Attack Surface
    The LayerX notification sent to vulnerable users
    • Identifying Users at Risk: Leveraging this knowledge, security teams can inform vulnerable users and require them implement MFA on their accounts. They can also roll out a dedicated Master Password reset procedure to eliminate adversaries’ abilities to leverage a compromised Master Password for malicious access.

    To get access to the free tool, fill this form.

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp Email
    Previous ArticleCircleCI Urges Customers to Rotate Secrets Following Security Incident
    Next Article JAMES HANCOCK: Bread | 50-Word Stories
    Admincrypt
    • Website

    Related Posts

    U.K. National Crime Agency Sets Up Fake DDoS-For-Hire Sites to Catch Cybercriminals

    March 25, 2023

    Microsoft Warns of Stealthy Outlook Vulnerability Exploited by Russian Hackers

    March 25, 2023

    OpenAI Reveals Redis Bug Behind ChatGPT User Data Exposure Incident

    March 25, 2023

    Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data

    March 24, 2023

    Leave A Reply Cancel Reply

    Our Picks
    • Facebook
    • Twitter
    • Pinterest
    • Instagram
    • YouTube
    • Vimeo
    Don't Miss
    Techonology

    Ticketmaster sucks. Can blockchain be the cure?

    By AdmincryptMarch 25, 20230

    Welcome to the TechCrunch Exchange, a weekly startups-and-markets newsletter. It’s inspired by the daily TechCrunch+…

    Learn to Build a ChatGPT Bot for Only $30

    March 25, 2023

    Cardano’s efforts for scaling seem promising, but is ADA well-guarded

    March 25, 2023

    ‘So infuriating’: TikTokers are fuming over potential ban

    March 25, 2023

    Subscribe to Updates

    Get the latest creative news from CRYPTO NOUNCE.

    NEWS
    • Business
    • Crypto
    • Blockchain
    • Markets
    • Technology
    FEATURED SECTIONS
    • Coins
    • ICO List
    • Organigations
    • Events
    • Grides
    FEATURED LINKS
    • Story of the day
    • Videos
    • Infographics
    CONNECT WITH US
    • Facebook
    • Twitter
    • Telegram
    • LinkedIn
    • Pinterest
    ABOUT US
    • Contact
    • Advertise
    • Sitemap
    Copyright © 2023 Cryptonounce All rights reserved. Cryptonounce.
    • Home
    • Buy Now

    Type above and press Enter to search. Press Esc to cancel.

    Sign In or Register

    Welcome Back!

    Login to your account below.

    Lost password?