New Delhi, December 27: The Indian cyber agency CERT-In on Tuesday warned Indians users against phishing, credential stuffing, or other brute force attacks against online accounts associated with LastPass vault.
The warning came as encrypted password manager LastPass admitted last week that hackers were able to “copy a backup of customer vault data,” in a recent data breach. LastPass is a freemium password manager that stores encrypted passwords online”. China Cyber Attack: Data of 800 Million People Exposed in Second Massive Data Breach in 2 Months.
“The data is encrypted and the threat actor could possibly perform brute force attempt to guess the master password, or may carry out phishing, credential stuffing, or other brute force attacks against online accounts associated with your LastPass “ault,” warned CERT-In in its advisory. Data Breach: Digital Identity of 6 Lakh Indians Sold on ‘Bot’ Markets for Nearly Rs 490 Each; India Most Affected Country in World, Says Research.
It is reported that, threat actors gained access to source code and technical information from the utility�s developer environment to target users. The threat actors reportedly utilised information copied from backup containing basic customer account information and related metadata from which users were accessing the Password manager “ervice.
“For successful execution the threat actor may target users with a possible brute force attempt to guess the master password, or may perform phishing, credential stuffing and brute force attacks against online accounts associated with the Password mana”er utility,” said CERT-In, which comes under the IT”Ministry.
“Change your password every 60-90 days on user-level accounts. This ensures threat actors using social engineering, brute force and credential stuffing attacks cannot use your older passwords to gain access to your sy”tems or data,” it added.
The cyber agency also reported a vulnerability in WordPress which could allow an attacker to execute arbitrary code on the targeted system. This vulnerability exists in YITH WooCommerce Gift Cards Premium plugin for WordPress due to an improper validation of file, durin” file upload.
“An attacker can exploit this vulnerability by uploading a malicious file. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on”the target system,” said CERT-In.
(The above story first appeared on Morning Tidings on Dec 27, 2022 11:07 PM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website morningtidings.com).
Leave a Reply