Why Keeping Your Software Up-to-Date is Critical
LastPass, a popular password management service, recently experienced a big security breach that put its users' sensitive information at risk. The cause? One of their employees didn't update their Plex software on their personal computer, which is a big reminder of how important it is to keep your software up-to-date.
How they were breached:
This was a calculated hacking attempt, hackers used data they stole from another breach, along with info from a third-party data breach and a vulnerability in a third-party media software package to launch a coordinated attack between August and October of 2022. That enabled them to get into LastPass's systems and take some of their users' information.
The attackers targeted one of LastPass's engineers specifically by exploiting a vulnerability in Plex, which is a media software package. This vulnerability lets attackers execute code on the engineer's computer, which gives them access to everything on the computer, including passwords.
Plex had actually fixed this vulnerability a while back, but the LastPass employee responsible for the breach never updated their software to activate the fix.
"Unfortunately, the LastPass employee never upgraded their software to activate the patch," Plex said in a statement. "For reference, the version that addressed this exploit was roughly 75 versions ago."
This just goes to show how important it is to keep your software up-to-date, whether it's on your personal computer or at work.
At Think Concepts, we recommend that you keep your software up-to-date and have protocols in place to manage staff laptops. This will help prevent security breaches like this from happening in the future.
“Managing patches and updates isn’t something most users think about, and a situation like this shows just how catastrophic that can be, so it is wise to outsource your patch management and make sure you are keeping your business secure.” - Simon Davis, COO
Looking for a cyber risk assessment or training for your team? Contact our team to discuss how we can protect your workplace.