By Guest Blogger Chris Bonatti, Cybersecurity Consultant with IECA of Casper
Forward by CyberWyoming: If you want a free, no-think password awareness campaign designed by Wyoming businesses for Wyoming businesses, email us at firstname.lastname@example.org. The campaign includes multiple lessons and each lesson has a poster to hang by the printer, a few emails to send out during the month, a video to watch at a staff meeting, and a game to play at a second staff meeting. We also have Last Pass, Bitwarden, and Password Boss demonstration videos by Wyoming companies who use them to manage their business. To learn about topics like this, join Wyoming’s Cybersecurity Competition for Small Businesses! It’s one-on-one, on-the-job, human focused risk management training program. www.cyberwyoming.org/competition
In August, we were hit with the news of a data breach at popular password manager operator LastPass. The company detected some unusual activity within portions of their development environment. After investigating, they determined that an unauthorized party gained access through a single compromised developer account, and exfiltrated portions of source code and some proprietary LastPass technical information. LastPass deployed containment and mitigation measures, implemented additional enhanced security measures, and engaged a leading cybersecurity and forensics firm. They have since seen no further evidence of unauthorized activity.
LastPass recently released their after-action report, which said that despite four days of access there was no evidence that the intruder achieved any access to customer data or encrypted password vaults. There was some rational speculation that if the developer environment could be breached, then the LastPass software supply chain could potentially be at risk. However, LastPass found no evidence of code injection attacks. In short, they believe there is zero impact on LastPass users. There is no need to change passwords, or take any action of any kind. So good news for a change about a password manager that still has our confidence.