Latest


CERT-In warns Indian users against phishing attacks via LastPass

  •   Tue, Dec 27 2022 09:56:49 PM

New Delhi, Dec 27 (IANS): The Indian cyber agency CERT-In on Tuesday warned Indians users against phishing, credential stuffing, or other brute force attacks against online accounts associated with LastPass vault.

The warning came as encrypted password manager LastPass admitted last week that hackers were able to "copy a backup of customer vault data," in a recent data breach.

LastPass is a freemium password manager that stores encrypted passwords onlin".

"The data is encrypted and the threat actor could possibly perform brute force attempt to guess the master password, or may carry out phishing, credential stuffing, or other brute force attacks against online accounts associated with your LastPass "ault," warned CERT-In in its advisory.

It is reported that, threat actors gained access to source code and technical information from the utility¿s developer environment to target users.

The threat actors reportedly utilised information copied from backup containing basic customer account information and related metadata from which users were accessing the Password manager "ervice.

"For successful execution the threat actor may target users with a possible brute force attempt to guess the master password, or may perform phishing, credential stuffing and brute force attacks against online accounts associated with the Password mana"er utility," said CERT-In, which comes under the IT"Ministry.

"Change your password every 60-90 days on user-level accounts. This ensures threat actors using social engineering, brute force and credential stuffing attacks cannot use your older passwords to gain access to your sy"tems or data," it added.

The cyber agency also reported a vulnerability in WordPress which could allow an attacker to execute arbitrary code on the targeted system.

This vulnerability exists in YITH WooCommerce Gift Cards Premium plugin for WordPress due to an improper validation of file, durin" file upload.

"An attacker can exploit this vulnerability by uploading a malicious file. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on"the target system," said CERT-In.

 
  

Top Stories


Leave a Comment

Title: CERT-In warns Indian users against phishing attacks via LastPass



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.

You might also like