Home Just In Comment on LastPass Breach: Scott Caveza, Senior Research Manager, Tenable

Comment on LastPass Breach: Scott Caveza, Senior Research Manager, Tenable

by CIO AXIS

“The massive breach at LastPass is a prime example of how known vulnerabilities can have a cataclysmic impact on security. The root cause of the LastPass data breach was a home computer running an out of date version of Plex, which contained a vulnerability Tenable discovered and reported, and Plex patched in May 2020. The LastPass breach should have been completely avoidable.

The vulnerability, CVE-2020-5741, is a deserialisation flaw that can be exploited by an authenticated attacker in order to execute arbitrary code with the same privileges as the media server.

The 2022 Tenable Threat Landscape Report, published last week, reinforces this sobering reminder that known vulnerabilities are more dangerous and disruptive to security than zero days. We’ve seen time and time again cybercriminals and nation states routinely exploit known vulnerabilities with available patches to gain initial access into organisations and to elevate privileges once inside. Discovering and remediating the known and exploited vulnerabilities that represent the greatest risk to an organisation continues to be the most impactful way to limit risk.” — Scott Caveza, Senior Research Manager, Tenable.

Recommended for You

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Close Read More

See Ads