An employee of LastPass was responsible for the massive breach at the company as he failed to update Plex on his home computer when he was updating Plex on his work computer. A potential danger lurks in failing to keep software up-to-date, as this is a sobering reminder of the risks involved.
In a recent report on the embattled password management service, it was revealed that unidentified actors used information stolen from a previous incident that occurred before August 12, 2022, to launch a coordinated second attack between August and October 2022 based on information that was obtained from a third-party data breach and vulnerabilities in third-party media software packages.
In the end, an intrusion led to the adversary stealing information about customers and password vault data, which was partially encrypted.
Secondly, an attack targeted one of the DevOps engineers, forging credentials and breaching the cloud storage environment by infecting the engineer's home computer with keylogger malware.
In addition to a critical severity vulnerability, CISA added a known exploited vulnerability to its Known Exploited Vulnerabilities (KEV) section (tracked as CVE-2021-39144), exploited by third parties since early December.
U.S. federal agencies have been made aware that, by a binding operational directive (BOD 22-01) issued by the Army in November 2021, they are now mandated to secure their systems against attacks until March 31st to prevent potential attacks exploiting the two security holes that could impact their networks.
As part of its ongoing effort to identify security flaws exploited by hackers, CISA has discovered a high-severity and relatively older remote code execution (RCE) vulnerability in Plex Media Server that was discovered almost three years ago.
This issue has been tracked as CVE-2020-5741 and it has been described as a deserialization flaw in Plex Media Server that can be exploited remotely to execute arbitrary Python code, which is also described as a high-severity flaw.
It should be noted that this vulnerability has been addressed with the release of Plex Media Server 1.19.3, which means the attacker would need administrator rights to exploit the vulnerability successfully. Due to this, it is unlikely that it will be a target of an attack in the future.
In August 2022, Plex reported that there had been a data breach that could adversely affect over 15 million customers. In this breach, usernames, emails, and passwords were stolen, resulting in the loss of personal information.
The implications of this are that unpatched Plex Media Server instances are still vulnerable to CVE-2020-5741 attacks and could be exploited by malicious individuals.
Although the CISA team added the vulnerability to the KEV list without providing any information about its potential in-the-wild exploitation, media reports recently suggested that a Plex bug exploited to hack a DevOps engineer's computer may have been responsible for the data breach at LastPass last year that led to the theft of user vault data.
