LastPass Hack: Engineer’s Failure to Update Plex Software Led to Massive Data Breach
The Hacker News: It’s been reported that the most recent LastPass breach was due to the engineer failing to patch a security update in Plex. The breach was made possible by exploiting a now three year old patched flaw in Plex and allowed the attacker to upload a malicious file and ultimately gain access to steal partially encrypted password vault data and customer information. This serves as a solemn reminder of the risks involved in neglecting to maintain software updates.
Business Insider: Walmart is joining a growing number of companies warning its employees not to share company secrets with ChatGPT. The retailer’s technology and software engineering business, Walmart Global Tech, sent an internal memo to employees stating that it had previously blocked the AI website after they noticed activity risking the company. However, they have since decided to incorporate ChatGPT into their daily operations after evaluating a set of usage guidelines for employees. Ongoing education and training employees will be critical to keep companies and customer information secure as more companies utilize AI websites.
Chick-fil-A Customers Have a Bone to Pick After Account Takeovers
Dark Reading: We’ve got the latest scoop on Chick-fil-A, which we previously reported on back in January. It turns out that an automated attack against their website and mobile app was occuring using stolen account credentials from a third-party source between December 2022 and February 2023. Although hackers gained access due to the natural human tendency to reuse username and passwords across multiple sites, companies have an obligation to keep user information secure. To make up for the inconvenience, Chick-fil-A is offering bonus rewards to impacted customers.
As of 2022, over 60% of all corporate data is stored in the cloud. (source)
There are more than 700,000 unfilled cybersecurity positions across the US. (source)
Charlies is a 14 year cyber security expert. He started his career in the U.S. armed forces and then transitioned into commercial roles. A security engineer by training, he's well-versed in tool deployment and administration.
Ellen bring a decade of GRC expertise to the TalPoint community. She's knowledgeable on a variety of frameworks and employs a methodical approach to compliance. She's available for needs assessments, gap assessments, internal audits, and for certain frameworks running independent 3rd party audits.
Zachary bring a 20+ year career in risk management to the TalPoint community. He's worked across healthcare, finance, and supply chain manufacturing. His broad experience offers both a holistic view of risk as well as a common sense approach to risk management.