About Us

About Cabling Installation & Maintenance

Our mission: Bringing practical business and technical intelligence to today's structured cabling professionals

For more than 30 years, Cabling Installation & Maintenance has provided useful, practical information to professionals responsible for the specification, design, installation and management of structured cabling systems serving enterprise, data center and other environments. These professionals are challenged to stay informed of constantly evolving standards, system-design and installation approaches, product and system capabilities, technologies, as well as applications that rely on high-performance structured cabling systems. Our editors synthesize these complex issues into multiple information products. This portfolio of information products provides concrete detail that improves the efficiency of day-to-day operations, and equips cabling professionals with the perspective that enables strategic planning for networks’ optimum long-term performance.

Throughout our annual magazine, weekly email newsletters and 24/7/365 website, Cabling Installation & Maintenance digs into the essential topics our audience focuses on.

  • Design, Installation and Testing: We explain the bottom-up design of cabling systems, from case histories of actual projects to solutions for specific problems or aspects of the design process. We also look at specific installations using a case-history approach to highlight challenging problems, solutions and unique features. Additionally, we examine evolving test-and-measurement technologies and techniques designed to address the standards-governed and practical-use performance requirements of cabling systems.
  • Technology: We evaluate product innovations and technology trends as they impact a particular product class through interviews with manufacturers, installers and users, as well as contributed articles from subject-matter experts.
  • Data Center: Cabling Installation & Maintenance takes an in-depth look at design and installation workmanship issues as well as the unique technology being deployed specifically for data centers.
  • Physical Security: Focusing on the areas in which security and IT—and the infrastructure for both—interlock and overlap, we pay specific attention to Internet Protocol’s influence over the development of security applications.
  • Standards: Tracking the activities of North American and international standards-making organizations, we provide updates on specifications that are in-progress, looking forward to how they will affect cabling-system design and installation. We also produce articles explaining the practical aspects of designing and installing cabling systems in accordance with the specifications of established standards.

Cabling Installation & Maintenance is published by Endeavor Business Media, a division of EndeavorB2B.

Contact Cabling Installation & Maintenance

Editorial

Patrick McLaughlin

Serena Aburahma

Advertising and Sponsorship Sales

Peter Fretty - Vice President, Market Leader

Tim Carli - Business Development Manager

Brayden Hudspeth - Sales Development Representative

Subscriptions and Memberships

Subscribe to our newsletters and manage your subscriptions

Feedback/Problems

Send a message to our general in-box

 

My Watchlist
Indicators
Cabling Market Index
Markets
Stocks
ETFs
Tools
Markets:
Overview
News
Currencies
International
Treasuries

The Massive Data Breach at LastPass Tied to Hack of Senior DevOps Engineer’s Home Computer; Users Urged to Change their Passwords

By: Get News
The Massive Data Breach at LastPass Tied to Hack of Senior DevOps Engineer’s Home Computer; Users Urged to Change their Passwords
Data breach executed by exploiting a security vulnerability in Plex

On the 28th of February, the password manager maker LastPass revealed that the massive data breach it encountered last November involved the compromise of a DevOps engineer’s home computer.

The breach was the result of one of the engineer’s forgetting to upgrade Plex on their home computer, which put a decrypted vault available to only a handful of developers into a hacker’s hands. The vault allowed the threat actor to hold sway over a shared cloud-storage environment among others and ultimately, exfiltrate Amazon S3 vault backup encryption keys, reported The Hacker News.

Breaking Down the Breach at LastPass

Before this massive hacking at LastPass, the company experienced a security incident disclosed last August. In this incident, an unauthorised third-party exploited a developer’s compromised account to steal source code and “proprietary LastPass technical information”.

On 22nd December, the password manager service detailed that the threat actor infiltrated the company’s system during the second incident by exploiting data stolen from the first incident. The backup of partially encrypted user vault information that the hacker managed to copy included passwords, website URLs, and usernames. 

“The second incident saw the threat actor quickly make use of information exfiltrated during the first incident, prior to the reset completed by our teams, to enumerate and ultimately exfiltrate data from the cloud storage resources,” LastPass said.

Now, in Monday’s update, the company said that even though the first incident ended on 12th August, the hacker “was actively engaged in a new series of reconnaissance, enumeration, and exfiltration activity” up to 26th October.

According to the company, during this time, the hacker managed to execute the second attack. 

This second intrusion particularly singled out one of the four senior DevOps engineers with access to the corporate data vault executing a keystroke logger malware on their computer. The target was to steal the master password as it was entered by the hacked engineer to access the corporate vault. 

The threat actor exploited a three-year-old, now-patched security vulnerability on Plex Media Server software to gain code execution on the engineer’s computer.

“This was accomplished by targeting the DevOps engineer’s home computer and exploiting a vulnerable third-party media software package, which enabled remote code execution capability and allowed the threat actor to implant keylogger malware,” explained LastPass officials. “The threat actor was able to capture the employee’s master password as it was entered after the employee authenticated with MFA and gained access to the DevOps engineer’s LastPass corporate vault.”

Tracked as CVE-2020-5741 (CVSS score: 7.2), the vulnerability was patched by Plex in version 1.19.3.2764 released in May 2020. 

“Unfortunately, the LastPass employee never upgraded their software to activate the patch,” Plex said in a statement. “For reference, the version that addressed this exploit was roughly 75 versions ago.”

In Monday’s update, the password manager company said that the tactics, techniques, and procedures (TTPs) used to execute the first breach were different from those used in the second one, making it tough for the investigators to correlate these two incidents. 

Educating Employees on Cyber Behavior Can Help Dodge Breaches

Ensuring employees have access to essential tools and providing them with training on cyber behaviour is critical to minimising the risk of cyber threats. 

For organisations looking to develop a security culture improvement program to ensure no cybercriminal can hold sway over sensitive business information, leveraging a human risk management solution such as CultureAI is a sensible decision. 

Wrapping Up

LastPass detailed the steps it has taken as part of the company’s effort to investigate and respond to the security incident. The company also suggested its customers reset their passwords as an additional security measure.

Media Contact
Company Name: Geeky News
Contact Person: Press Officer
Email: Send Email
Phone: +44 (0)203 800 1212
Address:Parallel House, 32 London Road
City: Guildford
State: Surrey
Country: United Kingdom
Website: https://www.geekynews.co.uk/



More News

View More
Why Seagate Is Wall Street's New Favorite AI Infrastructure Play
Via MarketBeat
Topics Artificial Intelligence
Tickers BAC STX
3 AI Infrastructure Stocks With Upside After the Summer Rally
Via MarketBeat
Topics Artificial Intelligence
Tickers AMZN ANET AVGO GOOGL META MSFT
Can Advantage2 Help Overcome D-Wave's Share Price Plateau?
Via MarketBeat
Tickers F GEV NVDA QBTS
Eli Lilly’s Oral GLP-1 Breakthrough Could Change Everything
Via MarketBeat
Tickers LLY
The Fed Cut Rates: What Now for the S&P 500 and Equity Markets?
Via MarketBeat
Topics ETFs Economy Stocks
Tickers NVDA SNOW SPY WDAY
Stock Quote API & Stock News API supplied by www.cloudquote.io
Quotes delayed at least 20 minutes.
By accessing this page, you agree to the following
Privacy Policy and Terms Of Service.