In a recent devastating data breach on LastPass, it turns out the cause was one of the engineers not updating the Plex Software, a critical reminder to stay up-to-date with all software.
LastPass shared that they could not identify the cybercriminals that made off with the sensitive data and other details "available from a third-party data breach and a vulnerability in a third-party media software package to launch a coordinated second attack."
Specifically, this vulnerability is CVE-2020-5741 (CVSS score: 7.2), a deserialization flaw impacting Plex Media Server on Windows. This flaw allows an unauthenticated attacker to remotely execute random Python code in the context of the current operating system user.
A spokesperson from Plex Software stated that "this issue allowed an attacker with access to the server administrator's Plex account to upload a malicious file via the Camera Upload feature and have the media server execute it."
Hungry for more? Join me each week, where I'll break down complex topics and dissect the latest news within the cybersecurity industry and blockchain ecosystem, simplifying the tech world.