Let's Talk About Last Pass - 5 Takeaways For Cybersecurity Pros
Cybersecurity Standup15 Elo 2023

Let's Talk About Last Pass - 5 Takeaways For Cybersecurity Pros

You’ve seen the news. The ramifications from the #LastPass breach are manifold–and rumors abound in the news and in #cybersecurity social media forums. But what should we be focusing on, and what should we be learning from this event? 🤔 And #ICYMI, here’s what’s going on: 👉 LastPass recently published a series of breach disclosures illuminating an extended exfiltration, enumeration, and reconnaissance campaign within their environment. 👉 The attack campaign lasted for about 75 days (~2.5 months) and resulted in the exposure of an undisclosed number of customer passwords and sensitive data. 👉 The attacker leveraged valid credentials stolen from one of four senior #DevOps engineers to access a shared cloud-storage environment, which initially made it difficult for investigators to differentiate between threat actor activity and ongoing legitimate activity. 👉 Cloud service provider logging and alerting tools did not surface the attack within an actionable time frame—demonstrating how native tools are not sufficient security tooling. You need comprehensive anomaly detection and endpoint protection from a third party security software vendor to fill the gaps created by rapid innovation in the DevOps world. 🔥 Our hot take? Security practitioners have to take a holistic and proactive approach to security, and not rest on their laurels. They should deeply understand the shared security responsibility model between them and their cloud providers. So let’s dig in. Bring your questions and your latest updates.

Jaksot(29)

Beyond the Technical: Skills That Make or Break Cybersecurity Professionals

Beyond the Technical: Skills That Make or Break Cybersecurity Professionals

Have you ever wondered how someone breaks into the high-pressure world of cybersecurity leadership without a technical background? Are you looking to avoid burnout down the line but still advance your...

12 Maalis 202456min

“Cyber Broke Into Me”: From Investigative Journalism to InfoSec with Becky Gaylord

“Cyber Broke Into Me”: From Investigative Journalism to InfoSec with Becky Gaylord

Becky Gaylord found her calling in cybersecurity after her small business fell victim to a data breach over a decade ago. Now an advocate for accessibility and empowerment, she shares battle-tested ti...

21 Helmi 202447min

A Cyber Prodigy's Non-Traditional Path to Consultancy

A Cyber Prodigy's Non-Traditional Path to Consultancy

With classic ethical hacker chutzpah, Quinn Varcoe has a story to tell. She landed her first SOC job as a teenager without a degree or experience. Now a CEO and consultant Quinnlan's unconventional jo...

13 Helmi 202429min

Inside The Cyber Builders Mind: Navigating Business Realities With Ross Haleliuk

Inside The Cyber Builders Mind: Navigating Business Realities With Ross Haleliuk

Ross Haleliuk, the author of 'Cyber for Builders,' dives into the essentials of starting a cybersecurity business in his book. Tailored for industry veterans and curious minds alike, the book sheds li...

30 Tammi 202435min

Stay Ahead of Evolving Cyber Threats: A Summary of QoQ Threat Research

Stay Ahead of Evolving Cyber Threats: A Summary of QoQ Threat Research

As cyber threats grow more advanced, it's crucial to understand the evolving attack landscape. In this must-watch episode, experts from Uptycs analyze key findings from their 2023 QoQ Threat Report. D...

23 Tammi 20241min

CSU Threat Research News Bulletin

CSU Threat Research News Bulletin

Don't Get Scammed this Holiday Season! Learn About the Elaborate 'Smishing' Campaign Listen to Dan Verton as he details a worrisome new 'smishing' campaign impersonating the US Postal Service. Discov...

15 Joulu 20233min

Keeping Pace in Cyber: Josh Lemon on Incident Response and Building Teams

Keeping Pace in Cyber: Josh Lemon on Incident Response and Building Teams

Josh Lemon, Uptycs MDR Director, DFIR Consultant, and SANS Instructor & Author, has been on the front lines of cybersecurity for years. As a seasoned incident responder, he's seen attacks from all typ...

12 Joulu 202344min

The Wonder Woman of Cyber: Dorota Kozlowska on Not Saying No to Yourself

The Wonder Woman of Cyber: Dorota Kozlowska on Not Saying No to Yourself

Dorota was a shy teen who loved hacking movies but doubted she could make it in the male-dominated field of cyber. After getting sick, she used her recovery to teach herself cyber skills and prove the...

6 Joulu 202326min