New Delhi: The Indian cyber agency CERT-In on Tuesday warned Indians users against phishing, credential stuffing, or other brute force attacks against online accounts associated with LastPass vault.
The warning came as encrypted password manager LastPass admitted last week that hackers were able to “copy a backup of customer vault data,” in a recent data breach.
LastPass is a freemium password manager that stores encrypted passwords onlin”.
“The data is encrypted and the threat actor could possibly perform brute force attempt to guess the master password, or may carry out phishing, credential stuffing, or other brute force attacks against online accounts associated with your LastPass “ault,” warned CERT-In in its advisory.
It is reported that, threat actors gained access to source code and technical information from the utility�s developer environment to target users.
The threat actors reportedly utilised information copied from backup containing basic customer account information and related metadata from which users were accessing the Password manager “ervice.
“For successful execution the threat actor may target users with a possible brute force attempt to guess the master password, or may perform phishing, credential stuffing and brute force attacks against online accounts associated with the Password mana”er utility,” said CERT-In, which comes under the IT”Ministry.
“Change your password every 60-90 days on user-level accounts. This ensures threat actors using social engineering, brute force and credential stuffing attacks cannot use your older passwords to gain access to your sy”tems or data,” it added.
The cyber agency also reported a vulnerability in WordPress which could allow an attacker to execute arbitrary code on the targeted system.
This vulnerability exists in YITH WooCommerce Gift Cards Premium plugin for WordPress due to an improper validation of file, durin” file upload.
“An attacker can exploit this vulnerability by uploading a malicious file. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on”the target system,” said CERT-In.
(IANS)