LastPass Data Breach Update and LearnPress Plugin Patched
More Information Regarding LastPass Breach
by Artie Kaye
LastPass’ parent company GoTo is informing customers that more data was extracted than previously believed. An encryption key was among the exfiltrated data. The company states that even with a key, passwords are salted and hashed; therefore, it would require more than just the key to access. Affected users were migrated to a more secure service offered by the company, and had their passwords reset for them. Their investigation is ongoing.
Resetting passwords which could be compromised is always advisable, and changing passwords every few months can help keep anything they protect more secure. Passwords should be difficult to guess and never reused on other platforms.
Third-Party references:
Click the links below to learn more details. (Opens in a new tab/window.)
LearnPress Plugin Flaws Patched
by Artie Kaye
Multiple vulnerabilities in the WordPress plugin have been addressed. The flaws could allow an unauthorized person to view local files or insert malicious code. The 4.2.0 update for LearnPress addresses these issues. More than 100,000 sites use this plugin, with an estimated 25% of them patched as of this writing. The plugin may not update automatically, so users may have to manually update.
The flaws are listed as CVE-2022-47615, CVE-2022-45808, and CVE-2022-45820.
Third-Party references:
Click the links below to learn more details. (Opens in a new tab/window.)