For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

More LastPass, Microsoft and a very busy CISA - Mar 4 - 10, 2023 - F5 SIRT - This Week in Security

  Aaron back with you as editor this week and I've been keeping an eye on all the interesting news. This month I'm going to give you a little update on the LastPass saga with some infor...
Published Mar 15, 2023
Version 1.0
security
twis
AaronJB's avatar
Ret. Employee
20+ years in IT as a software developer, network engineer, *nix admin, security engineer and scruffy-looking nerf herder. Current holder of SANS GCIH, GWAPT and GPEN certifications as well as F5-CS and CTS-ASM certifications.
View Profile
MegaZone's avatar
MegaZone
Icon for SIRT rankSIRT
Mar 20, 2023

I don't think we can presume that Plex means BYOD.  In my experience most corporate-provided devices still allow end users to install 3rd party software.  And media software is a pretty common installation.  I know I've installed VLC and other media software on my corporate device, mainly for work - needing to transcode presentation videos, etc.  Same with GIMP and others, and in the past I've had iTunes installed on corporate devices (I haven't used that in years now).  I know I have a number of applications on my laptop today that didn't come from IT - GnuGPG and the associated bits (Kleopatra, etc.), HP software for my printer, etc.

So this may have been a LastPass corporate system that the employee had installed Plex on for personal use.  Or, possibly, they may have had a work use for Plex.

In any case, update your software - and uninstall things you are no longer using.