More LastPass, Microsoft and a very busy CISA - Mar 4 - 10, 2023 - F5 SIRT - This Week in Security

  Aaron back with you as editor this week and I've been keeping an eye on all the interesting news. This month I'm going to give you a little update on the LastPass saga with some infor...
Published Mar 15, 2023
Version 1.0
security
twis
MegaZone's avatar
MegaZone
Icon for SIRT rankSIRT
Mar 20, 2023

I don't think we can presume that Plex means BYOD.  In my experience most corporate-provided devices still allow end users to install 3rd party software.  And media software is a pretty common installation.  I know I've installed VLC and other media software on my corporate device, mainly for work - needing to transcode presentation videos, etc.  Same with GIMP and others, and in the past I've had iTunes installed on corporate devices (I haven't used that in years now).  I know I have a number of applications on my laptop today that didn't come from IT - GnuGPG and the associated bits (Kleopatra, etc.), HP software for my printer, etc.

So this may have been a LastPass corporate system that the employee had installed Plex on for personal use.  Or, possibly, they may have had a work use for Plex.

In any case, update your software - and uninstall things you are no longer using.