on 15-Mar-2023 15:32
By way of an update to the Microsoft Outlook issue - Mandiant has now reported that his has been actively exploited by APT28 since April 2022: https://www.forbes.com/sites/daveywinder/2023/03/16/microsoft-outlook-warning-critical-new-email-exp...
I don't think we can presume that Plex means BYOD. In my experience most corporate-provided devices still allow end users to install 3rd party software. And media software is a pretty common installation. I know I've installed VLC and other media software on my corporate device, mainly for work - needing to transcode presentation videos, etc. Same with GIMP and others, and in the past I've had iTunes installed on corporate devices (I haven't used that in years now). I know I have a number of applications on my laptop today that didn't come from IT - GnuGPG and the associated bits (Kleopatra, etc.), HP software for my printer, etc.
So this may have been a LastPass corporate system that the employee had installed Plex on for personal use. Or, possibly, they may have had a work use for Plex.
In any case, update your software - and uninstall things you are no longer using.