共找到 20 条结果
Managing the security of employee work computers has become increasingly important as today's work model shifts to remote and hybrid work plans. In this paper, we explore the recent 2022 LastPass data breach, in which the attacker obtained sensitive customer data by exploiting a software vulnerability on a DevSecOps engineer's computer. We discuss the methodology of the attacker as well as the impact this incident had on LastPass and its customers. Next, we expand upon the impact the breach had on LastPass as well as its customers. From this, we propose solutions for preparing for and mitigating similar attacks in the future. The aim of this paper is to shed light on the LastPass incident and provide methods for companies to secure their employee base, both nationally and internationally. With a strong security structure, companies can vastly reduce the chances of falling victim to a similar attack.
This paper examines the complex nature of cyber attacks through an analysis of the LastPass breach. It argues for the integration of human-centric considerations into cybersecurity measures, focusing on mitigating factors such as goal-directed behavior, cognitive overload, human biases (e.g., optimism, anchoring), and risky behaviors. Findings from an analysis of this breach offers support to the perspective that addressing both the human and technical dimensions of cyber defense can significantly enhance the resilience of cyber systems against complex threats. This means maintaining a balanced approach while simultaneously simplifying user interactions, making users aware of biases, and discouraging risky practices are essential for preventing cyber incidents.
Prehospital endotracheal intubation (ETI) is a lifesaving procedure with known complications. To reduce ETI-associated morbidity and mortality, organizations prioritize first-pass success (FPS). However, there are few data evaluating the association of FPS with clinician licensure. We performed a retrospective chart review of all paramedic and nurse ETI attempts by a multi-state air and ground critical care transport service between January 1, 2008, and December 31, 2023. Our outcomes of interest were FPS and last-pass success (LPS). The exposure of interest was clinician license. We performed a multivariable logistic regression controlling for multiple common patient/operational confounders: age, sex, referring/procedure location, medical category, year, paralytic use, and proceduralist experience. As an exploratory analysis we assessed FPS by licensure and years of experience using time since first patient mission as a surrogate (<1 year, 1 to <2 years, 2 to <3 years, and 3+ years). Of 171,804 encounters over the study period, 8,307 (4.8%) required ETI. Included encounters were mostly adult (≥18 years old; 91.0%), male (64.0%), and victims of trauma (57.4%). Most intubations were performed on primary retrieval (scene) missions (70.5%) with neuromuscular blockade (93.3%). Nurses and paramedics intubated with similar success on the first (88.8%; 95% confidence interval [CI] 87.9-89.8 vs. 89.7%; 95% CI 88.7-90.7) and last (97.4%; 95% CI 96.9-97.9 vs. 97.3%; 95% CI 96.7-97.8) attempts. Multivariable analysis revealed no significant difference between two groups for FPS (aOR 0.90; 95% CI 0.77-1.04]) or LPS (aOR 1.00; 95% CI 0.76-1.32). FPS was also similar for nurses (74.7%; 95% CI 69.8-79.7) and paramedics (80.6%; 95% CI 75.6-85.6) within the first year, and after 3 years of experience (91.6%; 95% CI 90.6-92.5 vs. 91.5%; 95% CI 90.5-92.6). Critical care paramedics and nurses perform ETI with similar proficiency. In this analysis of 7,812 intubations, clinician licensure was not associated with FPS nor LPS after controlling for multiple common confounders. Further research evaluating training schemes especially in early years of experience is needed.
Left atrial (LA) mechanics are strongly linked with left ventricular (LV) filling. The LA diastasis strain slope (LADSS), which spans between the passive and active LA emptying phases, may be a key indicator of the LA-LV interplay during diastole. This study aimed to investigate the LA-LV interdependencies in post-ST elevation myocardial infarction (STEMI), with particular focus on the LADSS. Patients with post-anterior STEMI who received primary percutaneous coronary intervention underwent contrast cardiac magnetic resonance imaging (MRI) during acute (5-9 days post-STEMI) and chronic (at 6 months) phases. The LADSS was categorized into three groups: Groups 1, 2, and 3 representing positive, flat, and negative slopes, respectively. Cross-sectional correlates of LADSS Group 2 or 3 compared to Group 1 were identified, adjusting for demographics, LA indices, and with or without LV indices. The associations of acute phase LADSS with the recovery of LV ejection fraction (LVEF) and scar amount were investigated. Sixty-six acute phase (86.4% male, 63.1 ± 11.8 years) and 59 chronic phase cardiac MRI images were investigated. The distribution across LADSS Groups 1, 2, and 3 in the acute phase was 24.2%, 28.9%, and 47.0%, respectively, whereas in the chronic phase, it was 33.9%, 22.0%, and 44.1%, respectively. LADSS Group 3 demonstrated a higher heart rate than Group 1 in the acute phase (61.9 ± 8.7 vs. 73.5 ± 11.9 bpm, p < 0.01); lower LVEF (48.7 ± 8.6 vs. 41.8 ± 9.9%, p = 0.041) and weaker LA passive strain rate (SR) (-1.1 ± 0.4 vs. -0.7 [-1.2 to -0.6] s-1, p = 0.037) in the chronic phase. Chronic phase Group 3 exhibited weaker LA passive SR [relative risk ratio (RRR) = 8.8, p = 0.012] than Group 1 after adjusting for demographics and LA indices; lower LVEF (RRR = 0.85, p < 0.01), higher heart rate (RRR = 1.1, p = 0.070), and less likelihood of being male (RRR = 0.08, p = 0.058) after full adjustment. Acute phase LADSS Groups 2 and 3 predicted poor recovery of LVEF when adjusted for demographics and LA indices; LADSS Group 2 remained a predictor in the fully adjusted model (β = -5.8, p = 0.013). The LADSS serves both as a marker of current LV hemodynamics and its recovery in post-anterior STEMI. The LADSS is an important index of LA-LV interdependency during diastole. https://clinicaltrials.gov/, identifier NCT03950310.
The objective of the verification process, besides guaranteeing security, is also to be effective and robust. This means that the login should take as little time as possible, and each time allow for a successful authentication of the authorised account. In recent years, however, online users have been experiencing more and more issues with recalling their own passwords on the spot. According to research done in 2017 by LastPass on its employees, the number of personal accounts assigned to one business user currently exceeds 191 profiles and keeps growing. Remembering these many passwords, especially to applications which are not used every week, seems to be impossible without storing them either on paper, in a password manager, or saved in a file somewhere on a PC. In this article a new verification model using a Google Street View image as well as the user's personal experience and knowledge will be presented. The purpose of this scheme is to assure secure verification by creating longer passwords as well as delivering a 'password reminder' already embedded into the login scheme.
We develop an economic model of an offline password cracker which allows us to make quantitative predictions about the fraction of accounts that a rational password attacker would crack in the event of an authentication server breach. We apply our economic model to analyze recent massive password breaches at Yahoo!, Dropbox, LastPass and AshleyMadison. All four organizations were using key-stretching to protect user passwords. In fact, LastPass' use of PBKDF2-SHA256 with $10^5$ hash iterations exceeds 2017 NIST minimum recommendation by an order of magnitude. Nevertheless, our analysis paints a bleak picture: the adopted key-stretching levels provide insufficient protection for user passwords. In particular, we present strong evidence that most user passwords follow a Zipf's law distribution, and characterize the behavior of a rational attacker when user passwords are selected from a Zipf's law distribution. We show that there is a finite threshold which depends on the Zipf's law parameters that characterizes the behavior of a rational attacker -- if the value of a cracked password (normalized by the cost of computing the password hash function) exceeds this threshold then the adve
MIT researchers have shown that one fuel can power both chemical and electric spacecraft thrusters, potentially transforming what small satellites can do。 The approach combines quick bursts of speed with highly efficient long-range propulsion in a single compact system。 A NASA-supported CubeSat mission will soon test the technology in orbit
Scientists found that transfer learning can make the search for new physics in the universe much faster, slashing the need for expensive simulations。 Yet the approach can backfire when AI relies too heavily on familiar patterns, potentially missing evidence of something truly new
A new technique could solve one of the biggest challenges in making future computer chips from ultrathin materials。 Researchers found that coating molybdenum disulfide with oxygen or fluorine lets manufacturers remove just the top layer of atoms much more safely during plasma processing。 The result is a cleaner, more controlled path toward smaller
NASA’s Lucy spacecraft discovered that asteroid Donaldjohanson is a wobbling, peanut-shaped relic born from a violent collision and slowly reshaped by the subtle force of sunlight。 It also carries traces of ancient water, making it an important clue to the solar system’s mysterious past
GTA6 might be an outlier, though—at least for now
Lawsuit alleged Disney inflated market prices by making carriers include ESPN
Scientists have found that staple-shaped particles can tangle together to create a material that is both strong and flexible。 Unlike conventional materials, these particles can be locked into a sturdy structure or rapidly unraveled using vibrations。 The unusual behavior could open the door to recyclable buildings, reconfigurable structures, and eve
SETI scientists searched the interstellar object 3I/ATLAS for radio signals that could indicate extraterrestrial technology but found nothing beyond human-made interference。 Even so, the rapid-response observations helped confirm the object's natural origin and showcased how future interstellar visitors can be investigated for signs of intelligent
A newly proposed quantum sensing technique could make it much easier to identify one of physics’ newest and most intriguing classes of magnets: altermagnets。 These unusual materials, discovered only a few years ago, appear to combine the speed and efficiency of antiferromagnets with some of the useful electronic properties of traditional magnets, m