共找到 20 条结果
Managing the security of employee work computers has become increasingly important as today's work model shifts to remote and hybrid work plans. In this paper, we explore the recent 2022 LastPass data breach, in which the attacker obtained sensitive customer data by exploiting a software vulnerability on a DevSecOps engineer's computer. We discuss the methodology of the attacker as well as the impact this incident had on LastPass and its customers. Next, we expand upon the impact the breach had on LastPass as well as its customers. From this, we propose solutions for preparing for and mitigating similar attacks in the future. The aim of this paper is to shed light on the LastPass incident and provide methods for companies to secure their employee base, both nationally and internationally. With a strong security structure, companies can vastly reduce the chances of falling victim to a similar attack.
This paper examines the complex nature of cyber attacks through an analysis of the LastPass breach. It argues for the integration of human-centric considerations into cybersecurity measures, focusing on mitigating factors such as goal-directed behavior, cognitive overload, human biases (e.g., optimism, anchoring), and risky behaviors. Findings from an analysis of this breach offers support to the perspective that addressing both the human and technical dimensions of cyber defense can significantly enhance the resilience of cyber systems against complex threats. This means maintaining a balanced approach while simultaneously simplifying user interactions, making users aware of biases, and discouraging risky practices are essential for preventing cyber incidents.
Prehospital endotracheal intubation (ETI) is a lifesaving procedure with known complications. To reduce ETI-associated morbidity and mortality, organizations prioritize first-pass success (FPS). However, there are few data evaluating the association of FPS with clinician licensure. We performed a retrospective chart review of all paramedic and nurse ETI attempts by a multi-state air and ground critical care transport service between January 1, 2008, and December 31, 2023. Our outcomes of interest were FPS and last-pass success (LPS). The exposure of interest was clinician license. We performed a multivariable logistic regression controlling for multiple common patient/operational confounders: age, sex, referring/procedure location, medical category, year, paralytic use, and proceduralist experience. As an exploratory analysis we assessed FPS by licensure and years of experience using time since first patient mission as a surrogate (<1 year, 1 to <2 years, 2 to <3 years, and 3+ years). Of 171,804 encounters over the study period, 8,307 (4.8%) required ETI. Included encounters were mostly adult (≥18 years old; 91.0%), male (64.0%), and victims of trauma (57.4%). Most intubations were performed on primary retrieval (scene) missions (70.5%) with neuromuscular blockade (93.3%). Nurses and paramedics intubated with similar success on the first (88.8%; 95% confidence interval [CI] 87.9-89.8 vs. 89.7%; 95% CI 88.7-90.7) and last (97.4%; 95% CI 96.9-97.9 vs. 97.3%; 95% CI 96.7-97.8) attempts. Multivariable analysis revealed no significant difference between two groups for FPS (aOR 0.90; 95% CI 0.77-1.04]) or LPS (aOR 1.00; 95% CI 0.76-1.32). FPS was also similar for nurses (74.7%; 95% CI 69.8-79.7) and paramedics (80.6%; 95% CI 75.6-85.6) within the first year, and after 3 years of experience (91.6%; 95% CI 90.6-92.5 vs. 91.5%; 95% CI 90.5-92.6). Critical care paramedics and nurses perform ETI with similar proficiency. In this analysis of 7,812 intubations, clinician licensure was not associated with FPS nor LPS after controlling for multiple common confounders. Further research evaluating training schemes especially in early years of experience is needed.
Left atrial (LA) mechanics are strongly linked with left ventricular (LV) filling. The LA diastasis strain slope (LADSS), which spans between the passive and active LA emptying phases, may be a key indicator of the LA-LV interplay during diastole. This study aimed to investigate the LA-LV interdependencies in post-ST elevation myocardial infarction (STEMI), with particular focus on the LADSS. Patients with post-anterior STEMI who received primary percutaneous coronary intervention underwent contrast cardiac magnetic resonance imaging (MRI) during acute (5-9 days post-STEMI) and chronic (at 6 months) phases. The LADSS was categorized into three groups: Groups 1, 2, and 3 representing positive, flat, and negative slopes, respectively. Cross-sectional correlates of LADSS Group 2 or 3 compared to Group 1 were identified, adjusting for demographics, LA indices, and with or without LV indices. The associations of acute phase LADSS with the recovery of LV ejection fraction (LVEF) and scar amount were investigated. Sixty-six acute phase (86.4% male, 63.1 ± 11.8 years) and 59 chronic phase cardiac MRI images were investigated. The distribution across LADSS Groups 1, 2, and 3 in the acute phase was 24.2%, 28.9%, and 47.0%, respectively, whereas in the chronic phase, it was 33.9%, 22.0%, and 44.1%, respectively. LADSS Group 3 demonstrated a higher heart rate than Group 1 in the acute phase (61.9 ± 8.7 vs. 73.5 ± 11.9 bpm, p < 0.01); lower LVEF (48.7 ± 8.6 vs. 41.8 ± 9.9%, p = 0.041) and weaker LA passive strain rate (SR) (-1.1 ± 0.4 vs. -0.7 [-1.2 to -0.6] s-1, p = 0.037) in the chronic phase. Chronic phase Group 3 exhibited weaker LA passive SR [relative risk ratio (RRR) = 8.8, p = 0.012] than Group 1 after adjusting for demographics and LA indices; lower LVEF (RRR = 0.85, p < 0.01), higher heart rate (RRR = 1.1, p = 0.070), and less likelihood of being male (RRR = 0.08, p = 0.058) after full adjustment. Acute phase LADSS Groups 2 and 3 predicted poor recovery of LVEF when adjusted for demographics and LA indices; LADSS Group 2 remained a predictor in the fully adjusted model (β = -5.8, p = 0.013). The LADSS serves both as a marker of current LV hemodynamics and its recovery in post-anterior STEMI. The LADSS is an important index of LA-LV interdependency during diastole. https://clinicaltrials.gov/, identifier NCT03950310.
The objective of the verification process, besides guaranteeing security, is also to be effective and robust. This means that the login should take as little time as possible, and each time allow for a successful authentication of the authorised account. In recent years, however, online users have been experiencing more and more issues with recalling their own passwords on the spot. According to research done in 2017 by LastPass on its employees, the number of personal accounts assigned to one business user currently exceeds 191 profiles and keeps growing. Remembering these many passwords, especially to applications which are not used every week, seems to be impossible without storing them either on paper, in a password manager, or saved in a file somewhere on a PC. In this article a new verification model using a Google Street View image as well as the user's personal experience and knowledge will be presented. The purpose of this scheme is to assure secure verification by creating longer passwords as well as delivering a 'password reminder' already embedded into the login scheme.
We develop an economic model of an offline password cracker which allows us to make quantitative predictions about the fraction of accounts that a rational password attacker would crack in the event of an authentication server breach. We apply our economic model to analyze recent massive password breaches at Yahoo!, Dropbox, LastPass and AshleyMadison. All four organizations were using key-stretching to protect user passwords. In fact, LastPass' use of PBKDF2-SHA256 with $10^5$ hash iterations exceeds 2017 NIST minimum recommendation by an order of magnitude. Nevertheless, our analysis paints a bleak picture: the adopted key-stretching levels provide insufficient protection for user passwords. In particular, we present strong evidence that most user passwords follow a Zipf's law distribution, and characterize the behavior of a rational attacker when user passwords are selected from a Zipf's law distribution. We show that there is a finite threshold which depends on the Zipf's law parameters that characterizes the behavior of a rational attacker -- if the value of a cracked password (normalized by the cost of computing the password hash function) exceeds this threshold then the adve
The small bit of air in the bottle sees oxygen and other chemicals move in and out
A clever nanoscale redesign may have solved one of superconductivity’s biggest problems。 Researchers in Sweden discovered that by subtly sculpting the surface beneath an ultrathin superconducting material, they could make it stay superconducting at higher temperatures and under much stronger magnetic fields
A rare meteorite has revealed evidence of a massive lost world that once orbited the young Sun before being destroyed in a catastrophic collision。 The discovery suggests some early planets formed from dramatically different materials than Earth and Mars, rewriting part of the solar system’s origin story
Scientists have found that staple-shaped particles can tangle together to create a material that is both strong and flexible。 Unlike conventional materials, these particles can be locked into a sturdy structure or rapidly unraveled using vibrations。 The unusual behavior could open the door to recyclable buildings, reconfigurable structures, and eve
Researchers gave top AI models a classic attention test used in psychology and found a major flaw。 While the models could correctly name colors in short lists, their performance deteriorated sharply as the task became longer and more complex。 Some leading systems fell from over 90% accuracy to nearly complete failure
Oxford physicists have created an entirely new type of Schrödinger’s cat-like quantum state using components that are themselves highly quantum in nature。 The advance could open new possibilities for more resilient quantum computers and deeper insights into the strange rules that govern the quantum universe
Europeans are baking under their second heat wave of the summer
A colossal ancient collision may have left some of the Moon’s deepest secrets surprisingly close to future Artemis landing sites。 By recreating the impact that formed the giant South Pole-Aitken basin—the Moon’s largest and oldest crater—scientists found that a low-angle strike from a large, iron-cored object blasted material from deep inside the M
The race to build data centers in space is gaining momentum as AI drives unprecedented demand for computing power。 Orbital facilities could tap into abundant solar energy and avoid many of the environmental challenges faced on Earth。 Yet space remains a harsh and expensive place to operate, with major hurdles including cooling, maintenance, radiati
SETI scientists searched the interstellar object 3I/ATLAS for radio signals that could indicate extraterrestrial technology but found nothing beyond human-made interference。 Even so, the rapid-response observations helped confirm the object's natural origin and showcased how future interstellar visitors can be investigated for signs of intelligent
Scientists have uncovered a surprising connection between quantum gravity and an exotic quantum state of matter that could explain why the universe isn’t expanding wildly fast。 The study suggests that the very shape of space-time may protect the cosmological constant from disruptive quantum effects