Security News LastPass working on security update for newly discovered vulnerability

BoraMurdar

BoraMurdar

Super Moderator
Thread author
Verified
Staff Member
Well-known
Aug 30, 2012
6,598
Following the security vulnerability discovered on 22. March,
LastPass Chrome & Firefox Extensions Affected by Critical Bug (Patched)

Following this announcement, the firm acknowledged the vulnerability on Twitter, stating they were aware of what had been reported, and that the team "has put a workaround in place while we work on a resolution". As of 2:49 PM Eastern time US on March 22, extensions for Firefox and Chrome had been released containing the fix, with Opera and Edge add-ons still pending approval. LastPass released a full report on its blog. That, however, was not all.

On March 25, Tavis discovered yet another vulnerability, affecting version 4.1.43, the latest for Google Chrome.
Click to expand...

lVUa9Gb.png


To expand on the issue, LastPass also put up a post today, in which they made it clear that a fix is being worked on. The client side vulnerability discovered over the weekend allows for an attack that is "unique and highly sophisticated". As such, the firm declined to disclose anything specific about either the vulnerability or the patch, until everything is said and done. The reasoning given is that doing so could "reveal anything to less sophisticated but nefarious parties", which is of course not the intention.

As a precaution, until everything is sorted, LastPass recommends you launch sites directly from the vault (to protect your sign-in credentials), use two-factor authentication on every service that offers it, and to stay vigilant to avoid phishing attempts.

Source: LastPass Blog
 
  • Like
Reactions: shmu26, conceptualclarity, _CyberGhosT_ and 4 others
Kalimirro

Kalimirro

Level 2
Verified
Nov 29, 2013
56
Doing so would allow the attacker to potentially retrieve and expose information from the LastPass account, such as user’s login credentials.
Click to expand...

Aw! Get the master password = big fish.
 
R

Rodney74

Tried last pass, and dashlane, then I tried Sticky Password (It's free)..

OMG what a pleasure to use such a nice Password Manager, and auto form filler.

Lastpass was the most difficult, for example saving and deleting passwords.

Dashlane was easy, but filled some forms incorrectly.

Sticky, was the best of all...Very nice especially for free, paid product available in order to sync devices.
 
Last edited by a moderator:
You must log in or register to reply here.

Similar threads

enaph
    • +Reputation
    • Like
Security News LastPass Warns of Phishing Scam via Fake Chrome Store Reviews
Replies
2
Views
565
Security News
lokamoka820
lokamoka820
enaph
    • +Reputation
    • Like
Security News Apple Safari Flaw “HM Surf” Allows Unauthorized Data Access on macOS
Replies
0
Views
1,369
Security News
enaph
enaph
Gandalf_The_Grey
    • Like
    • +Reputation
Security News Intel, AMD CPUs on Linux impacted by newly disclosed Spectre bypass
Replies
2
Views
1,672
Security News
SeriousHoax
SeriousHoax

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top