Browsing tag
The massive breach at LastPass was the result of one of its engineers failing to update Plex on their home computer, in what’s a sobering reminder of the dangers of failing to keep software up-to-date. The embattled password management service last week revealed how unidentified actors leveraged information stolen from an earlier incident that took […]
LastPass, which in December 2022 disclosed a severe data breach that allowed threat actors to access encrypted password vaults, said it happened as a result of the same adversary launching a second attack on its systems. The company said one of its DevOps engineers had their personal home computer breached and infected with a keylogger […]
LastPass-owner GoTo (formerly LogMeIn) on Tuesday disclosed that unidentified threat actors were able to steal encrypted backups of some customers’ data along with an encryption key for some of those backups in a November 2022 incident. The breach, which targeted a third-party cloud storage service, impacted Central, Pro, join.me, Hamachi, and RemotelyAnywhere products, the company […]
The latest breach announced by LastPass is a major cause for concern to security stakeholders. As often occurs, we are at a security limbo – on the one hand, as LastPass has noted, users who followed LastPass best practices would be exposed to practically zero to extremely low risk. However, to say that password best […]
The August 2022 security breach of LastPass may have been more severe than previously disclosed by the company. The popular password management service on Thursday revealed that malicious actors obtained a trove of personal information belonging to its customers that include their encrypted password vaults by using data siphoned from the earlier break-in. Also stolen […]
Popular password management service LastPass said it’s investigating a second security incident that involved attackers accessing some of its customer information. “We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo,” LastPass CEO Karim Toubba said. GoTo, formerly called LogMeIn, acquired LastPass in […]
One of the users who received an email alert from LastPass stated that it warned them of an unauthorized login attempt using their account’s master password. LastPass password manager users were shocked when they received alerts about their accounts getting compromised during a hack attack. The company released a statement on December 28th stating that […]
If you are an avid user of password managers, you might just be in for a surprise. A recent study by researchers at the Independent Security Evaluators found that a number of popular password managers were storing master passwords as plain text within the main memory of devices. To an expert hacker, this vulnerability is equivalent to […]
Tavis Ormandy, a security researcher for Google, has managed to find yet another flaw in the LastPass password manager. Ormandy has reported several critical security flaws in the password manager during the past week, and this weekend he has managed to discover a new one. “I had an epiphany in the shower this morning and […]
Travis Ormandy, a researcher at Google project zero, found some critical security flaws in the famous password manager LastPass which could allow hackers to steal passwords. At first, it was the LastPass version 3.3.2 which was reported to have the bug. Mr. Ormandy hasn’t made his finding public until now, and it looks like LastPass […]
LastPass says it patched one of two separate bugs that affected its Chrome and Firefox browser extensions, which if exploited, would have allowed a third-party to extract passwords from users visiting a malicious website. Both bugs were discovered by Tavis Ormandy, a security researcher working for Google’s Project Zero. Of the two bugs Ormandy discovered, […]
You should have these five tools to protect your Facebook, Twitter, LinkedIn and other social media accounts Social media has taken the world by storm through dozens of websites, mobile apps, and other forms of technologies improving the way people communicate with each other. There are social media sites that have millions of members allowing […]
LastPass Password Manager – renowned for being a secure vault for user’s passwords, has recently demonstrated vulnerabilities that could expose many users’ accounts. A phishing technique can easily and literally do the trick: a little more than a combination between software flaws and social engineering. Security researcher Sean Cassidy, who developed the phishing attack, claims […]
At the recent ShmooCon conference a researcher presented a LastPass phishing attack that could allow hackers to steal your password. We discussed several times the importance of password managers such as LastPass, but sometimes hackers could exploit them to launch their attacks. The security researcher Sean Cassidy has presented on Saturday at the ShmooCon hacker conference […]
The password manager, LastPass, allows you to check if the saved sites are affected by the bug through its ‘LastPass Heratbleed Checker. LastPass’s Security Check tells you which sites have updated their certificates, and whether you need to change your password for that site. Image credit: Cnet In the latest attempt to safeguard against the openSSL programming […]