LastPass bug could have let hackers steal your passwords

AppsCYBER SECURITYNews      Last Pass Fixes a bug that could let Malicious website Extract your last used Password
       By Alvin Wanjala

AppsCYBER SECURITYNews Last Pass Fixes a bug that could let Malicious website Extract your last used Password By Alvin Wanjala

Security researcher Tavis Ormandy of Google's Project Zero discovered the bug and reported it to LasPass, which released version 4.3.3 of the extension on September 12 to fix it. Ormandy discovered that the browser extension doesn't call a specific function, which means the extension will fill a new tab with the credentials that were used on the last site. Because the report details the necessary steps to reproduce the vulnerability, it is important that all users update to version 4.33.0.

The bug itself works by luring users to visit a malicious website where their LastPass browser extension is tricked into using a password from a previously visited website.

While LastPass was quick to resolve the issue, it didn't view the bug in quite the same light as Google's Project Zero team. To exploit it, a hacker could create a malicious website designed to fetch the password entry from a Lastpass Chrome extension user.

Alejandro Sanz deberá pagar casi seis millones de euros a exmanager
Según publicó El Mundo , Sanz no se fiaba de los números que figuraban en sus cuentas y pidió que se le realizara una auditoría. La exmánager del cantante le demandó después de que este rompiera de forma unilateral el contrato que les unía laboralmente.

Martín Vizcarra: Esperamos que Toledo sea extraditado el próximo año
En su dictamen, el juez Hixson afirmó que existe mucho riesgo de que el expresidente peruano pueda darse a la fuga, debido a que cuenta con conexiones con personas influyentes en diferentes países.

Colin Kaepernick's Nike ad wins Emmy for outstanding commercial
The more specialized awards show precedes the better-known prime-time Emmy Awards, which will air on September 22 on Fox. Citing people familiar with the matter, the Journal's report stated: "After images of the shoe were posted online, Mr.

In its defence, LastPass issued an advisory. This exploit may result in the last site credentials filled by LastPass to be exposed. However, we do recommend all users to double check if they are on the latest update version 4.33.0, to be absolutely sure they are safe from any potential threats.

According to Ormandy, an attacker could hide a malicious link behind a Google Translate users, tricking users to visiting the link then he/she can now be able to extract credentials used on the last site.

LastPass is advising users to update the Chrome extension for its password manager. LastPass quickly worked to develop a fix and verified the solution was comprehensive with Tavis. These developments were first reported by ZDNet. So far there is no evidence this bug was exploited in the wild. It's also a good example of why you should still use multi-factor authentication on top of using a password manager, especially for sensitive accounts. Using a password manager is many times better than leaving passwords stored inside a browser, from where they can be easily extracted by forensic tools and malware.

Recommended News

Nos complace proporcionar esta oportunidad para compartir información, experiencias y observaciones sobre lo que está en las noticias.
Algunos de los comentarios pueden ser reimpresos en otra parte del sitio o en el periódico.
Gracias por tomarse el tiempo para ofrecer sus pensamientos.