Contact us today!
866-348-2602

Total Tech Care Blog

Total Tech Care has been serving Florida since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Alert: LastPass Vulnerability Found. Is Any Password Manager Safe?

Alert: LastPass Vulnerability Found. Is Any Password Manager Safe?

Thanks to one of Google’s researchers with the Zero Day Project, it has been discovered that LastPass has a major vulnerability as a result of a major architectural problem. This news comes on the heels of many other flaws the same researcher discovered within LastPass. However, based on what the researcher claims, these vulnerabilities were much less serious than his latest discovery.

After having “an epiphany in the shower,” Tavis Ormandy realized that the latest version of the password manager’s browser extension is subject to a flaw that allows some malicious websites to have their way with the user’s system. Otherwise, the vulnerability allows malicious websites to steal the user’s passwords from behind LastPass’ protections. Unfortunately, this vulnerability seems to be present in the extensions for every major browser on Windows and Linux, and is most likely present for Mac users as well.

Making this vulnerability even more significant, the vulnerability only requires the extension to be installed in order for it to be exploited. A user could be logged out and still be subject to receiving malicious code from the website they’re visiting.

To their credit, LastPass is committed to resolving this issue, acknowledging Ormandy’s report a mere hour after he submitted it. Two days later, LastPass released a blog post going over these events and offering a few recommendations:

  • Launch websites from the LastPass vault: To retain the highest level of security as possible, it’s better to access websites from the LastPass vault itself.
  • Use Two-Factor Authentication wherever possible: This will add an extra layer of security to prevent leaked credentials from granting easy access to your accounts.
  • Keep an eye out for phishing attacks: Clicking on a malicious link is a great way to hand over your access credentials to malicious entities, so before you click on a link in a received message, take a moment to ask yourself if the link makes sense to be coming from who allegedly sent it.

LastPass has also been vocal in their appreciation for people like Ormandy finding issues like these before they are found the hard way. According to Joe Siegrist, cofounder and vice president of LastPass, “We greatly appreciate the work of the security community to challenge our product and uncover areas that need improvement.

LastPass now has 90 days before Ormandy and Project Zero release the technical details as part of their disclosure policies. In the meantime, it would be prudent to take LastPass’ advice to heart for the sake of your own network security.

To ensure your credentials are protected, and to schedule a full security audit, contact Total Tech Care at 866-348-2602.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Thursday, 24 April 2025
If you'd like to register, please fill in the username, password and name fields.

Blog Archive

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Free Consultation

      Sign up today for a
      FREE Network Consultation

      How secure is your IT infrastructure?
      Let us evaluate it for free!

      Sign up Now!

      Free Consultation
       

      Tag Cloud

      Security Tip of the Week Technology Best Practices Business Computing Cloud Privacy Hackers Productivity Hosted Solutions Efficiency Software Google Business Network Security Microsoft Internet Email Malware Backup Workplace Tips Innovation Data User Tips Computer Mobile Devices IT Services Hardware Disaster Recovery Android VoIP communications Communication Business Continuity IT Support Smartphones Smartphone Miscellaneous Mobile Device Small Business Network Browser Collaboration Productivity Cybersecurity Quick Tips Users Business Management Managed IT Services Upgrade Windows Phishing Outsourced IT Ransomware Data Backup Windows 10 Office Server Save Money Data Recovery Cloud Computing Passwords Windows 10 Tech Term Saving Money Holiday Social Media Chrome Gadgets Virtualization Automation Managed IT Services Microsoft Office Managed Service Computers Facebook Cybercrime Operating System Artificial Intelligence BYOD Mobile Device Management Networking IT Support Health Internet of Things Hacking Wi-Fi Telephone Systems Information Technology Remote Managed Service Provider Spam Alert Covid-19 Information Office 365 Bandwidth Recovery Employer-Employee Relationship Router BDR Social Engineering Mobility Money Mobile Computing App History Encryption Application Applications Data Breach Human Resources Law Enforcement Big Data Remote Monitoring Password Apps Office Tips Data Storage Patch Management Training VPN Government Remote Computing Blockchain Private Cloud Paperless Office Mobile Office How To Managed IT WiFi Voice over Internet Protocol IT solutions Wireless Entertainment Website Vulnerability Budget Windows 7 Word Gmail Google Drive Settings Servers Two-factor Authentication Avoiding Downtime Data Security Mouse HaaS Bring Your Own Device Flexibility Data Management Work/Life Balance Marketing Infrastructure Risk Management Hacker Conferencing End of Support The Internet of Things USB Education Physical Security Lithium-ion battery Scam Safety Data Protection Sports HIPAA Redundancy Vendor Management Firewall Keyboard Virtual Reality Apple Vendor Social Managed Services Telephone System Staff Software as a Service Display User Error Save Time Machine Learning Meetings Remote Work Connectivity Employee/Employer Relationship Cleaning RMM Biometrics Computing Virtual Desktop Printer Bluetooth Battery Augmented Reality Shadow IT Fraud DDoS Legal Business Intelligence SharePoint Remote Worker Digital Signage Internet Exlporer Worker Audit IT Management Cryptocurrency IT Consultant Botnet Customer Service PDF IT Plan Environment Procurement Workplace Strategy Humor Comparison Net Neutrality Proactive IT Fax Server Unsupported Software CES Help Desk Printing Best Practice YouTube Charger SaaS Business Technology Black Market Content Management Access Control Compliance Computer Care Managed Services Provider OneNote Network Congestion Virtual Assistant Current Events eWaste Document Management Telephony Authentication Database Wireless Technology Samsung Solid State Drive How to Downtime Remote Workers Virus Value Processor Data storage Update Electronic Medical Records Wearable Technology Automobile Spam Blocking Unified Threat Management Retail Computer Accessories Hard Drives Hard Drive Instant Messaging Google Docs Excel Hiring/Firing Identity Theft Robot Computing Infrastructure Going Green Tip of the week MSP Ergonomics Reputation webinar Accountants Streaming Media Emergency Smartwatch Tech Support Employer Employee Relationship Credit Cards OLED Content Professional Services Microchip Public Cloud Thought Leadership Development Techology Password Management PCI DSS Laptop Assessment Password Manager Virtual Machine Windows Server 2008 2FA Customers Fiber Optics Multi-Factor Security Employee Science Cabling Audiobook Tools Search Engine Twitter Messaging NIST Policy Printer Server Touchpad Television Business Mangement Hypervisor Dark mode Smart Tech Trend Micro Trending Amazon Default App Distributed Denial of Service Politics Customer Relationship Management Advertising Addiction SMS Procedure Analyitcs Public Computer Recycling Saving Time Regulations Wiring dark theme Programming Practices Shopping Notifications Transportation Google Search Rootkit Amazon Web Services IT Infrastructure Computer Fan Cache AI Safe Mode FinTech Criminal Bing Antivirus GDPR Relocation Workers Hosted Computing Social Network Benefits Windows 8 Online Shopping Investment FENG Wireless Internet IT service Video Games File Sharing Employees IBM Employee/Employer Relationships Worker Commute Flash Camera Windows 365 Inventory Smart Technology Specifications ISP Tablet Evernote ROI Experience Consultant Wire Video Conferencing Domains Scalability Software Tips Sales Analytics Supercomputer Bitcoin Travel Shortcuts Business Owner Sync Printers Point of Sale Emails Personal Millennials Cryptomining NarrowBand Wireless Charging IaaS Best Available Maintenance Smart Office Supply Chain Management WIndows 7 Search Monitoring Bloatware Batteries Virtual Private Network Windows 8.1 iPhone Netflix Digitize Two Factor Authentication Workforce Tablets Cables Windows Server 2008 R2 Root Cause Analysis HBO Customer relationships Entrepreneur Knowledge Music Skype Project Management Email Best Practices Files Nanotechnology IT Assessment Telecommuting Manufacturing Shortcut Data loss Chromecast Cortana User Outlook Computer Tips PowerPoint Cost Management Leadership Digital Signature Managed IT Service Windows Media Player Troubleshooting Security Cameras Uninterrupted Power Supply Biometric Security Start Menu Warranty Virtual CIO Social Networking Colocation OneDrive Screen Mirroring HVAC Peripheral Loyalty Google Apps Managing Stress Frequently Asked Questions Digital Security Cameras Monitor Analysis Using Data Books 5G Running Cable Mobile Administrator Windows 10s Devices Copiers Cast Enterprise Content Management Quick Tip Cameras Memory

      Top Blog

      The reasoning for this is simple: you want to make sure that operations are proceeding as intended, even if you’re not there. If you completely check out from the workplace every time you leave, you could return from your vacation to a complete and total disaster that may have been prevented with y...
      QR-Code