Contact us today!
866-348-2602

Total Tech Care Blog

Total Tech Care has been serving Florida since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Alert: LastPass Vulnerability Found. Is Any Password Manager Safe?

Alert: LastPass Vulnerability Found. Is Any Password Manager Safe?

Thanks to one of Google’s researchers with the Zero Day Project, it has been discovered that LastPass has a major vulnerability as a result of a major architectural problem. This news comes on the heels of many other flaws the same researcher discovered within LastPass. However, based on what the researcher claims, these vulnerabilities were much less serious than his latest discovery.

After having “an epiphany in the shower,” Tavis Ormandy realized that the latest version of the password manager’s browser extension is subject to a flaw that allows some malicious websites to have their way with the user’s system. Otherwise, the vulnerability allows malicious websites to steal the user’s passwords from behind LastPass’ protections. Unfortunately, this vulnerability seems to be present in the extensions for every major browser on Windows and Linux, and is most likely present for Mac users as well.

Making this vulnerability even more significant, the vulnerability only requires the extension to be installed in order for it to be exploited. A user could be logged out and still be subject to receiving malicious code from the website they’re visiting.

To their credit, LastPass is committed to resolving this issue, acknowledging Ormandy’s report a mere hour after he submitted it. Two days later, LastPass released a blog post going over these events and offering a few recommendations:

  • Launch websites from the LastPass vault: To retain the highest level of security as possible, it’s better to access websites from the LastPass vault itself.
  • Use Two-Factor Authentication wherever possible: This will add an extra layer of security to prevent leaked credentials from granting easy access to your accounts.
  • Keep an eye out for phishing attacks: Clicking on a malicious link is a great way to hand over your access credentials to malicious entities, so before you click on a link in a received message, take a moment to ask yourself if the link makes sense to be coming from who allegedly sent it.

LastPass has also been vocal in their appreciation for people like Ormandy finding issues like these before they are found the hard way. According to Joe Siegrist, cofounder and vice president of LastPass, “We greatly appreciate the work of the security community to challenge our product and uncover areas that need improvement.

LastPass now has 90 days before Ormandy and Project Zero release the technical details as part of their disclosure policies. In the meantime, it would be prudent to take LastPass’ advice to heart for the sake of your own network security.

To ensure your credentials are protected, and to schedule a full security audit, contact Total Tech Care at 866-348-2602.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, 02 April 2025
If you'd like to register, please fill in the username, password and name fields.

Blog Archive

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Free Consultation

      Sign up today for a
      FREE Network Consultation

      How secure is your IT infrastructure?
      Let us evaluate it for free!

      Sign up Now!

      Free Consultation
       

      Tag Cloud

      Security Tip of the Week Technology Best Practices Business Computing Cloud Privacy Hackers Productivity Hosted Solutions Efficiency Software Network Security Google Business Microsoft Internet Email Malware Backup Workplace Tips Innovation User Tips Data Computer Mobile Devices Hardware IT Services Disaster Recovery Android VoIP communications Business Continuity Smartphones Communication IT Support Smartphone Miscellaneous Mobile Device Small Business Network Browser Collaboration Productivity Quick Tips Cybersecurity Users Business Management Managed IT Services Windows Upgrade Phishing Outsourced IT Ransomware Data Backup Windows 10 Office Data Recovery Server Save Money Cloud Computing Windows 10 Passwords Social Media Saving Money Holiday Gadgets Chrome Tech Term Virtualization Managed IT Services Managed Service Microsoft Office Automation Computers Cybercrime Operating System Artificial Intelligence Facebook BYOD Health Mobile Device Management Internet of Things Networking IT Support Wi-Fi Hacking Remote Spam Alert Covid-19 Information Managed Service Provider Office 365 Telephone Systems Information Technology Recovery Employer-Employee Relationship Router Bandwidth BDR Social Engineering Mobility Applications Mobile Computing Data Breach Application Human Resources Law Enforcement Remote Monitoring Big Data Password Money App History Encryption VPN Government Remote Computing Blockchain Private Cloud Paperless Office Mobile Office How To Managed IT Apps Office Tips Data Storage Patch Management Training WiFi Gmail Google Drive IT solutions Settings Entertainment Servers Website Budget Two-factor Authentication Avoiding Downtime Data Security Mouse HaaS Bring Your Own Device Data Management Work/Life Balance Infrastructure Voice over Internet Protocol Wireless Vulnerability Flexibility Windows 7 Marketing Word Safety Data Protection HIPAA Sports Redundancy Vendor Management Firewall Keyboard USB Virtual Reality Apple Vendor Social Managed Services Telephone System Staff Software as a Service Display User Error Save Time Machine Learning Meetings Connectivity Remote Work Employee/Employer Relationship Cleaning RMM Risk Management Hacker Conferencing End of Support The Internet of Things Education Physical Security Lithium-ion battery Scam IT Management Cryptocurrency Printer Botnet Customer Service PDF IT Plan Bluetooth Environment Procurement Workplace Strategy Comparison Net Neutrality Proactive IT Fax Server Unsupported Software CES Help Desk Printing Best Practice YouTube Charger SaaS Business Technology IT Consultant Black Market Content Management Access Control Compliance Computer Care Managed Services Provider OneNote Network Congestion Virtual Assistant Current Events Humor eWaste Document Management Telephony Authentication Database Wireless Technology Samsung Solid State Drive How to Downtime Remote Workers Value Processor Data storage Update Wearable Technology Automobile Spam Blocking Electronic Medical Records Hard Drives Hard Drive Retail Instant Messaging Google Docs Robot Computing Infrastructure Excel Hiring/Firing Identity Theft Going Green Biometrics Computing Virtual Desktop Virus Battery Augmented Reality Unified Threat Management Computer Accessories DDoS Shadow IT Fraud Legal Business Intelligence SharePoint Remote Worker Digital Signage Audit Internet Exlporer Worker Analyitcs Public Computer Recycling Saving Time Procedure Regulations Wiring dark theme Programming Practices Shopping Notifications Transportation Google Search Computer Fan Cache AI Rootkit Amazon Web Services IT Infrastructure Safe Mode FinTech Criminal Bing Antivirus GDPR Relocation Workers Hosted Computing Social Network Benefits Windows 8 Online Shopping Investment Printer Server FENG Wireless Internet IT service Video Games File Sharing Employees IBM Employee/Employer Relationships Worker Commute Flash Camera Windows 365 Inventory Smart Technology Specifications ISP Tablet Evernote ROI Experience Wire Video Conferencing Domains Scalability Software Tips Sales Supercomputer Bitcoin Travel Shortcuts Business Owner Sync Printers Point of Sale Emails Personal Millennials Cryptomining NarrowBand Wireless Charging IaaS Maintenance Smart Office Supply Chain Management Search Monitoring Bloatware Batteries Virtual Private Network Windows 8.1 iPhone Netflix Digitize Two Factor Authentication Workforce Tablets Cables Windows Server 2008 R2 Root Cause Analysis HBO Customer relationships Entrepreneur Knowledge Music Skype Project Management Email Best Practices Files Nanotechnology IT Assessment Consultant Telecommuting Manufacturing Chromecast Cortana Analytics Shortcut Data loss Outlook Computer Tips Cost Management Leadership Digital Signature Managed IT Service Troubleshooting Security Cameras Start Menu Warranty Virtual CIO Social Networking Colocation OneDrive Best Available Uninterrupted Power Supply Biometric Security Loyalty Google Apps Screen Mirroring HVAC Peripheral WIndows 7 Frequently Asked Questions Digital Security Cameras Monitor Analysis Using Data Books Running Cable Mobile Administrator Windows 10s Devices Copiers 5G Memory Cast Enterprise Content Management Quick Tip Tip of the week MSP Ergonomics Reputation webinar Accountants Streaming Media Emergency Smartwatch Content Professional Services Microchip Public Cloud Thought Leadership Development Tech Support Employer Employee Relationship Credit Cards OLED User Laptop Assessment Password Manager Virtual Machine PowerPoint Windows Media Player Techology Password Management PCI DSS Windows Server 2008 2FA Customers Fiber Optics Multi-Factor Security Employee Audiobook Tools Search Engine Twitter Messaging Science Cabling Managing Stress Touchpad Television Business Mangement Hypervisor NIST Policy Dark mode Smart Tech Trend Micro Trending Cameras Distributed Denial of Service Politics Customer Relationship Management Advertising Addiction SMS Amazon Default App

      Top Blog

      The reasoning for this is simple: you want to make sure that operations are proceeding as intended, even if you’re not there. If you completely check out from the workplace every time you leave, you could return from your vacation to a complete and total disaster that may have been prevented with y...
      QR-Code