Login | Register 
Contact us today!
866-348-2602

Total Tech Care Blog

Total Tech Care has been serving Florida since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Font size: +
Subscribe to this blog post
Print

Alert: LastPass Vulnerability Found. Is Any Password Manager Safe?

Total Tech Care Blog
0 Comments
Alert: LastPass Vulnerability Found. Is Any Password Manager Safe?

Thanks to one of Google’s researchers with the Zero Day Project, it has been discovered that LastPass has a major vulnerability as a result of a major architectural problem. This news comes on the heels of many other flaws the same researcher discovered within LastPass. However, based on what the researcher claims, these vulnerabilities were much less serious than his latest discovery.

After having “an epiphany in the shower,” Tavis Ormandy realized that the latest version of the password manager’s browser extension is subject to a flaw that allows some malicious websites to have their way with the user’s system. Otherwise, the vulnerability allows malicious websites to steal the user’s passwords from behind LastPass’ protections. Unfortunately, this vulnerability seems to be present in the extensions for every major browser on Windows and Linux, and is most likely present for Mac users as well.

Making this vulnerability even more significant, the vulnerability only requires the extension to be installed in order for it to be exploited. A user could be logged out and still be subject to receiving malicious code from the website they’re visiting.

To their credit, LastPass is committed to resolving this issue, acknowledging Ormandy’s report a mere hour after he submitted it. Two days later, LastPass released a blog post going over these events and offering a few recommendations:

  • Launch websites from the LastPass vault: To retain the highest level of security as possible, it’s better to access websites from the LastPass vault itself.
  • Use Two-Factor Authentication wherever possible: This will add an extra layer of security to prevent leaked credentials from granting easy access to your accounts.
  • Keep an eye out for phishing attacks: Clicking on a malicious link is a great way to hand over your access credentials to malicious entities, so before you click on a link in a received message, take a moment to ask yourself if the link makes sense to be coming from who allegedly sent it.

LastPass has also been vocal in their appreciation for people like Ormandy finding issues like these before they are found the hard way. According to Joe Siegrist, cofounder and vice president of LastPass, “We greatly appreciate the work of the security community to challenge our product and uncover areas that need improvement.

LastPass now has 90 days before Ormandy and Project Zero release the technical details as part of their disclosure policies. In the meantime, it would be prudent to take LastPass’ advice to heart for the sake of your own network security.

To ensure your credentials are protected, and to schedule a full security audit, contact Total Tech Care at 866-348-2602.

Tweet
Tags:
Alert Data Breach
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Friday, 24 January 2025
If you'd like to register, please fill in the username, password and name fields.

Blog Categories

Blog Archive

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Free Consultation

      Sign up today for a
      FREE Network Consultation

      How secure is your IT infrastructure?
      Let us evaluate it for free!

      Sign up Now!

      Free Consultation
       

      Tag Cloud

      Security Tip of the Week Technology Best Practices Business Computing Cloud Privacy Hackers Productivity Hosted Solutions Efficiency Software Network Security Business Google Microsoft Internet Email Malware Workplace Tips Backup Innovation Data User Tips Computer Mobile Devices IT Services Hardware Android VoIP Disaster Recovery communications IT Support Smartphones Communication Business Continuity Miscellaneous Smartphone Mobile Device Browser Small Business Network Collaboration Productivity Quick Tips Cybersecurity Business Management Users Phishing Upgrade Windows Managed IT Services Data Backup Outsourced IT Ransomware Windows 10 Cloud Computing Server Save Money Data Recovery Office Passwords Windows 10 Tech Term Gadgets Chrome Virtualization Social Media Saving Money Holiday Managed IT Services Microsoft Office Automation Managed Service Cybercrime Operating System Artificial Intelligence Computers Facebook Networking Health IT Support Internet of Things Hacking Wi-Fi BYOD Mobile Device Management Managed Service Provider Alert Covid-19 Spam Office 365 Telephone Systems Information Technology Information Remote BDR Social Engineering Mobility Router Bandwidth Recovery Employer-Employee Relationship Human Resources Law Enforcement Big Data Remote Monitoring Data Breach Password Money App Mobile Computing History Encryption Applications Application Remote Computing Private Cloud Data Storage Patch Management Mobile Office Managed IT Apps Blockchain Office Tips Paperless Office Training VPN How To Government Voice over Internet Protocol Avoiding Downtime Two-factor Authentication Mouse Vulnerability HaaS Windows 7 Word Bring Your Own Device Data Management Work/Life Balance Servers Flexibility Marketing WiFi Wireless IT solutions Entertainment Website Data Security Google Drive Budget Gmail Settings Infrastructure Virtual Reality Vendor Apple Managed Services Display Conferencing Social Save Time Data Protection Scam User Error Meetings Employee/Employer Relationship Cleaning RMM Vendor Management Risk Management Hacker End of Support Physical Security Education Staff Software as a Service The Internet of Things Telephone System Safety Lithium-ion battery Machine Learning HIPAA Sports USB Connectivity Remote Work Redundancy Keyboard Firewall Humor YouTube Black Market Hiring/Firing SaaS Managed Services Provider Augmented Reality Fraud Database Document Management Network Congestion Solid State Drive Wireless Technology Remote Worker Remote Workers eWaste How to Downtime Cryptocurrency Processor Business Intelligence Data storage Automobile Audit Worker Comparison Hard Drive IT Management Wearable Technology Virus Retail Computing Infrastructure Hard Drives Botnet CES Unified Threat Management Instant Messaging Going Green IT Plan Computing Excel Computer Accessories Robot Business Technology Content Management Access Control Biometrics Unsupported Software Battery Virtual Desktop Shadow IT Virtual Assistant Charger Authentication Legal Digital Signage Compliance DDoS Printer Internet Exlporer OneNote Bluetooth Computer Care Current Events SharePoint Telephony Update PDF Samsung Procurement Net Neutrality Workplace Strategy Customer Service Google Docs Environment Proactive IT IT Consultant Value Help Desk Identity Theft Printing Best Practice Spam Blocking Electronic Medical Records Fax Server Accountants Experience IT service Video Conferencing ROI Screen Mirroring MSP Loyalty Microchip Shortcuts Thought Leadership Books Credit Cards Scalability Sales Bitcoin Frequently Asked Questions Personal Tablet Mobile Cryptomining Windows 10s Password Management Password Manager Business Owner Point of Sale Domains Multi-Factor Security Supply Chain Management NarrowBand Cast Tip of the week Search Engine webinar Twitter Consultant Emergency Search Monitoring Batteries Windows 8.1 Maintenance iPhone Digitize Professional Services Public Cloud NIST Employer Employee Relationship IaaS Business Mangement Analytics Assessment Smart Tech Trending Bloatware Windows Server 2008 R2 Windows Server 2008 Addiction Best Available Amazon Customer relationships Email Best Practices Files IT Assessment Tablets Tools Manufacturing WIndows 7 Recycling Television Practices Entrepreneur Chromecast Wiring Managed IT Service Security Cameras Cache Amazon Web Services Computer Tips Virtual CIO Shortcut Colocation OneDrive Uninterrupted Power Supply Biometric Security Safe Mode Criminal Public Computer Hosted Computing Peripheral Cost Management GDPR Monitor Using Data Regulations Wireless Internet Transportation Online Shopping Digital Security Cameras Social Networking Windows Media Player Copiers 5G Computer Fan File Sharing User Rootkit PowerPoint Inventory Specifications Quick Tip Camera Reputation Streaming Media Smartwatch Workers Wire Benefits Running Cable Evernote Ergonomics Content Travel Development Memory Tech Support OLED FENG Managing Stress Printers IBM Millennials Techology PCI DSS Laptop Virtual Machine Customers Fiber Optics Flash Employee Smart Office Smart Technology Wireless Charging Cameras 2FA Audiobook Messaging Cabling Virtual Private Network Supercomputer Workforce Policy Touchpad Hypervisor Software Tips Trend Micro Science Sync Emails Cables Dark mode Politics Advertising SMS Default App Project Management Nanotechnology Telecommuting Procedure Saving Time Shopping Notifications Google Search Netflix Two Factor Authentication Distributed Denial of Service Cortana Printer Server dark theme Customer Relationship Management Digital Signature AI Analyitcs IT Infrastructure Root Cause Analysis Warranty Bing Knowledge Music FinTech Programming HBO Relocation Social Network Skype HVAC Google Apps Analysis Investment Data loss Administrator Leadership Devices Troubleshooting Antivirus Video Games Employees Employee/Employer Relationships Outlook Windows 8 Start Menu ISP Enterprise Content Management Worker Commute Windows 365

      Top Blog

      Taking a Vacation From Your Technology While On Vacation Can Actually Make Things Worse
      The reasoning for this is simple: you want to make sure that operations are proceeding as intended, even if you’re not there. If you completely check out from the workplace every time you leave, you could return from your vacation to a complete and total disaster that may have been prevented with y...
      Read More
      QR-Code