Items tagged with lasspass

If you use LastPass to manage your passwords, be advised that a recent update fixed a security issue that could allow an attacker to steal your login credentials. The issue is resolved in LastPass 4.33.0. However, if you do not have LastPass configured to update automatically, it is advised that you manually patch it as soon as possible. Tavis Ormandy, a security researcher with Google's Project Zero team, discovered the flaw and posted details on how to reproduce the issue. The attack vector leverages JavaScript, so an attacker need only configure a malicious webpage to exploit the vulnerabilities. It is not all that complicated for an attacker to pull this off. It essentially involves tricking... Read more...