psyko666 Posted March 27, 2017 Share Posted March 27, 2017 Over the weekend, Google security researcher Tavis Ormandy reported a new client-side vulnerability in the LastPass browser extension. We are now actively addressing the vulnerability. This attack is unique and highly sophisticated. We don’t want to disclose anything specific about the vulnerability or our fix that could reveal anything to less sophisticated but nefarious parties. So you can expect a more detailed post mortem once this work is complete. In the meantime, we want to thank people like Tavis who help us raise the bar for online security with LastPass, and work with our teams to continue to make LastPass the most secure password manager on the market. And we want to offer our users with a few steps they can take to further protect themselves from these types of client-side issues. Use the LastPass Vault as a launch pad – Launch sites directly from the LastPass vault. This is the safest way to access your credentials and sites until this vulnerability is resolved. Two-Factor Authentication on any service that offers it – Whenever possible, turn on two-factor authentication with your accounts; many websites now offer this option for added security. Beware of Phishing Attacks – Always be vigilant to avoid phishing attempts. Do not click on links from people you don’t know, or that seem out of character from your trusted contacts and companies. Take a look at our phishing primer. We’ll provide further updates on the patch once complete. Source Link to comment Share on other sites More sharing options...
psyko666 Posted March 27, 2017 Author Share Posted March 27, 2017 Ouch.. that hurts Link to comment Share on other sites More sharing options...
Administrator DKT27 Posted March 28, 2017 Administrator Share Posted March 28, 2017 Thread moved to Security and Privacy News. Those who do not know, this seems to be the official response to the issue mentioned here. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.