Security Alerts & News
by Tymoteusz A. Góral

History
#1220 LastPass unpatched zero-day vulnerability gives hackers access to your account
A dangerous, previously unknown security vulnerability has been discovered in LastPass which permits attackers to remotely compromise user accounts.

LastPass is a password vault which pulls user passwords from a secure area and auto fills credentials for you. The system uses AES-256 bit encryption with PBKDF2 SHA-256 and salted hashes to protect the valuable data stored within, but according to Google Project Zero hacker Tavis Ormandy, the software contains a "bunch of critical problems" which could put user accounts at risk.

On Tuesday, the white hat researcher revealed on Twitter that he was exploring LastPass security, claiming that it only took a "quick look" to find "obvious" security problems.
Read more
#1225 If you get caught using a VPN in the UAE, you'll face fines of up to $545,000
#1224 Protecting Android with more Linux kernel defenses
#1223 Parental control software for Windows put to the test
#1222 Telegram app vuln recorded anything macOS users pasted—even in secret
#1221 LastPass: design flaw in communication between privileged and unprivileged components
#1220 LastPass unpatched zero-day vulnerability gives hackers access to your account
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12