Security Alerts & News
by Tymoteusz A. Góral

History
#2164 Potent LastPass exploit underscores the dark side of password managers
Developers of the widely used LastPass password manager are scrambling to fix a serious vulnerability that makes it possible for malicious websites to steal user passcodes and in some cases execute malicious code on computers running the program.

The flaw, which affects the latest version of the LastPass browser extension, was briefly described on Saturday by Tavis Ormandy, a researcher with Google's Project Zero vulnerability reporting team. When people have the LastPass binary running, the vulnerability allows malicious websites to execute code of their choice. Even when the binary isn't present, the flaw can be exploited in a way that lets malicious sites steal passwords from the protected LastPass vault. Ormandy said he developed a proof-of-concept exploit and sent it to LastPass officials. Developers now have three months to patch the hole before Project Zero discloses technical details.
Read more
#2167 Microsoft quietly patched Windows 0day used in attacks by Zirconium group
#2166 PyCL ransomware delivered via RIG EK in distribution test
#2165 One of the most dangerous forms of ransomware has just evolved to be harder to spot
#2164 Potent LastPass exploit underscores the dark side of password managers
#2163 Humbled malware author leaks his own source code to regain community's trust
#2162 Security? What security? Four million data records are stolen or lost every day
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12