1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

LastPass phishing attack could have scooped up passwords

Discussion in 'Network World' started by RSS, Jan 18, 2016.

  1. RSS

    RSS New Member Member

    A relatively simple phishing attack could be used to compromise the widely used password manager LastPass, according to new research.

    Notifications displayed by LastPass version 4.0 in a browser window can be spoofed, tricking people into divulging their login credentials and even snatching a one-time passcode, according to Sean Cassidy, who gave a presentation at the Shmoocon conference on Saturday.

    Cassidy, who is CTO of Praesido Inc., notified LastPass of the issues. In a blog post, LastPass said it has made improvements that should make such an attack harder to pull off without a user knowing.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page