lastpass_notification

LastPass the popular single-sign-on and password management service could allow attackers to fully compromise user accounts. The flaw was discovered by researcher, Sean Cassidy. Cassidy calls this attack “LostPass.” In Cassidy’s blog post he explains that the vulnerability he discovered allows attackers to trick LastPass users into thinking that while online, they were automatically logged out of the platform and then direct them to what appears to be LastPass login page. That’s where the attack begins, users will essentially log back in without realizing they just handed over their log in credentials to the hackers. Cassidy updated his blog saying, “LastPass now requires email confirmation for all logins from new IPs”.  For the full article, click here