Notification
  • Unity Software Announces Significant Workforce Reduction in Restructuring Effort
    Key Takeaways! Unity Software announced a 25% workforce reduction, with approximately 1,800 employees set to be laid off, as part of a broader corporate restructuring plan.The company stated its inability to accurately estimate the costs and charges related to the layoffs, anticipating these expenses to be incurred substantially in the first quarter of 2024. In October, Unity's CEO, John Riccitiello, retired, leading to former Red Hat CEO James Whitehurst taking…
  • Microsoft Enhances Windows Copilot with "Add a Screenshot" Feature for Intuitive Assistance
    Microsoft is gearing up to transform the functionality of Windows Copilot by introducing a new feature called "Add a Screenshot." Although Windows Copilot is currently relatively modest in its offerings, this update is expected to significantly enhance its capabilities.source: MicrosoftThe "Add a Screenshot" feature enables users to capture their screen and prompt the AI to provide explanations or insights. This feature, now rolling out to the general public, adds a new button to the Copilot…
  • Xiaomi Redmi Note 13 5G European Pricing and Specifications oozed Following Indian Launch
    After its recent official unveiling in India, the Xiaomi Redmi Note 13 5G has now had its European pricing details exposed online. Xiaomi has introduced two versions of the Redmi Note 13 5G, each with slight variations in specifications. Both models share core features, including 120 Hz and 1080p AMOLED displays, along with a robust 5,000 mAh battery supporting 33 W wired charging.Key specifications encompass the integration of the Dimensity 6080, a 6 nm, octa-core chipset unveiled by MediaTek…
  • Samsung Expands The Frame Series with Innovative Music Frame
    In recent years, Samsung's The Frame TV has gained immense popularity for seamlessly integrating into home décor, diverging from the conventional black rectangles associated with traditional TVs. Recognized for its customizable bezels, matte screen, and an extensive collection of artwork showcased when idle, The Frame TV appeals to those seeking a TV that functions as a design piece rather than a technological eyesore.Source : SamsungIn a strategic move for 2024, Samsung is diversifying The…
  • EaseMyTrip Halts Maldives Flight Bookings in Solidarity with India
    New Delhi-based online travel company, EaseMyTrip, has taken a decisive step in support of India amid escalating tensions. The CEO, Nishant Pitti, announced on social media that EaseMyTrip has temporarily suspended all flight bookings to the Maldives. This move comes in response to derogatory remarks made by some now-suspended ministers against India and Prime Minister Narendra Modi following his recent visit to Lakshadweep.Nishant Pitti shared the company's stance on social media, stating, “In…
  • Legal experts contend that fossil fuel companies should face manslaughter charges for the deaths caused by climate change.
    Should fossil fuel companies face homicide charges for their contributions to climate change? That’s the question explored in a paper set to be published in the Harvard Environmental Law Review next year. Oil and gas companies have faced a wave of litigation in recent years, typically over greenwashing and fraud. In February, environmental law charity ClientEarth even personally sued Shell’s board of directors over their alleged failure to properly manage risks associated with the…
  • Get Off My Computer! Windows Should Not Display Tabloid News
    Did you know that pigs eat humans(opens in new tab) “far more often than people expect?” If not, surely you must have heard the important, breaking news that a priest “died” in 2016, went to Hell(opens in new tab) briefly and returned to inform the rest of us that demons like to play Rhianna’s Umbrella song over and over again. If you aren’t aware of these important news stories then maybe you haven’t been spending enough time using Windows’ search box and widgets section, which at least…
  • Use your social skills on this World Happiness Day.
     The United Nations designated March 20 as the International Day of Happiness in 2012, and it is celebrated worldwide every year. Although happiness is subjective, it generally refers to a state of contentment, satisfaction, and fulfilment. The theme of International Day of Happiness for this year has been kept as "Be Mindful, Be Grateful, Be Kind." According to psychology, happiness is an emotional state that individuals may experience either in a narrow sense, such as when good…
  • Rajesh Gopinathan unexpectedly resigns, and TCS selects K Krithivasan as its new CEO designate.
        K Krithivasan is set to become the next CEO of Tata Consultancy Services (TCS), India's largest IT services company. He will succeed Rajesh Gopinathan, who unexpectedly resigned as chief executive and managing director on Thursday. The board appointed Krithivasan as CEO-designate with effect from March 16. He will take over as CEO and managing director in the next financial year, subject to shareholder approval. The effective date of his succession will be intimated in…
  • Samsung launches its 5G Galaxy A54 and Galaxy A34 in India.
    Samsung has added two new smartphones, the Galaxy A54 5G and Galaxy A34 5G, to its A-series lineup in India. The devices were introduced in select global markets on Wednesday (March 15) and will be available for purchase in India starting from March 28. These models are equipped with Super AMOLED displays that offer a 120Hz refresh rate and are powered by octa-core processors, although the specific model names have not been disclosed. Both smartphones run on Android 13 and have the new One…
Top 10 to Buy
Home Privacy Technology

LastPass Shouldn't Be Trusted With Your Passwords

Ironslam
Ironslam
2 min read

Vice

LastPass, the popular password manager, is out of good will. Ever since the company first disclosed a breach in August, it has slowly provided consumers with drips of information, and the new details that do come out increasingly paint a picture of a company that should not be trusted with your passwords.

IMAGE: SOPA IMAGES/CONTRIBUTOR


On Monday, LastPass published a blog post which provided more information on that breach, which it is now calling “Incident 2,” because the hacker leveraged its initial access to then steal data. “Our investigation has revealed that the threat actor pivoted from the first incident, which ended on August 12, 2022, but was actively engaged in a new series of reconnaissance, enumeration, and exfiltration activities,” LastPass wrote.

The hackers managed to access LastPass’ corporate vault by targeting the home computer of one of four engineers who had access to decryption keys needed to access cloud data storage where sensitive information was kept. The hackers did this by exploiting a vulnerability in a third-party media software package, which Ars Technica later reported to be Plex. From here, the hacker installed a keylogger, captured the engineer’s master password, bypassed the company’s multi-factor authentication protections, and accessed the corporate vault. In there, the hacker stole the keys needed to access “LastPass production backups, other cloud-based storage resources, and some related critical database backups,” the blog reads.

The post shows that the hacker against LastPass was resourceful and persistent, but also that LastPass was not treating its own crown jewels with the serious security practices it should have. A LastPass engineer was accessing critical services from their home computer and network. LastPass had difficulty distinguishing between the activity of the worker and that of the hacker. The sensitive information—in this case, customers’ password vaults that need the user’s master password to decrypt but could theoretically be brute forced at some point—were stored less in a bank vault and more in a closet.

Read More

CyberNews

LastPass is a great password manager. It has a simple and secure interface, strong encryption, and a host of useful features like password sharing, two-factor authentication, and digital legacy. However, LastPass is not without its drawbacks. For instance, it has been recently hacked, and encrypted user data was acquired by threat actors. 

Additionally, LastPass does not offer the same level of control over your data as some other password managers, and some users have reported that the service can be slow and unreliable at times. If you’re looking for a more trustworthy provider that has never been breached, then NordPass might be the better choice for you.

A 2022 LastPass incident happened in August 2022. The company's source code was accessed through a compromised developer account. However, no vault data or master passwords were compromised and users weren't asked to take any further action. This can be seen as a positive – despite the scale of the attack, the overall damage was minimal. 

However, not even 5 months later, another LastPass breach occurred. This time, a threat actor used information obtained in the August breach to gain access to internal LastPass systems. User details such as email addresses, telephone numbers, and IP addresses were exposed. LastPass also disclosed that the hacker also was able to obtain a copy of an encrypted backup of the user passwords, website usernames, and form-filling data. 

The passwords remain safe unless the hacker can crack the encryption. However, among the exfiltrated information, were unencrypted URLs, which may or may not include sensitive data such as account tokens and API keys and credentials.

Read More

Privacy Technology
Join the conversation
Post a Comment
Please do not comment any spam link.