A security researcher called Tavis Ormandy found a zero day affecting LastPass, a popular password vault, meaning millions of users may be at risk until the problem is patched. Security experts from Lieberman Software and AlienVault commented below:
Jonathan Sander, VP of Product Strategy at Lieberman Software:
“One thing that’s interesting about the LastPass zero-day hole is that it proves they are likely using a good dose of their own medicine. LastPass is about protecting credentials. Nearly every story you see hitting the headlines and bad guys breaking in these days involves some form of stolen credentials. If that was the issue at LastPass, then it would be very bad. However, a zero-day hole like this is something that pops up in nearly every piece of software eventually – especially one as widely used and distributed as LastPass. It only means they are not perfect, but really who is?”
Javvad Malik, Security Advocate at AlienVault:
“History has shown us, no software, not even password managers are immune to security attacks. While the details of this particular bug are unknown, it does appear it requires a user to visit a malicious website in order to be executed. Part of the defenses includes users remaining vigilant and not clicking on unknown or suspect links as this could enable any number of exploits to be launched.
“Furthermore, monitoring password use, logins, and attempted change of details can serve as good early indicators that attempts have been made to compromise an account – so proactive action can be taken.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
Recent Comments
Chat systems such as Slack and Teams need to be…
“This is a sophisticated phishing scam that will catch out…
“Cybersecurity is increasingly complex, in part, due to the interconnected…
“Unfortunately, time and time again we see NGOs, hospitals and…
As I have always said - it is verified trust…