TechnologyLastPass fixes a major exploit

21:41  16 september  2019
21:41  16 september  2019 Source:   cnet.com

Don’t be an idiot — here’s how to store and remember all your passwords

Don’t be an idiot — here’s how to store and remember all your passwords We’ve produced a guide on how to securely store and remember all your passwords using password managers including LastPass and 1Password.

Password manager LastPass had an exploit that could be abused to reveal a user's credentials. The company has fixed the issue in its latest update, according to a blog post Monday. The problem was first found in late August by Tavis Ormandy, a security researcher from Google's Project Zero, a team dedicated to finding exploits that can be abused by hackers.

LastPass fixes a major exploit© Provided by CBS Interactive Inc. LastPass is safe once again. Sarah Tew/CNET

For a hacker to take advantage of the bug, victims would have to be using the Chrome or Opera browser with the LastPass extension and then enter their password multiple times on a fake website. After several attempts, the fake site would allow a hacker to see the user's LastPass credentials used on a previous site. Once the exploit was discovered, Ormandy informed LastPass of the issue.

Apple re-fixes a bug that let users jailbreak iPhones

Apple re-fixes a bug that let users jailbreak iPhones Apple fixed a vulnerability that temporarily allowed hackers to jailbreak iPhones. The bug was first fixed in iOS 12.3 but reintroduced in iOS 12.4. Hackers discovered the flaw earlier this month and shared a free public jailbreak just for the fun of it. Today, Apple released iOS 12.4.1, which should take care of the vulnerability once and for all. This current update fixes a kernel vulnerability that would have allowed an attacker to "execute arbitrary code with system privileges" on an iPhone or iPad. Apple also mentioned Pwn20wnd, the hacker that released the public jailbreak.

LastPass fixes a major exploit© CNET

LastPass is safe once again.

LastPass v4.33.0 went live for all browsers on Friday and contains the fix for the bug. The company says no user action is required because the LastPass browser extension will update automatically.

Read More

Intel fixes CPU security flaw it said was patched in May .
It turns out that Intel's CPU security fixes from May didn't address everything the company mentioned. Intel is rolling out another patch that does more to close the speculative execution flaws that could let attackers swipe passwords and other sensitive info. The mitigations in the patch should "substantively reduce" the possibility of an attack, Intel said. This still doesn't fully resolve the problem, but Intel is promising future CPU-level microcode fixes. There's a larger concern over how Intel has handled these vulnerabilities in the first place, however.

—   Share news in the SOC. Networks

Topical videos:

usr: 1
This is interesting!