The News: LastPass security bug fix has been released, and users of the popular password manager should update now. The LastPass security bug was discovered and reported by Project Zero’s Travis Ormandy, part of Google’s elite security and bug-hunting team. The LastPass security bug could possibly have revealed credentials entered by users on sites previously visited. To be safe, users should make sure they have installed and are running the most current version of the LastPass password manager. Read more at ZDNet.
LastPass Security Bug Fix Released
Analyst Take: Security breaches, or vulnerabilities, are discovered on a daily basis. The good news about the LastPass vulnerability is that it was a bug and reported fixed by LastPass on September 12th — and, more importantly, there is no evidence of or reason to fear the bug was discovered and exploited in the wild.
According to the company, the bug discovered by Project Zero could be used to potentially lure visitors to fill a password via LastPass, but then would take them to a compromised site and trick the user into an action that would reveal credentials from the site previously visited.
It’s important to note that this bug was limited to Google’s Chrome and Microsoft’s Opera browsers, but that the fix developed by LastPass was sent to all browsers.
Next Steps for LastPass Users
While the company pushed an update live to all browsers on Friday of last week, it makes sense to be cautious. If you’re a LastPass user, it would be a good idea to not rely on auto updates to your browser extensions, but instead to check that you are running version 4.33.0, which is the update issued on September 12, 2019.
Beyond this bug discover, this is a good reminder for all that security breaches are an omnipresent threat to businesses of all sizes. Using a password manager should be SOP for all businesses today. A password manager, for business or for personal use, combined with multifactor authentication protocols on top of a password manager, is one of the safest routes to keeping your data, business and personal, protected.
The second most important thing you can do as it relates to security breaches: Regular and ongoing employee security awareness training.
Futurum Research provides industry research and analysis. These columns are for educational purposes only and should not be considered in any way investment advice.
Photo Credit: ZDNet
Read more analysis from Futurum Research:
Shelly Kramer is a Principal Analyst and Founding Partner at Futurum Research. A serial entrepreneur with a technology centric focus, she has worked alongside some of the world’s largest brands to embrace disruption and spur innovation, understand and address the realities of the connected customer, and help navigate the process of digital transformation. She brings 20 years' experience as a brand strategist to her work at Futurum, and has deep experience helping global companies with marketing challenges, GTM strategies, messaging develoment, and driving strategy and digital transformation for B2B brands across multiple verticals. Shelly's coverage areas include Collaboration/CX/SaaS, platforms, ESG, and Cybersecurity, as well as topics and trends related to the Future of Work, the transformation of the workplace and how people and technology are driving that transformation. A transplanted New Yorker, she has learned to love life in the Midwest, and has firsthand experience that some of the most innovative minds and most successful companies in the world also happen to live in “flyover country.”