Security News

LastPass is warning about an ongoing campaign where scammers are writing reviews for its Chrome extension to promote a fake customer support phone number. However, this phone number is part of a...

LastPass’ recent data breaches make it hard to recommend as a viable password manager in 2024. Learn more in our full review below.

Looking for LastPass alternatives? Check out our list of the top password managers that offer secure and convenient options for managing your passwords.

Keeper and LastPass have similar pricing for their individual subscriptions - with Keeper Personal at $2.92 per month and LastPass Premium at $3 per month, both billed annually. In their premium versions, Keeper and LastPass also offer unlimited device access, password sharing and priority 24/7 customer support.

LastPass says its almost 12-hour outage yesterday was caused by a bad update to its Google Chrome extension. The impact did not go unnoticed, with LastPass customers venting their frustration on Reddit and Twitter about the outage and their inability to retrieve their saved credentials and log in to sites.

LastPass announced it will start encrypting URLs stored in user vaults for enhanced privacy and protection against data breaches and unauthorized access. With most of the hardware performance constraints of the past now having been lifted, LastPass can now start encrypting/decrypting those URL values on the fly without the user noticing any hiccups in browser performance while enjoying ultimate data security.

The CryptoChameleon phishing kit is being leveraged by vishing attackers looking to trick LastPass users into sharing their master password. "Initially, we learned of a new parked domain and immediately marked the website for monitoring should it go live and start serving a phishing site intended to imitate our login page or something similar. Once we identified that this site went active and was being used in a phishing campaign against our customers, we worked with our vendor to take down the site," LastPass intelligence analyst Mike Kosak explained.

LastPass is warning of a malicious campaign targeting its users with the CryptoChameleon phishing kit that is associated with cryptocurrency theft. According to researchers at mobile security company Lookout, campaigns using this phishing kit also targeted cryptocurrency platforms Binance, Coinbase, Kraken, and Gemini, using pages that impersonated Okta, Gmail, iCloud, Outlook, Twitter, Yahoo, and AOL. During its investigations, LastPass discovered that its service was recently added to the CryptoChameleon kit, and a phishing site was hosted at at the "Help-lastpass[.]com" domain.

LastPass revealed this week that threat actors targeted one of its employees in a voice phishing attack, using deepfake audio to impersonate Karim Toubba, the company's Chief Executive Officer. While 25% of people have been on the receiving end of an AI voice impersonation scam or know someone who has, according to a recent global study, the LastPass employee didn't fall for it because the attacker used WhatsApp, which is a very uncommon business channel.

Recently, LastPass appointed Asad Siddiqui as its CIO. He brings over two decades of experience leading startups and large technology organizations. A top challenge for CIOs is cybersecurity and privacy, ensuring that we keep ahead of bad actors as they continue to adjust their attack methods and protect vast amounts of data while adhering to strict privacy regulations such as GDPR and CCPA. In addition to cybersecurity, AI, data management, and governance, we are driving digital transformation and innovation, controlling SaaS sprawl and spending, and recruiting and retaining skilled IT professionals, all of which present significant challenges for CIOs.