Security News

In this comparison between Bitwarden and LastPass, we explore their features, security, ease of use and pricing. Find out which password manager is best for you.

Keeper and LastPass are some of the best password managers on the market, each offering advanced data protection and security features. Compare the two with our in-depth comparison guide before you buy.

Hackers have stolen $4.4 million in cryptocurrency on October 25th using private keys and passphrases stored in stolen LastPass databases, according to research by crypto fraud researchers who have been researching similar incidents. According to a tweet by ZachXBT on X, the threat actors stole $4.4 million from 25+ victims due to a LastPass breach in 2022.

Remember last November, when hackers broke into the network for LastPass-a password database-and stole password vaults with both encrypted and plaintext data for over 25 million users? Well, they're now using that data break into crypto wallets and drain them: $35 million and counting, all going into a single wallet.

LastPass password manager users have been experiencing significant login issues starting early May after being prompted to reset their authenticator apps. Since then, numerous users have been locked out of their accounts and unable to access their LastPass vault, even after successfully resetting their MFA applications.

CISA has added an almost three-year-old high-severity remote code execution vulnerability in the Plex Media Server to its catalog of security flaws exploited in attacks. Attackers with "Admin access to a Plex Media Server could abuse the Camera Upload feature to make the server execute malicious code," according to an advisory published by the Plex Security Team in May 2020 when it patched the bug with the release of Plex Media Server 1.19.3.

The massive breach at LastPass was the result of one of its engineers failing to update Plex on their home computer, in what's a sobering reminder of the dangers of failing to keep software up-to-date. The embattled password management service last week revealed how unidentified actors leveraged information stolen from an earlier incident that took place prior to August 12, 2022, along with details "Available from a third-party data breach and a vulnerability in a third-party media software package to launch a coordinated second attack" between August and October 2022.

5 open source Burp Suite penetration testing extensions you should check outWhen it comes to assessing the security of computer systems, penetration testing tools are critical for identifying vulnerabilities that attackers may exploit. LastPass breach: Hacker accessed corporate vault by compromising senior developer's home PCLastPass is, once again, telling customers about a security incident related to the August 2022 breach of its development environment and subsequent unauthorized access to the company's third-party cloud storage service that hosted backups.

"The threat actor was able to capture the employee's master password as it was entered after the employee authenticated with MFA and gained access to the DevOps engineer's LastPass corporate vault," detailed the company´s recent security incident report. LastPass issued recommendations for affected users and businesses in two security bulletins.

There's no date on the update, but as far as we can make out, LastPass just [2023-02-27] published a short document entitled Incident 2 - Additional details of the attack. As you probably remember, because the bad news broke just before the Christmas holiday season in December 2022, LastPass suffered what's known in the jargon as a lateral movement attack.