A relatively simple phishing attack could be used to compromise the widely used password manager LastPass, according to new research.
Notifications displayed by LastPass version 4.0 in a browser window can be spoofed, tricking people into divulging their login credentials and even snatching a one-time passcode, according to Sean Cassidy, who gave a presentation at the Shmoocon conference on Saturday.
Leave a reply
