Microchip Technology Boosts Q3 Outlook on Strong Bookings Momentum 
Australia Moves Forward With Teen Social Media Ban as Platforms Begin Lockouts 
Coupang Apologizes After Massive Data Breach Affecting 33.7 Million Users 
Sam Altman Reportedly Explored Funding for Rocket Venture in Potential Challenge to SpaceX 
Apple Appoints Amar Subramanya as New Vice President of AI Amid Push to Accelerate Innovation 
Australia Releases New National AI Plan, Opts for Existing Laws to Manage Risks 
Samsung Launches Galaxy Z TriFold to Elevate Its Position in the Foldable Smartphone Market 
Amazon and Google Launch New Multicloud Networking Service to Boost High-Speed Cloud Connectivity 
Senate Sets December 8 Vote on Trump’s NASA Nominee Jared Isaacman 
AI-Guided Drones Transform Ukraine’s Battlefield Strategy 
Hikvision Challenges FCC Rule Tightening Restrictions on Chinese Telecom Equipment 
SpaceX CEO Elon Musk Denies Reports of $800 Billion Valuation Fundraise 
Apple Alerts EU Regulators That Apple Ads and Maps Meet DMA Gatekeeper Thresholds 
YouTube Agrees to Follow Australia’s New Under-16 Social Media Ban 
OpenAI Moves to Acquire Neptune as It Expands AI Training Capabilities 
Firelight Launches as First XRP Staking Platform on Flare, Introduces DeFi Cover Feature 
Intel Boosts Malaysia Operations with Additional RM860 Million Investment 
LastPass is one of the most crucial internet services in the market right now because it serves a critical purpose: saving passwords that no one can be bothered to remember. Due to the nature of its services, LastPass takes its security very seriously. The tech entity managed to head off what would have been a security disaster by addressing two serious vulnerabilities. This would have put LogMeIn’s $110 million investment in the service in 2015 in a much darker light.
Before LastPass users panic, the company is assuring everyone that no hackers managed to find these vulnerabilities in time to actually take advantage of them, PC Mag reports. If they had, it would have compromised users of Chrome and Edge, as well as users of older versions of Mozilla Firefox.
The vulnerabilities themselves are tied to the browser extensions that are used for the ones mentioned above. They were discovered by Tavis Ormandy, a Google researcher earlier this March and notified LastPass, which gave the company enough time to actually patch it up.
LastPass provided more details regarding the vulnerabilities that it fixed in a blog post. The piece is relatively long, but the gist of it is that the holes have been filled, mobile versions of the services were not affected, and none of the credentials were stolen.
“To exploit the reported vulnerabilities, an attacker would first lure a user to a malicious website,” LastPass explained in the post if hackers had actually got wind of the vulnerability. “Once on a malicious website, Tavis demonstrated how an attacker could make calls into LastPass APIs, or in some cases run arbitrary code, while appearing as a trusted party. Doing so would allow the attacker to potentially retrieve and expose information from the LastPass account, such as user’s login credentials.”
LastPass was acquired by LogMeIn in 2015 in a bid to move into the cyber security space. If the password storage service had failed to fix the two vulnerabilities, the ensuing debacle would have made the hefty price tag paid at the time even heavier.
