LastPass phishing attack could have scooped up passwords

The simple attack shows how software needs to be more phishing resistant.
By Jeremy Kirk
A relatively simple phishing attack could be used to compromise the widely used password manager LastPass, according to new research.
Notifications displayed by LastPass version 4.0 in a browser window can be spoofed, tricking people into divulging their login credentials and even snatching a one-time passcode, according to Sean Cassidy, who gave a presentation at the Shmoocon conference on Saturday.
To read the entire article, please click here.