Small Businesses Urged to Update LastPass – NCSC

In the latest weekly update from the National Cyber Security Centre (NCSC) on the 20th September, users are urged to update their LastPass password manager with the latest patch.

Used widely by small businesses and individuals, LastPass is one of the leading password managers worldwide. The released update resolves a credentials vulnerability that exposed credentials previously entered on a previously visited website. The fix in version 4.33.0 was released last week and users are urged to update to this version as soon as possible, particularly for those using Chrome and Opera browser extensions.

The identified bug relied on executing malicious Javascript code with no user interaction required. This means an attacker could potentially pull users to a malicious webpage and exploit the vulnerability to extract the credentials which users had used on a previously visited website.

Password managers are widely recommended to help users to securely store their passwords, so you don’t have to remember them all, or to be able to use more secure, encrypted passwords easily. Weak and shared passwords are a common security vulnerability for users in small businesses and in their home lives.

For further information on keeping your small business secure, the NCSC regularly publishes advice for small businesses on its website and publishes latest news to follow on LinkedIn.

The NCSC has also published an article which outlines the benefits of using a Password Manager and how to protect it. Users should also consider enabling automatic updates for password manager like LastPass. This is good practice for all apps and software you have installed on your devices.