A security researcher revealed that some password manager browser extensions are vulnerable to clickjacking attacks that can steal sensitive data, but desktop and mobile apps are not affected. Several password managers have issued patches or are working on fixes, and users are advised to update their software, disable auto-fill, or use desktop/mobile versions to stay safe. Good cybersecurity practices, like avoiding suspicious links and using VPNs and antivirus software, are also recommended.
Several top password managers, including 1Password, Bitwarden, and LastPass, have been found vulnerable to a clickjacking flaw that allows hackers to steal login credentials, 2FA codes, and credit card information by overlaying invisible HTML elements, with all tested managers susceptible to at least one attack method. Users are advised to update their software and disable autofill until patches are released.
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a clickjacking threat in popular browsers, specifically Mozilla's Firefox and Thunderbird. Clickjacking is a technique where a malicious website tricks users into clicking on something different from what they intended, potentially leading to unauthorized control over affected systems. CISA advises users and administrators to update their browsers and follow basic cybersecurity practices, such as being cautious of permission prompts and regularly backing up data. Staying informed and vigilant is crucial to protecting against cyber threats, especially during the holiday season.
