#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

KeePass | Breaking Cybersecurity News | The Hacker News

Category — KeePass
KeePass Exploit Allows Attackers to Recover Master Passwords from Memory

KeePass Exploit Allows Attackers to Recover Master Passwords from Memory

May 22, 2023 Password Security / Exploit
A proof-of-concept (PoC) has been made available for a security flaw impacting the KeePass password manager that could be exploited to recover a victim's master password in cleartext under specific circumstances. The issue, tracked as  CVE-2023-32784 , impacts KeePass versions 2.x for Windows, Linux, and macOS, and is  expected to be patched  in version 2.54, which is likely to be released early next month. "Apart from the first password character, it is mostly able to recover the password in plaintext," security researcher "vdohney," who discovered the flaw and devised a PoC,  said . "No code execution on the target system is required, just a memory dump." "It doesn't matter where the memory comes from," the researcher added, stating, "it doesn't matter whether or not the workspace is locked. It is also possible to dump the password from RAM after KeePass is no longer running, although the chance of that working goes down w...
Hackers Using Rogue Versions of KeePass and SolarWinds Software to Distribute RomCom RAT

Hackers Using Rogue Versions of KeePass and SolarWinds Software to Distribute RomCom RAT

Nov 03, 2022
The operators of RomCom RAT malware are continuing to evolve their campaigns by distributing rogue versions of software such as SolarWinds Network Performance Monitor, KeePass password manager, and PDF Reader Pro via fake copycat websites. Targets of the operation consist of victims in Ukraine and select English-speaking countries like the U.K. To be noted, the malicious software in question is not related to any product developed or released by SolarWinds, and is instead an unlicensed, "cracked" version of an old product. "Given the geography of the targets and the current geopolitical situation, it's unlikely that the RomCom RAT threat actor is cybercrime-motivated," the BlackBerry Threat Research and Intelligence Team  said  in a new analysis. The latest findings  come  a week after the Canadian cybersecurity company disclosed a spear-phishing campaign aimed at Ukrainian entities to deploy a remote access trojan called RomCom RAT. The unknown threat ac...
Want to Grow Vulnerability Management into Exposure Management? Start Here!

Want to Grow Vulnerability Management into Exposure Management? Start Here!

Dec 05, 2024Attack Surface / Exposure Management
Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...
Expert Insights / Articles Videos
Cybersecurity Resources