Web-based Password Manager | Breaking Cybersecurity News | The Hacker News

Security researchers have uncovered how marketing companies have started exploiting an 11-year-old bug in browsers' built-in password managers, which allow them to secretly steal your email address for targeted advertising across different browsers and devices. The major concern is that the same loophole could allow malicious actors to steal your saved usernames and passwords from browsers without requiring your interaction. Every modern browser—Google Chrome, Mozilla Firefox, Opera or Microsoft Edge—today comes with a built-in easy-to-use password manager tool that allows you to save your login information for automatic form-filling. These browser-based password managers are designed for convenience, as they automatically detect login form on a webpage and fill-in the saved credentials accordingly. However, a team of researchers from Princeton's Center for Information Technology Policy has discovered that at least two marketing companies, AdThink and OnAudience, a...

A critical zero-day flaw has been discovered in the popular cloud password manager LastPass that could allow any remote attacker to compromise your account completely. LastPass is one of the best password manager that also available as a browser extension that automatically fills credentials for you. All you need is to remember one master password to unlock all other passwords of your different online accounts, making it much easier for you to use unique passwords for different sites. However, the password manager isn't as secure as it promises. Also Read:  Popular Password Managers Are Not As Secure As You Think Google Project Zero Hacker Tavis Ormandy discovered several security issues in the software that allowed him to steal passwords stored with LastPass. " Are people really using this LastPass thing? I took a quick look and can see a bunch of obvious critical problems. I'll send a report asap ," Ormandy revealed on Twitter . Once compromise a v...

In today's rapidly evolving threat landscape, safeguarding your organization against cyberattacks is more critical than ever. Traditional penetration testing (pentesting), while effective, often falls short due to its high costs, resource requirements, and infrequent implementation. Automated internal and external network pentesting is a game-changing solution, empowering organizations to stay ahead of attackers with cost-effective, frequent, and thorough security assessments. Strengthen Your Defenses: The Role of Internal and External Pentests  Effective cybersecurity requires addressing threats from both inside and outside your organization. Automated solutions streamline this process, enabling IT teams to implement a holistic and proactive defense strategy. Internal Pentesting: Securing the Core Internal pentesting simulates an attacker operating within your network, exposing vulnerabilities such as insider threats, compromised credentials, or breaches through physical or ...

Just few days ago, we reported about two critical vulnerability in mobile version of the most popular password manager application from a popular Password management company RoboForm , which manages your passwords for different websites. Now, researchers have published a detailed explanation on the security vulnerabilities discovered in five different and popular password managers , including RoboForm, that could allow cybercriminals to grab your credentials. The serious security holes were found and reported by the University of California Berkeley researchers named: Zhiwei Li, Warren He, Devdatta Akhawe and Dawn Song . The critical vulnerabilities were discovered in the popular password managers that includes RoboForm, LastPass, My1Login, PasswordBox and NeedMyPassword . " Our attacks are severe: in four out of the five password managers we studied, an attacker can learn a user's credentials for arbitrary websites, " Researchers wrote in the paper (PDF) tit...