The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Most Trusted Cyber Security and Computer Security Analysis: password manager

Hackers Had Access to LastPass's Development Systems for Four Days

Hackers Had Access to LastPass's Development Systems for Four Days

September 17, 2022Ravie Lakshmanan
Password management solution LastPass shared more details pertaining to the security incident last month, disclosing that the threat actor had access to its systems for a four-day period in August 2022. "There is no evidence of any threat actor activity beyond the established timeline," LastPass CEO Karim Toubba  said  in an update shared on September 15, adding, "there is no evidence that this incident involved any access to customer data or encrypted password vaults." LastPass in late August  revealed  that a breach targeting its development environment resulted in the theft of some of its source code and technical information, although no further specifics were offered. The company, which said it completed the probe into the hack in partnership with incident response firm Mandiant, noted the access was achieved using a developer's compromised endpoint. While the exact method of initial entry remains "inconclusive," LastPass noted the adversary
Hackers Breach LastPass Developer System to Steal Source Code

Hackers Breach LastPass Developer System to Steal Source Code

August 26, 2022Ravie Lakshmanan
Password management service LastPass confirmed a security incident that resulted in the theft of certain source code and technical information. The security breach is said to have occurred two weeks ago, targeting its development environment. No customer data or encrypted passwords were accessed, although the company provided no further details regarding the hack and what source code was stolen. "An unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information," LastPass CEO Karim Toubba  said . Amidst ongoing investigation into the incident, the company said it has engaged the services of a leading cybersecurity and forensics firm and that it has implemented additional countermeasures. LastPass, however, didn't elaborate on the exact mitigation techniques that it used to strengthen its environment. It also reiterated that the
Stop Putting Your Accounts At Risk, and Start Using a Password Manager

Stop Putting Your Accounts At Risk, and Start Using a Password Manager

July 30, 2022The Hacker News
Image via Keeper Right Now, Get 50% Off Keeper, the Most Trusted Name in Password Management. In one way or another, almost every aspect of our lives is online, so it's no surprise that hackers target everything from email accounts to banks to smart home devices, looking for vulnerabilities to exploit. One of the easiest exploits is cracking a weak password. That's why using a strong, unique password for each individual account is so important. But creating and remembering strong, unique passwords for dozens of accounts is nearly impossible – unless you're using  a top-rated password manager like Keeper . The Problem With Weak Passwords Image via Keeper A strong password  should  be a minimum of 12 characters long, with uppercase and lowercase letters, numbers, and one or more special characters. More importantly, it shouldn't contain dictionary words or personal information like birthdays or names. But the average American has  100 passwords . Maybe that's why  66%  of people in
Google Improves Its Password Manager to Boost Security Across All Platforms

Google Improves Its Password Manager to Boost Security Across All Platforms

July 01, 2022Ravie Lakshmanan
Google on Thursday announced a slew of improvements to its  password manager  service aimed at creating a more consistent look and feel across different platforms. Central to the changes is a "simplified and unified management experience that's the same in Chrome and Android settings," Ali Sarraf, Google Chrome product manager,  said  in a blog post. The updates are also expected to automatically group multiple passwords for the same sites as well as introduce an option to manually add passwords. Although Google appears to be not ready yet to make Password Manager as a standalone app, users on Android can now add a shortcut to it on the homescreen. In a related change on iOS, should users opt for Chrome as the  default autofill provider , Password Manager now comes with the ability to generate unique, strong passwords. The built-in Password Checkup feature on Android is receiving an upgrade of its own too. Beyond checking for hacked credentials, it can further hig
Passwordstate Password Manager Update Hijacked to Install Backdoor on Thousands of PCs

Passwordstate Password Manager Update Hijacked to Install Backdoor on Thousands of PCs

April 24, 2021Ravie Lakshmanan
Click Studios, the Australian software company behind the Passwordstate password management application, has notified customers to reset their passwords following a supply chain attack. The Adelaide-based firm said a bad actor used sophisticated techniques to compromise the software's update mechanism and used it to drop malware on user computers. The breach is said to have occurred between April 20, 8:33 PM UTC, and April 22, 0:30 AM UTC, for a total period of about 28 hours. "Only customers that performed In-Place Upgrades between the times stated above are believed to be affected," the company  said  in an advisory. "Manual Upgrades of Passwordstate are not compromised. Affected customers password records may have been harvested." The development was first reported by the Polish tech news site  Niebezpiecznik . It's not immediately clear who the attackers are or how they compromised the password manager's update feature. Click Studios said an i
How to Prevent Pwned and Reused Passwords in Your Active Directory

How to Prevent Pwned and Reused Passwords in Your Active Directory

November 02, 2020The Hacker News
Many businesses are currently looking at how to bolster security across their organization as the pandemic and remote work situation continues to progress towards the end of the year. As organizations continue to implement security measures to protect business-critical data, there is an extremely important area of security that often gets overlooked –  passwords . Weak passwords have long been a security nightmare for your business. This includes reused and  pwned  passwords. What are these? What tools are available to help protect against their use in your environment? Different types of dangerous passwords There are many different types of dangerous passwords that can expose your organization to tremendous risk. One way that cybercriminals compromise environments is by making use of breached password data. This allows launching  password spraying  attacks on your environment. Password spraying involves trying only a few passwords against a large number of end-users. In a passwor
Get 4 Essential CyberSecurity Software For Less Than $10 Per Month

Get 4 Essential CyberSecurity Software For Less Than $10 Per Month

March 22, 2019The Hacker News
Major data breaches and cyber attacks are occurring at an alarming rate, and if you are still not using a VPN and password manager app, you are seriously out of excuses. Not just VPN software and a password manager, cybersecurity experts also recommend using antivirus and backup solutions to protect your computers and precious data stored on them. Unfortunately, to cover these bases, one would typically have to spend at least $30 per month. However, here we have great news for millions of The Hacker News readers. Cybersecurity companies partnered with THN Deal Store have exclusively launched a new subscription package called — The Vault — that slashes the price for top security apps everyone needs to use. At just $9.99 monthly subscription, you can now get licenses for four award-winning cybersecurity apps: Dashlane Password Manager Panda Antivirus Software Degoo Online Backup — 2TB of Secure Cloud Storage NordVPN — One of the best VPN service providers in 2019
BEWARE – New 'Creative' Phishing Attack You Really Should Pay Attention To

BEWARE – New 'Creative' Phishing Attack You Really Should Pay Attention To

March 11, 2019Mohit Kumar
A cybersecurity researcher who last month warned of a creative phishing campaign has now shared details of a new but similar attack campaign with The Hacker News that has specifically been designed to target mobile users. Just like the previous campaign, the new phishing attack is also based on the idea that a malicious web page could mimic look and feel of the browser window to trick even the most vigilant users into giving away their login credentials to attackers. Antoine Vincent Jebara , co-founder and CEO of password managing software Myki , shared a new video with The Hacker News, demonstrating how attackers can reproduce native iOS behavior, browser URL bar and tab switching animation effects of Safari in a very realistic manner on a web-page to present fake login pages, without actually opening or redirecting users to a new tab. New Phishing Attack Mimics Mobile Browser Animation and Design As you can see in the video, a malicious website that looks like Airbnb pro
Get Dashlane Password Manager Premium (50% + 10% OFF)

Get Dashlane Password Manager Premium (50% + 10% OFF)

May 03, 2018The Hacker News
Happy 'World Password Day'! Today is a good time for you to audit your password practices and stop using terrible passwords to protect your online accounts. Experts advice that: Your password must—be long Your password must—be unpredictable Your password must—have at least one number Your password must—not have any dictionary word Your password must—have upper and lowercase letters Your password must—have at least one special character Your password must—be unique and different for every site OK, got it. But who the hell can remember such complex passwords and that too for every [redacted] different site? But don't worry. If you are sick of having to remember dozens of different passwords for dozens of various websites, a great solution is to use a good password manager . Password Manager can significantly reduce the pain to remember every password, along with eliminating for your bad habit of setting a weak password and re-using that same password ever
Flaw In Major Browsers Allows 3rd-Party Scripts to Steal Your Saved Passwords

Flaw In Major Browsers Allows 3rd-Party Scripts to Steal Your Saved Passwords

January 02, 2018Mohit Kumar
Security researchers have uncovered how marketing companies have started exploiting an 11-year-old bug in browsers' built-in password managers, which allow them to secretly steal your email address for targeted advertising across different browsers and devices. The major concern is that the same loophole could allow malicious actors to steal your saved usernames and passwords from browsers without requiring your interaction. Every modern browser—Google Chrome, Mozilla Firefox, Opera or Microsoft Edge—today comes with a built-in easy-to-use password manager tool that allows you to save your login information for automatic form-filling. These browser-based password managers are designed for convenience, as they automatically detect login form on a webpage and fill-in the saved credentials accordingly. However, a team of researchers from Princeton's Center for Information Technology Policy has discovered that at least two marketing companies, AdThink and OnAudience, a
Pre-Installed Password Manager On Windows 10 Lets Hackers Steal All Your Passwords

Pre-Installed Password Manager On Windows 10 Lets Hackers Steal All Your Passwords

December 16, 2017Swati Khandelwal
If you are running Windows 10 on your PC, then there are chances that your computer contains a pre-installed 3rd-party password manager app that lets attackers steal all your credentials remotely. Starting from Windows 10 Anniversary Update (Version 1607), Microsoft added a new feature called Content Delivery Manager that silently installs new "suggested apps" without asking for users' permission. According to a blog post published Friday on Chromium Blog, Google Project Zero researcher Tavis Ormandy said he found a pre-installed famous password manager, called "Keeper," on his freshly installed Windows 10 system which he downloaded directly from the Microsoft Developer Network. Ormandy was not the only one who noticed the Keeper Password Manager. Some Reddit users complained about the hidden password manager about six months ago, one of which reported Keeper being installed on a virtual machine created with Windows 10 Pro. Critical Flaw In Keeper Pas
Apple macOS High Sierra Exploit Lets Hackers Steal Keychain Passwords in Plaintext

Apple macOS High Sierra Exploit Lets Hackers Steal Keychain Passwords in Plaintext

September 26, 2017Swati Khandelwal
Apple yesterday rolled out a new version of its macOS operating system, dubbed High Sierra 10.13 —a few hours before an ex-NSA hacker publicly disclosed the details of a critical vulnerability that affects High Sierra as well as all earlier versions of macOS. Patrick Wardle, an ex-NSA hacker and now head of research at security firm Synack, found a critical zero-day vulnerability in macOS that could allow any installed application to steal usernames and plaintext passwords of online accounts stored in the Mac Keychain. The macOS Keychain is a built-in password management system that helps Apple users securely store passwords for applications, servers, websites, cryptographic keys and credit card numbers—which can be accessed using only a user-defined master password. Typically no application can access the contents of Keychain unless the user enters the master password. "I discovered a flaw where malicious non-privileged code (or apps) could programmatically access th
OneLogin Password Manager Hacked; Users’ Data Can be Decrypted

OneLogin Password Manager Hacked; Users' Data Can be Decrypted

June 02, 2017Swati Khandelwal
Do you use OneLogin password manager ? If yes, then immediately change all your account passwords right now. OneLogin, the cloud-based password management and identity management software company, has admitted that the company has suffered a data breach. The company announced on Thursday that it had "detected unauthorised access" in its United States data region. Although the company did not provide many details about the nature of the cyber attack, the statement released by the firm suggest that the data breach is extensive. What Happened? OneLogin, which aims at offering a service that "secures connections across all users, all devices, and every application," has not yet revealed potential weaknesses in its service that may have exposed its users' data in the first place. "Today We detected unauthorised access to OneLogin data in our US data region," OneLogin chief information security officer Alvaro Hoyos said in a brief blog post-Wednes
9 Popular Password Manager Apps Found Leaking Your Secrets

9 Popular Password Manager Apps Found Leaking Your Secrets

March 01, 2017Wang Wei
Is anything safe? It's 2017, and the likely answer is NO. Making sure your passwords are secure is one of the first line of defense – for your computer, email, and information – against hacking attempts, and Password Managers are the one recommended by many security experts to keep all your passwords secure in one place. Password Managers are software that creates complex passwords, stores them and organizes all your passwords for your computers, websites, applications and networks, as well as remember them on your behalf. But what if your Password Managers itself are vulnerable? Well, it's not just an imagination, as a new report has revealed that some of the most popular password managers are affected by critical vulnerabilities that can expose user credentials. The report, published on Tuesday by a group of security experts from TeamSIK of the Fraunhofer Institute for Secure Information Technology in Germany, revealed that nine of the most popular Android pass
Secure Your Enterprise With Zoho Vault Password Management Software

Secure Your Enterprise With Zoho Vault Password Management Software

January 11, 2017Swati Khandelwal
Recent data breaches have taught us something very important — online users are spectacularly bad at choosing their strong passwords. Today majority of online users are vulnerable to cyber attacks, not because they are not using any best antivirus or other security measures, but because they are using weak passwords that are easy to remember and reuse same passwords on multiple accounts and reusable passwords to secure their online accounts. Ideally, your password should be at least 16 characters long and should contain a combination of digits, symbols, uppercase letters and lowercase letters. Most of us know about this good password practice, but we just ignore it because it is really painful for us to memorize complex password strings for different accounts. Here comes the need of a Password Manager OR  Password Management Software . Password Manager can significantly reduce your password memorizing problem, along with the cure for your bad habit of setting weak password
Password Manager Pro — Easiest Way to Keep Enterprises Secure

Password Manager Pro — Easiest Way to Keep Enterprises Secure

December 01, 2016Swati Khandelwal
Recent corporate breaches have taught us something important — the average enterprise user is spectacularly bad at choosing good passwords. As modern enterprise is becoming a hybrid organization with infrastructure spread across on-premises data centers as well as in the cloud, security of information, applications, and assets has become a paramount concern. Cyber security is no longer an optional strategy for businesses, where limited visibility into the password practices of employees and ineffective monitoring of privileged credentials could end up an organization with a serious security breach and identity theft. The first line of defense for any organization or company is passwords, but most organizations grossly underestimate the need to comply with corporate password policies and meet IT regulatory requirements. Large enterprises have a policy in place that requires end users to choose strong passwords that can withstand dictionary and brute-force attacks, but it come
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.