#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

password manager | Breaking Cybersecurity News | The Hacker News

'Ridiculous' Bug in Popular Antivirus Allows Hackers to Steal all Your Passwords

'Ridiculous' Bug in Popular Antivirus Allows Hackers to Steal all Your Passwords

Jan 12, 2016
If you have installed Trend Micro's Antivirus on your Windows computer, then Beware. Your computer can be remotely hijacked, or infected with any malware by even through a website – Thanks to a critical vulnerability in Trend Micro Security Software. The Popular antivirus maker and security firm Trend Micro has released an emergency patch to fix critical flaws in its anti-virus product that allow hackers to execute arbitrary commands remotely as well as steal your saved password from Password Manager built into its AntiVirus program. The password management tool that comes bundled with its main antivirus is used to store passwords by users and works exactly like any other password manager application. Even Websites Can Hack Into Your Computer Google's Project Zero security researcher, Tavis Ormandy, discovered the remote code execution flaw in Trend Micro Antivirus Password Manager component, allowing hackers to steal users' passwords. In short, o
Researcher releases Free Hacking Tool that Can Steal all Your Secrets from Password Manager

Researcher releases Free Hacking Tool that Can Steal all Your Secrets from Password Manager

Nov 04, 2015
Unless we are a human supercomputer, remembering a different password for every different site is not an easy task. But to solve this problem, there is a growing market of best password manager and lockers, which remembers your password for every single account and simultaneously provides an extra layer of protection by keeping them strong and encrypted. However, it seems to be true only until a hacker released a hacking tool that can silently decrypt and extract all usernames, passwords, as well as notes stored by the popular password manager KeePass . Dubbed KeeFarce , the hacking tool is developed by Kiwi hacker Denis Andzakovic and is available on GitHub  for free download. Hackers can execute KeeFarce on a computer when a user has logged into their KeePass vault, which makes them capable of decrypting the entire password archive and then dumping it to a file that attackers can steal remotely. How Does KeeFarce Work? KeeFarce obtains passwords by lever
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
8 Best Android Apps To Improve Privacy and Security

8 Best Android Apps To Improve Privacy and Security

Apr 30, 2015
Just to have a good anti-virus protection app in your smartphone doesn't mean a complete Security. As Mobile Device Security is comprised of security of different features, such as: Data privacy and security features Permission restrictions for snoopy apps A blacklist for undesired calls An excellent backup capability, in case your smartphone gets deteriorated. As well as encryption functionality. Google's Android is a very flexible mobile operating system that can fulfill all these mobile device security challenges if you select the right security applications from Google Play Store. No doubt, Google Play Store has an abundance of suitable options, and it's quite difficult for you to select the ones that meet all your expectations. So, I decided to help you by making a short list of the best mobile device security applications that I always carry in my Android smartphone. Here are the best security apps you must have in your Android smartphone; have a look
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
New Citadel Trojan Targets Your Password Managers

New Citadel Trojan Targets Your Password Managers

Nov 21, 2014
Unless we are a human supercomputer, remembering password is not an easy task and that too, if you have a different password for every different site. But luckily to make the whole process easy, there is a growing market for password managers which provides an extra layer of protection. Wait! Wait! Seriously?? Security researchers have discovered a new variant of data-stealing Citadel Trojan program used by cybercriminals to slurp up users' master passwords for a number of password management applications and other authentication programs, which will let you think twice before using one. Citadel Trojan malware program has typically been used to steal online banking credentials and other financial information by masquerading itself as legitimate banking sites when victims open it in their local browser, which is also known as a man-in-the-browser attack . The malware has previously targeted users' credentials stored in the password management applications included
Oops... Popular Password Managers Are Not As Secure As You Think

Oops... Popular Password Managers Are Not As Secure As You Think

Jul 15, 2014
Just few days ago, we reported about two critical vulnerability in mobile version of the most popular password manager application from a popular Password management company RoboForm , which manages your passwords for different websites. Now, researchers have published a detailed explanation on the security vulnerabilities discovered in five different and popular password managers , including RoboForm, that could allow cybercriminals to grab your credentials. The serious security holes were found and reported by the University of California Berkeley researchers named: Zhiwei Li, Warren He, Devdatta Akhawe and Dawn Song . The critical vulnerabilities were discovered in the popular password managers that includes RoboForm, LastPass, My1Login, PasswordBox and NeedMyPassword . " Our attacks are severe: in four out of the five password managers we studied, an attacker can learn a user's credentials for arbitrary websites, " Researchers wrote in the paper (PDF) tit
Critical Vulnerability and Privacy LoopHole Found in RoboForm Password Manager

Critical Vulnerability and Privacy LoopHole Found in RoboForm Password Manager

Jul 05, 2014
Unless you are a human supercomputer, remembering password is not so easy, and that too if you have a different password for each site. But luckily to make the whole process very easy, there is a growing market out there for password managers and lockers with extra layers of security. But, if you are using the mobile version of most popular password manager from Password management company RoboForm to manage your passwords then you might be at a risk, claimed a UK based Security researcher. I am personally using RoboForm from last few months, which is a great password manager application developed by Siber Systems Inc. for various platforms that stores your sensitive data all in one place, protected at RoboForm account and encrypted by a secret master password. RoboForm user be able to then quickly access those passwords and notes anytime, anywhere. But a IT security consultant and tech enthusiast Paul Moore discovered one critical vulnerability in its app and one Pri
Master Password Protection added to Google Chrome's Password Manager

Master Password Protection added to Google Chrome's Password Manager

Dec 05, 2013
Just like other Web Browsers, The Google Chrome also offers a password manager feature that can save your logins and basic information for automatic form-filling. The Google Chrome browser stores all your passwords in the plain text format and is available for access by opening the following URL in your Chrome browser – " chrome : //settings/passwords ". Unlike Firefox , till now Google Chrome was not offering any Master Protection. Finally Google has implemented a Master Password protection on Chrome password manager in Windows and Mac. Now you have to enter your Windows account password to reveal the saved passwords. The protection will be lifted for a minute, after entering the password, and after that user need to re-login. Previously, Google was criticized many times for such bad password storage Practice because there is no master password, no security, not even a prompt that " these passwords are visible " and this allows anyone with access to a user's c
Cybersecurity Resources