password manager | Breaking Cybersecurity News | The Hacker News

Happy 'World Password Day'! Today is a good time for you to audit your password practices and stop using terrible passwords to protect your online accounts. Experts advice that: Your password must—be long Your password must—be unpredictable Your password must—have at least one number Your password must—not have any dictionary word Your password must—have upper and lowercase letters Your password must—have at least one special character Your password must—be unique and different for every site OK, got it. But who the hell can remember such complex passwords and that too for every [redacted] different site? But don't worry. If you are sick of having to remember dozens of different passwords for dozens of various websites, a great solution is to use a good password manager . Password Manager can significantly reduce the pain to remember every password, along with eliminating for your bad habit of setting a weak password and re-using that same password ever

Security researchers have uncovered how marketing companies have started exploiting an 11-year-old bug in browsers' built-in password managers, which allow them to secretly steal your email address for targeted advertising across different browsers and devices. The major concern is that the same loophole could allow malicious actors to steal your saved usernames and passwords from browsers without requiring your interaction. Every modern browser—Google Chrome, Mozilla Firefox, Opera or Microsoft Edge—today comes with a built-in easy-to-use password manager tool that allows you to save your login information for automatic form-filling. These browser-based password managers are designed for convenience, as they automatically detect login form on a webpage and fill-in the saved credentials accordingly. However, a team of researchers from Princeton's Center for Information Technology Policy has discovered that at least two marketing companies, AdThink and OnAudience, a

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

If you are running Windows 10 on your PC, then there are chances that your computer contains a pre-installed 3rd-party password manager app that lets attackers steal all your credentials remotely. Starting from Windows 10 Anniversary Update (Version 1607), Microsoft added a new feature called Content Delivery Manager that silently installs new "suggested apps" without asking for users' permission. According to a blog post published Friday on Chromium Blog, Google Project Zero researcher Tavis Ormandy said he found a pre-installed famous password manager, called "Keeper," on his freshly installed Windows 10 system which he downloaded directly from the Microsoft Developer Network. Ormandy was not the only one who noticed the Keeper Password Manager. Some Reddit users complained about the hidden password manager about six months ago, one of which reported Keeper being installed on a virtual machine created with Windows 10 Pro. Critical Flaw In Keeper Pas

Apple yesterday rolled out a new version of its macOS operating system, dubbed High Sierra 10.13 —a few hours before an ex-NSA hacker publicly disclosed the details of a critical vulnerability that affects High Sierra as well as all earlier versions of macOS. Patrick Wardle, an ex-NSA hacker and now head of research at security firm Synack, found a critical zero-day vulnerability in macOS that could allow any installed application to steal usernames and plaintext passwords of online accounts stored in the Mac Keychain. The macOS Keychain is a built-in password management system that helps Apple users securely store passwords for applications, servers, websites, cryptographic keys and credit card numbers—which can be accessed using only a user-defined master password. Typically no application can access the contents of Keychain unless the user enters the master password. "I discovered a flaw where malicious non-privileged code (or apps) could programmatically access th

Do you use OneLogin password manager ? If yes, then immediately change all your account passwords right now. OneLogin, the cloud-based password management and identity management software company, has admitted that the company has suffered a data breach. The company announced on Thursday that it had "detected unauthorised access" in its United States data region. Although the company did not provide many details about the nature of the cyber attack, the statement released by the firm suggest that the data breach is extensive. What Happened? OneLogin, which aims at offering a service that "secures connections across all users, all devices, and every application," has not yet revealed potential weaknesses in its service that may have exposed its users' data in the first place. "Today We detected unauthorised access to OneLogin data in our US data region," OneLogin chief information security officer Alvaro Hoyos said in a brief blog post-Wednes

Is anything safe? It's 2017, and the likely answer is NO. Making sure your passwords are secure is one of the first line of defense – for your computer, email, and information – against hacking attempts, and Password Managers are the one recommended by many security experts to keep all your passwords secure in one place. Password Managers are software that creates complex passwords, stores them and organizes all your passwords for your computers, websites, applications and networks, as well as remember them on your behalf. But what if your Password Managers itself are vulnerable? Well, it's not just an imagination, as a new report has revealed that some of the most popular password managers are affected by critical vulnerabilities that can expose user credentials. The report, published on Tuesday by a group of security experts from TeamSIK of the Fraunhofer Institute for Secure Information Technology in Germany, revealed that nine of the most popular Android pass

Recent data breaches have taught us something very important — online users are spectacularly bad at choosing their strong passwords. Today majority of online users are vulnerable to cyber attacks, not because they are not using any best antivirus or other security measures, but because they are using weak passwords that are easy to remember and reuse same passwords on multiple accounts and reusable passwords to secure their online accounts. Ideally, your password should be at least 16 characters long and should contain a combination of digits, symbols, uppercase letters and lowercase letters. Most of us know about this good password practice, but we just ignore it because it is really painful for us to memorize complex password strings for different accounts. Here comes the need of a Password Manager OR  Password Management Software . Password Manager can significantly reduce your password memorizing problem, along with the cure for your bad habit of setting weak password

Recent corporate breaches have taught us something important — the average enterprise user is spectacularly bad at choosing good passwords. As modern enterprise is becoming a hybrid organization with infrastructure spread across on-premises data centers as well as in the cloud, security of information, applications, and assets has become a paramount concern. Cyber security is no longer an optional strategy for businesses, where limited visibility into the password practices of employees and ineffective monitoring of privileged credentials could end up an organization with a serious security breach and identity theft. The first line of defense for any organization or company is passwords, but most organizations grossly underestimate the need to comply with corporate password policies and meet IT regulatory requirements. Large enterprises have a policy in place that requires end users to choose strong passwords that can withstand dictionary and brute-force attacks, but it come

Another Day, Another Data Breach! And this time, it's worse than any recent data breaches. Why? Because the data breach has exposed plaintext passwords, usernames, email addresses, and a large trove of other personal information of more than 6.6 Million ClixSense users. ClixSense, a website that claims to pay users for viewing advertisements and completing online surveys, is the latest victim to join the list of " Mega-Breaches " revealed in recent months, including LinkedIn , MySpace , VK.com , Tumblr , and Dropbox . Hackers are Selling Plaintext Passwords and Complete Website Source Code More than 2.2 Million people have already had their personal and sensitive data posted to PasteBin over the weekend. The hackers who dumped the data has put another 4.4 Million accounts up for sale. In addition to un-hashed passwords and email addresses, the dump database includes first and last names, dates of birth, sex, home addresses, IP addresses, payment histories,

Hardly a day goes without headlines about any significant data breach. In the past few months, over 1 Billion account credentials from popular social network sites, including LinkedIn , Tumblr , MySpace and VK.com were exposed on the Internet. Now, the same hacker who was responsible for selling data dumps for LinkedIn, MySpace, Tumblr and VK.com is now selling what is said to be the login information of 200 Million Yahoo! users on the Dark Web . 200 Million Yahoo! Logins for 3 BTC The hacker, who goes by the pseudonym " Peace " or "peace_of_mind," has uploaded 200 Million Yahoo! credentials up for sale on an underground marketplace called The Real Deal for 3 Bitcoins (US$1,824). Yahoo! admitted the company was "aware" of the potential leak, but did not confirm the authenticity of the data. The leaked database includes usernames, MD5-hashed passwords and date of births from 200 Million Yahoo! Users. In some cases, there is also the backup e

A critical zero-day flaw has been discovered in the popular cloud password manager LastPass that could allow any remote attacker to compromise your account completely. LastPass is one of the best password manager that also available as a browser extension that automatically fills credentials for you. All you need is to remember one master password to unlock all other passwords of your different online accounts, making it much easier for you to use unique passwords for different sites. However, the password manager isn't as secure as it promises. Also Read:  Popular Password Managers Are Not As Secure As You Think Google Project Zero Hacker Tavis Ormandy discovered several security issues in the software that allowed him to steal passwords stored with LastPass. " Are people really using this LastPass thing? I took a quick look and can see a bunch of obvious critical problems. I'll send a report asap ," Ormandy revealed on Twitter . Once compromise a v

Do you have remote login software TeamViewer installed on your desktop? If Yes, then it could be possible that your system can be accessed by attackers to steal your personal details, including your bank and PayPal accounts, as several reports on Reddit and Twitter suggests. According to recent reports, the popular TeamViewer software that is used to remotely control PCs appears to have been HACKED ! Over the past few days, a number of users headed on to the Internet forums to report that unknown attackers are taking control of their computers through their TeamViewer accounts and, in some cases, trying to steal money through services like eBay or PayPal. This same behavior has also been reported by the IBM security researcher Nick Bradley, who said: "In the middle of my gaming session, I lose control of my mouse, and the TeamViewer window pops up in the bottom right corner of my screen. As soon as I realize what is happening, I kill the application. Then it dawns

The majority of Internet users are vulnerable to cyber threats because of their own weaknesses in setting up a strong password. But, are end-users completely responsible for choosing weak passwords? Give a thought. Recently we wrote an article revealing the list of Worst Passwords of 2015 that proved most of us are still using bad passwords, like ' 123456 ' or ' password ,' to secure our online accounts that when breached could result in critical information loss. If the end-user is to blame for weak password security, then the solution is to educate each and every Internet user to follow the best password security practice. But is that really possible? Practically, No. Even after being aware of best password security measures, do we really set strong passwords for every website? I mean EVERY. Ask yourself. Who's Responsible for allowing Users to Set a Weak Password? It's the websites and their developers, who didn't enforce a