Password Management Archives

ViperSoftX campaign steals cryptocurrency and targets password managers

Cybersecurity Attacks, Malware, Password Management / By Frank Crast / May 1, 2023 / C&C, Command and Control, Cryptocurrency, passwords, ViperSoftX

Security experts have discovered a new version of ViperSoftX, a malware that steals cryptocurrency and targets password managers, such as KeePass and 1Password.

LastPass provides an update on security breach

Cybersecurity Attacks, Data Breach, Data Privacy, Password Management / By Frank Crast / December 28, 2022 / Data Breach, LastPass, Password

LastPass has provided an update on a security breach of internal source code and sensitive documents previously disclosed this past August.

Cybercriminals use proxies and configurations to launch credential stuffing attacks

Application Security, Cybersecurity Attacks, Password Management / By Frank Crast / August 22, 2022 / CDN, Cyberattack, Cybersecurity Threat Center, FBI, MFA, OWASP, passwords, SSL

The Federal Bureau of Investigation (FBI) have spotted cybercriminals using proxies and configurations to launch credential stuffing attacks against US companies.

GitLab issues security update for Critical hard-coded password vulnerability (CVE-2022-1162)

Application Security, Password Management, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / April 2, 2022 / CVE-2022-1162, GitLab, LDAP, Oauth, OmniAuth, passwords

GitLab has issued a security update to address a Critical vulnerability CVE-2022-1162 where static passwords were inadvertently set during OmniAuth-based registration.

FluBot: Beware of this Android password-stealing malware

Malware, Mobile Security, Password Management / By Frank Crast / April 26, 2021 / FluBot, malware, mobile, NCSC, Trojan

Security experts from UK’s National Cyber Security Centre (NCSC) warned of a new malware strain FlyBot, an Andoid password-stealing malware.

PHP user database leak allegedly led to PHP source code compromise

Application Security, Password Management, Vulnerabilities & Exploits / By Frank Crast / April 7, 2021 / Gilotine, PHP, Source Code

PHP maintainer Nikita Popov has published new details regarding the likely cause of a recent PHP source code compromise and insert of malicious code.

Hackers target 50K vulnerable Fortinet devices to steal passwords

Cybersecurity Attacks, Network Security, Password Management, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / November 27, 2020 / CISA, CVE-2018-13379, Fortinet, FortiOS, VPN

Cybersecurity experts are warning hackers are targeting nearly 50,000 vulnerable unpatched Fortinet VPNs to steal passwords.

Mozilla releases Firefox 78 with new ‘Protections Dashboard’ feature

Password Management, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / July 2, 2020 / CVE-2020-12415, CVE-2020-12416, CVE-2020-12417, CVE-2020-12418, CVE-2020-12419, CVE-2020-12420, CVE-2020-12426, Firefox, Firefox 78, Mozilla

The Mozilla Foundation has released Firefox 78 that includes security fixes for multiple vulnerabilities, as well as a new ‘Protections Dashboard’ feature.

FBI and CISA warning of Chinese targeting COVID-19 research organizations

Cybersecurity Attacks, Password Management, Vulnerabilities & Exploits / By Frank Crast / May 15, 2020 / CISA, Coronavirus, COVID-19, DHS, FBI, healthcare, Medical

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued a warning of likely targeting and compromise of U.S. COVID-19 research organizations by the People’s Republic of China (PRC).

Alert: Threat actors continue to exploit patched Pulse Secure VPN devices

Identity & Access Management, Network Security, Password Management, Vulnerabilities & Exploits / By Frank Crast / April 17, 2020 / Active Directory, CISA, CVE-2019-11510, DHS, Juniper, passwords, Pulse Secure, VPN

Organizations that are running Pulse Security VPN devices may still be at risk of being exploited, even if previously patched, according to a new Department of Homeland Security (DHS) advisory. The risk is elevated if an actor previously exploited CVE-2019-11510 and stole AD credentials from the victim organization.