The Hacker News

SEPTEMBER 14, 2023

A download manager site served Linux users malware that stealthily stole passwords and other sensitive information for more than three years as part of a supply chain attack. The modus operandi entailed establishing a reverse shell to an actor-controlled server and installing a Bash stealer on the compromised system.

Malware 107

Malware Passwords 107

Malwarebytes

NOVEMBER 29, 2023

A new study that examines the current state of password policies across the internet shows that many of the most popular websites allow users to create weak passwords. For the Georgia Tech study , the researchers designed an algorithm that automatically determined a website’s password policy.

Passwords 128

Passwords Password Management Authentication Internet 128

Graham Cluley

JANUARY 27, 2022

The analysts at The Cyber Hut have produced a new guide that explains how Zero Trust can increase business agility, and provides practical guidance for eliminating passwords to accelerate your Zero Trust strategy. … Continue reading "“A Journey to Zero Trust With Zero Passwords” – download the free guide now".

Passwords 78

Passwords 78

Troy Hunt

MARCH 4, 2020

Since launching version 2 of Pwned Passwords with the k-anonymity model just over 2 years ago now, the thing has really gone nuts (read that blog post for background otherwise nothing from here on will make much sense). They could be searching for any password whose SHA-1 hash begins with those characters. Very slick!

Passwords 275

Passwords Data breaches Risk Encryption 275

Malwarebytes

FEBRUARY 27, 2024

But modern devices aren’t so faulty that an errant mobile app download can lead to full device control or the complete revelation of all your private details, like your email, social media, and banking logins. Keep threats off your devices by downloading Malwarebytes today. So, what’s a cybercriminal to do?

Banking 144

Banking Passwords Accountability Malware 144

Security Affairs

SEPTEMBER 14, 2023

Researchers discovered a free download manager site that has been compromised to serve Linux malware to users for more than three years. Researchers from Kaspersky discovered a free download manager site that has been compromised to serve Linux malware. org subdomain. org subdomain. ” reported Kasperksy. freedownloadmanager[.]org

Malware 112

Malware Software Cryptocurrency Passwords 112

Troy Hunt

AUGUST 28, 2018

I'm still pretty amazed at how much traction Pwned Passwords has gotten this year. A few months ago, I wrote about Pwned Passwords in Practice which demonstrates a whole heap of great use cases where they've been used in registration, password reset and login flows.

Passwords 191

Passwords 191

Heimadal Security

FEBRUARY 22, 2023

The database admins did not use a password to secure it, so all the data was open to the public. OyeTalk is a voice-chat app that is available in over 100 countries and has five million downloads […] The post Five Million Downloads OyeTalk Android App Leaks Private User Conversations appeared first on Heimdal Security Blog.

Passwords 95

Passwords Cybersecurity 95

The Hacker News

FEBRUARY 16, 2023

million weekly downloads has been found vulnerable to an account takeover attack. The package can be taken over by recovering an expired domain name for one of its maintainers and resetting the password," software supply chain security company Illustria said in a report. A popular npm package with more than 3.5

Passwords 93

Passwords Accountability Software 93

Malwarebytes

SEPTEMBER 29, 2022

It's no surprise then to see criminals continuing to abuse Zoom's popularity, in the hope of netting interested parties and, potentially, luring current users into downloading and installing malware. Malware @Zoom downloads ? Findings reveal six fake Zoom download sites, but they are no longer accessible.

Spyware 90

Spyware Malware Software Banking 90

CyberSecurity Insiders

NOVEMBER 23, 2022

Now, the latest that has been published by Group-IB claims Moscow’s involvement in the password stealing of over 50 million users. NOTE – Better to craft a password that has a minimum of 14 characters. The post Russia stole the passwords of 50 million users appeared first on Cybersecurity Insiders.

Passwords 127

Passwords Scams Authentication Cybercrime 127

Hacker's King

JANUARY 28, 2024

LaZagne is an open-source recovery tool used for extracting passwords from various software and operating systems. The tool extracts the passwords stored locally on the system, decrypts them, and gives the output in a readable format. Now if you want to extract the browser's passwords, type the following.

Passwords 52

Passwords Wireless Hacking Software 52

Graham Cluley

JUNE 23, 2021

Most enterprise data breaches are still tied to weak password and secrets management habits among employees.

Password Management 74

Password Management Passwords Data breaches Software 74

eSecurity Planet

NOVEMBER 29, 2022

Group-IB cybersecurity researchers recently identified several Russian-speaking cybercrime groups offering infostealing malware-as-a-service (MaaS), resulting in the theft of more than 50 million passwords thus far. To minimize risk, Group-IB advises taking the following key steps: Don’t download software from suspicious sources.

Passwords 120

Passwords Cybercrime Malware Marketing 120

Bleeping Computer

OCTOBER 23, 2021

Hackers hijacked the popular UA-Parser-JS NPM library, with millions of downloads a week, to infect Linux and Windows devices with cryptominers and password-stealing trojans in a supply-chain attack. [.].

Passwords 145

Passwords 145

Bleeping Computer

DECEMBER 5, 2021

Cybercriminals are spamming website contact forms and discussion forums to distribute Excel XLL files that download and install the RedLine password and information-stealing malware. [.].

Passwords 144

Passwords Malware 144

Graham Cluley

JUNE 3, 2021

The majority of enterprise data breaches are still tied to weak password and secrets management habits among employees.

Password Management 77

Password Management Passwords Data breaches Software 77

Malwarebytes

SEPTEMBER 4, 2023

Researchers at the University of Wisconsin–Madison have demonstrated that Chrome browser extensions can steal passwords from the text input fields in websites, even if the extension is compliant with Chrome's latest security and privacy standard, Manifest V3. This creates a significant challenge for vendors like Google.

Passwords 116

Passwords Password Management Ransomware 116

CyberSecurity Insiders

DECEMBER 30, 2021

If you follow a custom of saving passwords in your browser, you better change it, before it’s too late. Because security researchers from a South Korean cybersecurity firm, AhnLab discovered that a new malware named Redline was seen lurking in the browsers and stealing saved passwords only to be transmitted to remote servers.

Passwords 118

Passwords Malware Cryptocurrency Software 118

SecureBlitz

NOVEMBER 12, 2021

Here’s a review on Mozilla Firefox Lockwise – showing its benefits, features and how to download it. The Lockwise app is a privacy tool from Mozilla, which is specially designed for storing Firefox passwords (and logins). So, if you’re the type who forgets passwords easily, this piece’s for you.

Passwords 71

Passwords Cybersecurity Password Management 71

Malwarebytes

APRIL 6, 2021

Upon analysis, the obfuscated PowerShell downloader initiated a chain of infection leading to a lesser-known malware called Saint Bot. Saint Bot is a downloader that appeared quite recently, and slowly is getting momentum. It is accompanied with a.txt file, that claims to be a password to this wallet. The.NET downloader.

Malware 125

Malware Phishing Passwords Architecture 125

Malwarebytes

JANUARY 13, 2023

It's bad news for the US Department of the Interior—a Government watchdog’s security audit has revealed its passwords are simply not up to the job of warding off cracking attempts. Department of the Interior: Easily Cracked Passwords, Lack of Multifactor Authentication, and Other Failures Put Critical DOI Systems at Risk.

Passwords 93

Passwords Password Management Accountability Authentication 93

Heimadal Security

MARCH 22, 2022

The Google Play Store has seen over 100,000 downloads of malicious Android software that performs Facebook credentials theft. It seems that the application is still available for download. The post 100,000 Google Play Users Targeted by Android Password Stealing Malware appeared first on Heimdal Security Blog.

Passwords 99

Passwords Malware Software Cybersecurity 99

Troy Hunt

AUGUST 29, 2023

Further, the passwords from the malware will shortly be searchable in the Pwned Passwords service which can either be checked online or via the API. Pwned Passwords is presently requested 5 and a half billion times each month to help organisations prevent people from using known compromised passwords.

Malware 329

Malware Passwords Password Management Antivirus 329

IT Security Guru

JANUARY 27, 2023

Improving your password habits: Do not use any combination of characters that is easy to guess. Avoid using the same password across multiple accounts as well as including any personal information. Recognisable keystroke patterns or short passwords should also be avoided. Don’t use repeated letters or numbers as a password.

Password Management 104

Password Management Data privacy Passwords Accountability 104

Heimadal Security

APRIL 26, 2021

Cybersecurity analyst Oliver Hough recently discovered that hackers have created a fake DirectX 12 download site to distribute malware that steals your cryptocurrency wallets and passwords. The post Fake DirectX12 Download Website Installs Crypto-Stealing Malware appeared first on Heimdal Security Blog.

Malware 73

Malware Cryptocurrency Passwords Cybersecurity 73

Malwarebytes

FEBRUARY 22, 2022

In reality this application was a Trojan dropper which contacted a remote server and downloaded one of several payloads based on certain parameters. The Fast Cleaner app has now been removed from the Play Store but not before it was downloaded more than 50,000 times. One of these payloads was the banking Trojan Xenomorph.

Banking 105

Banking Backups Malware Cryptocurrency 105

Bleeping Computer

MAY 17, 2023

Cybercriminals are starting to target Microsoft's VSCode Marketplace, uploading three malicious Visual Studio extensions that Windows developers downloaded 46,600 times. [.]

Passwords 142

Passwords 142

Hot for Security

JANUARY 29, 2021

The company believes the incident occurred on January 4, 2021, after threat actors managed to trick employees into accessing and downloading malicious software on some retail-store computers. “A few employees in retail stores were successfully scammed by unauthorized individuals and downloaded software onto a store computer.”

Data breaches 133

Data breaches Wireless Retail Malware 133

Malwarebytes

JANUARY 30, 2023

We have recently written about malvertising campaigns that leverage Google paid advertisements to try and trick people into downloading malware instead of the software they were looking for. Now, our researchers found that the malvertising campaigns via Google Ads are not just about software downloads and scams.

Password Management 69

Password Management Passwords Phishing Advertising 69

eSecurity Planet

JANUARY 31, 2023

John the Ripper is a popular password cracking tool that can be used to perform brute-force attacks using different encryption technologies and helpful wordlists. It’s often what pen-testers and ethical hackers use to find the true passwords behind hashes. For our example, we won’t need a powerful machine. Or at least a good GPU.

Passwords 92

Passwords Penetration Testing Encryption Password Management 92

SecureWorld News

MAY 10, 2022

Even though World Password Day is over, it's never too late to remind your end-users that weak, unimaginative, and easy-to-guess passwords—like "123456," "qwerty," and, well… "password"—are poor options for securing accounts and devices. Improving password best practices matters.

Passwords 73

Passwords Education Password Management Computers and Electronics 73

Malwarebytes

DECEMBER 1, 2021

Security researchers have discovered banking Trojan apps on the Google Play Store, and say they have been downloaded by more than 300,000 Android users. As you may know, banking Trojans are kitted for stealing banking data like your username and password, and two-factor authentication (2FA) codes that you use to login to your bank account.

Malware 125

Malware Banking Authentication Cryptocurrency 125

Hot for Security

JANUARY 20, 2021

It’s unclear how those credentials were leaked, and the team looking into the incident says that the password was strong. “The intruder was able to download a copy of the user list that contains email addresses, handles, and other statistical information about the users of the forum,” said OpenWRT’s maintainers.

Data breaches 98

Data breaches Passwords Authentication Internet 98

Troy Hunt

APRIL 27, 2018

When I launched Pwned Passwords in August , I honestly didn't know how much it would be used. I made 320M SHA-1 password hashes downloadable and also stood up an API to query the data "as a service" by either a plain text password or a SHA-1 hash. Thanks @haveibeenpwned !

Passwords 186

Passwords 186

Malwarebytes

JANUARY 11, 2022

Some of you may even have changed your old router’s password for a brand new one. What is a Wi-Fi password? Your Wi-Fi password is how you keep your internet activities, and also your router, secure from people you don’t want to have access. Does my router have a Wi-Fi password?

Passwords 103

Passwords Internet Internet Malware 103

eSecurity Planet

SEPTEMBER 9, 2021

The network security vendor said the credentials were stolen from systems that remain unpatched against a two-year-old vulnerability – CVE-2018-13379 – or from users who patched that vulnerability but failed to change passwords. Treat all credentials as potentially compromised and perform an organization-wide password reset.

VPN 97

VPN Passwords Authentication Network Security 97