Hacking, Information Security and Password Management

A bug in Chrome Password Manager caused user credentials to disappear

Security Affairs

JULY 26, 2024

Google addressed a Chrome’s Password Manager bug that caused user credentials to disappear temporarily for more than 18 hours. Google has addressed a bug in Chrome’s Password Manager that caused user credentials to disappear temporarily. Users can save passwords, however it was not visible to them.

Password Management

Password Management Passwords Engineering Hacking

Feds seized $23 million in crypto stolen using keys from LastPass breaches

Security Affairs

MARCH 10, 2025

authorities seized $23M in crypto tied to a $150M Ripple hack, suspected to have been carried out by hackers from the 2022 LastPass breach. Security researcher ZachXBT identified the victim as Ripple co-founder Chris Larsen. The governments latest action officially secures the recovered funds. ” reads the complaint.

Password Management

Password Management Cryptocurrency Passwords Data breaches

Bitwarden vs LastPass: Compare Top Password Managers

eSecurity Planet

SEPTEMBER 24, 2021

If you’re looking for a password manager for your business, Bitwarden and LastPass might be on your list of potential solutions. Both vendors will help you and your employees store access credentials, improve password health, and share sensitive information securely. Choosing the right password manager.

Password Management

Password Management Passwords Encryption Authentication

NortonLifeLock: threat actors breached Norton Password Manager accounts

Security Affairs

JANUARY 13, 2023

Gen Digital, formerly Symantec Corporation and NortonLifeLock, warns that hackers breached Norton Password Manager accounts. Gen Digital, formerly Symantec Corporation and NortonLifeLock, informed its customers that threat actors have breached Norton Password Manager accounts in credential-stuffing attacks.

Password Management

Password Management Passwords Accountability Data breaches

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

Security Affairs

NOVEMBER 15, 2024

Glove Stealer is a.NET-based information stealer that targets browser extensions and locally installed software to steal sensitive data. The malware could harvest a huge trove of data from infected systems, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information.

Encryption

Encryption Password Management Cryptocurrency Social Engineering

Trend Micro addressed two DLL Hijacking flaws in Trend Micro Password Manager

Security Affairs

AUGUST 17, 2019

Trend Micro addressed 2 DLL hijacking flaws in Trend Micro Password Manager that could allow malicious actors to escalate privileges and much more. “ SafeBreach Labs discovered a new vulnerability in Trend Micro Password Manager software.” ” reads the security advisory published by Trend Micro. .

Password Management

Password Management Passwords Advertising Authentication

Sweet Treats, Sour Breach: Cyberattack Hits Krispy Kreme

SecureWorld News

DECEMBER 12, 2024

The details of the Krispy Kreme hack are still emerging, but the companys Form 8-K filing brought the incident to light, offering a rare glimpse into the challenges businesses face when their systems are compromised. The Krispy Kreme hack is a sobering reminder that no industry is immune to cyber threats.

Password Management

Password Management Passwords CISO Cybersecurity

A flaw in LastPass password manager leaks credentials from previous site

Security Affairs

SEPTEMBER 16, 2019

A flaw in LastPass password manager leaks credentials from previous site. An expert discovered a flaw in the LastPass password manager that exposes login credentials entered on a site previously visited by a user. SecurityAffairs – LastPass, hacking). Pierluigi Paganini.

Password Management

Password Management Passwords Advertising Mobile

International law enforcement operation dismantled RedLine and Meta infostealers

Security Affairs

OCTOBER 29, 2024

The two infostealers allowed operators to harvest usernames, passwords, contact info, and crypto-wallets from victims, the threat actors sold this data to criminals for financial theft and hacking. Use a password manager : Simplifies managing strong, unique passwords across accounts.

Identity Theft

Identity Theft Passwords Malware Banking

A supply chain attack compromised the update mechanism of Passwordstate Password Manager

Security Affairs

APRIL 25, 2021

The software company Click Studios was the victim of a supply chain attack, hackers compromised its Passwordstate password management application. Manager hase? Passwordstate is the Enterprise Password Management solution used by more than 29,000 customers and 370,000 security and IT professionals globally.

Password Management

Password Management Passwords Software Malware

New Windows Meduza Stealer targets tens of crypto wallets and password managers

Security Affairs

JULY 3, 2023

The malware also targets crypto wallet extensions, password managers, and 2FA extensions. The malware also collects a variety of data, including system info, browser info, password manager info, miner related registry info, and installed games info. ” continues the analysis.

Password Management

Password Management Passwords Malware Marketing

Password Managers Under Attack, Shady Reward Apps on Google Play, Meta Account Center 2FA Bypass

Security Boulevard

FEBRUARY 5, 2023

The attacks on password managers and their users continue as Bitwarden and 1Password users have reported seeing paid ads for phishing sites in Google search results for the official login page of the password management vendors.

Password Management

Password Management Passwords Accountability Phishing

10 Behaviors That Will Reduce Your Risk Online

Daniel Miessler

MAY 14, 2020

Use unique, strong passwords, and store them in a password manager. Many people get hacked from having guessable or previously compromised passwords. Good passwords are long, random, and unique to each account, which means it’s impossible for a human to manage them on their own.

Risk

Risk Password Management Passwords Accountability

U.S. Offers $10M bounty for info on RedLine malware creator and state hackers

Security Affairs

JUNE 6, 2025

The two infostealers allowed operators to harvest usernames, passwords, contact info, and crypto-wallets from victims, the threat actors sold this data to criminals for financial theft and hacking. Use a password manager : Simplifies managing strong, unique passwords across accounts.

Malware

Malware Passwords Identity Theft Government

Retail giant Home Depot agrees to a $17.5 million settlement over 2014 data breach

Security Affairs

NOVEMBER 25, 2020

“Retailers must take meaningful steps to protect consumers’ credit and debit card information from theft when they shop,” said Massachusetts AG Maura Healey. SecurityAffairs – hacking, Data breach). million settlement over 2014 data breach appeared first on Security Affairs. ” . .

Retail

Retail Data breaches Penetration Testing Information Security

LastPass revealed that intruders had internal access for four days during the August hack

Security Affairs

SEPTEMBER 18, 2022

The Password management solution LastPass revealed that the threat actors had access to its systems for four days during the August hack. Password management solution LastPass shared more details about the security breach that the company suffered in August 2022. SecurityAffairs – hacking, hack).

Hacking

Hacking Password Management Passwords Authentication

LastPass data breach: threat actors stole a portion of source code

Security Affairs

AUGUST 25, 2022

Password management software firm LastPass has suffered a data breach, threat actors have stole source code and other data. SecurityAffairs – hacking, data breach). The post LastPass data breach: threat actors stole a portion of source code appeared first on Security Affairs. Pierluigi Paganini.

Data breaches

Data breaches Password Management Passwords Architecture

LastPass hack caused by an unpatched Plex software on an employee’s PC

Security Affairs

MARCH 7, 2023

The security breach suffered by LastPass was caused by the failure to update Plex on the home computer of one of its engineers. LastPass revealed that the home computer of one of its DevOp engineers was hacked as part of a sophisticated cyberattack.

Software

Software Hacking Data breaches Media

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

The Last Watchdog

JANUARY 28, 2019

The end game for this particular hacking ring is to install crypto currency mining routines on compromised Linux servers. Xbash gets rolling by infecting one device, which then serves as the launch pad for deeper hacking forays limited only by the attacker’s initiative. Use a password manager.

Passwords

Passwords Password Management Antivirus Internet

Nation-state actors hacked Red Cross exploiting a Zoho bug

Security Affairs

FEBRUARY 17, 2022

The attribution of the hack is based on similarities of attackers’ TTPs with the ones associated with APT groups and the targeted nature of the attack. “Once inside our network, the hackers were able to deploy offensive security tools which allowed them to disguise themselves as legitimate users or administrators. .”

Hacking

Hacking Password Management Malware Encryption

LastPass investigated recent reports of blocked login attempts

Security Affairs

DECEMBER 28, 2021

Password manager app LastPass confirmed that threat actors have launched a credential stuffing attack against its users. “Someone just used your master password to try to log in to your account from a device or location we didn’t recognize,” reads the warnings. SecurityAffairs – hacking, password).

Password Management

Password Management Passwords Accountability Authentication

The Hidden Cost of Ransomware: Wholesale Password Theft

Krebs on Security

JANUARY 6, 2020

The anonymous individual behind that communication declined to provide proof that they were part of the group that held VPCI’s network for ransom, and after an increasingly combative and personally threatening exchange of messages soon stopped responding to requests for more information. You may confirm this with them. In our Dec.

Passwords

Passwords Ransomware Password Management Malware

New Version of Meduza Stealer Released in Dark Web

Security Affairs

DECEMBER 29, 2023

Atom, Comodo Dragon, Torch, Comodo, Slimjet, 360Browser, 360 Secure Browser, Maxthon3, Maxthon5, Maxthon, QQBrowser, K-Meleon, Xpom, Lenovo Browser, Xvast, Go!

Password Management

Password Management Cryptocurrency Passwords Authentication

Zoho urges fixing a critical SQL Injection flaw in ManageEngine

Security Affairs

JANUARY 5, 2023

. “This security advisory is to let you know that a high severity vulnerability was detected in ManageEngine Password Manager Pro.” “An SQL Injection vulnerability(CVE-2022-47523) was discovered in Password Manager Pro.” The flaw impacts Password Manager Pro, versions 12200 and below.

Password Management

Password Management Passwords Hacking Cybersecurity

Port of Houston was hit by an alleged state-sponsored attack

Security Affairs

SEPTEMBER 26, 2021

ManageEngine ADSelfService Plus is self-service password management and single sign-on solution. SecurityAffairs – hacking, Port of Huston). The post Port of Houston was hit by an alleged state-sponsored attack appeared first on Security Affairs. reads the joint advisory. reads the joint advisory. Pierluigi Paganini.

Password Management

Password Management Cyber Attacks Authentication Passwords

CISA adds Zoho ManageEngine flaw to its Known Exploited Vulnerabilities Catalog

Security Affairs

SEPTEMBER 23, 2022

The CVE-2022-35405 flaw is a remote code execution vulnerability that impacts Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus. “Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus contain an unspecified vulnerability which allows for remote code execution.”

Password Management

Password Management Passwords Hacking Risk

RomCom RAT campaigns abuses popular brands like KeePass and SolarWinds NPM

Security Affairs

NOVEMBER 4, 2022

The threat actors set up websites cloning the official download websites for SolarWinds Network Performance Monitor (NPM), KeePass password manager, and PDF Reader Pro. SecurityAffairs – hacking, RomCom RAT). The malware was masqueraded as legitimate applications from popular brands. Pierluigi Paganini.

Password Management

Password Management Passwords Software Ransomware

Credential Flusher, understanding the threat and how to protect your login data

Security Affairs

SEPTEMBER 18, 2024

Regularly update software: Keep your operating system and all applications updated to fix any security vulnerabilities. Use complex and unique passwords: Avoid reusing the same passwords for multiple accounts and use password managers to generate and store secure passwords.

Passwords

Passwords Identity Theft Education Authentication

LastPass employee targeted via an audio deepfake call

Security Affairs

APRIL 12, 2024

According to the password management software firm, the employee was contacted outside of the business hours. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – Hacking, deepfakes) concludes the report.

Social Engineering

Social Engineering Scams Password Management Technology

Security Affairs newsletter Round 482 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JULY 28, 2024

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Spyware

Spyware Data breaches Cybercrime Banking

US CISA report shares details on web shells used by Iranian hackers

Security Affairs

SEPTEMBER 16, 2020

A few weeks ago, researchers from Crowdstrike revealed that the Iran-linked APT group tracked as Pioneer Kitten, also known as Fox Kitten or Parisite, is now trying to monetize its efforts by selling access to some of the networks it has hacked to other hackers. SecurityAffairs – hacking, web shells). ” continues the report.

VPN

VPN Passwords Advertising Password Management

FBI, CISA, and CGCYBER warn of nation-state actors exploiting CVE-2021-40539 Zoho bug

Security Affairs

SEPTEMBER 16, 2021

ManageEngine ADSelfService Plus is self-service password management and single sign-on solution. SecurityAffairs – hacking, Zoho). The post FBI, CISA, and CGCYBER warn of nation-state actors exploiting CVE-2021-40539 Zoho bug appeared first on Security Affairs. ” reads the joint advisory. Pierluigi Paganini.

Password Management

Password Management Passwords Authentication Cyber threats

Zoho warns of zero-day authentication bypass flaw actively exploited

Security Affairs

SEPTEMBER 9, 2021

ManageEngine ADSelfService Plus is a self-service password management and single sign-on solution for Active Directory and cloud apps.” SecurityAffairs – hacking, Zoho). The post Zoho warns of zero-day authentication bypass flaw actively exploited appeared first on Security Affairs. Pierluigi Paganini.

Authentication

Authentication Password Management Passwords Internet

Study reveals top 200 most common passwords

Security Affairs

NOVEMBER 20, 2021

Check password strength Check password strength – regularly assess your password health. Identify weak, reused, or old passwords and fortify your online security with new, complex ones. Use a password manager. SecurityAffairs – hacking, top-used passwords). Pierluigi Paganini.

Passwords

Passwords Data breaches Password Management Authentication

Vulnerabilities in the Jacuzzi SmartTub app could allow to access users’ data

Security Affairs

JUNE 24, 2022

To test the SmartTub the expert created an account using the app and testing it, such as adding the account password to the password manager and checking what website/URL should be associated with it. “After setting the password in my password manager, I went to the smarttub.io Pierluigi Paganini.

Password Management

Password Management Passwords Accountability Mobile

15 Cybersecurity Measures for the Cloud Era

Security Affairs

APRIL 8, 2022

Hackers can use password-cracking software to brute-force their way into your account if you use a weak password, so make sure yours is strong. Use a password manager. A password manager is a software application that helps you manage your passwords. Have an incident response plan.

Cybersecurity

Cybersecurity Passwords Penetration Testing Encryption

Personal data of 1.3 million Clubhouse users leaked online

Security Affairs

APRIL 11, 2021

Using a strong and unique password for each web service, a password manager could help you. Be vigilant on potential phishing messages that ask you to provide information. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. SecurityAffairs – hacking, Clubhouse).

Identity Theft

Identity Theft Phishing Password Management Media

Lastpass discloses the second security breach this year

Security Affairs

NOVEMBER 30, 2022

LastPass disclosed a new security breach, threat actors had access to its cloud storage using information stolen in the August 2022 breach. Password management solution LastPass disclosed a new security breach, the attackers had access to a third-party cloud storage service using information stolen in the August 2022 breach.

Architecture

Architecture Passwords Data breaches Password Management

The Challenges Facing the Passwordless Future

eSecurity Planet

SEPTEMBER 25, 2022

While big tech phases in new authentication solutions, Dashlane — a password manager used by more than 20,000 companies and more than 15 million users — made a full switch. Dashlane last month integrated passkeys into its cross-platform password manager. See the Top Password Managers.

Passwords

Passwords Password Management Authentication Technology

3 of the Worst Data Breaches in the World That Could Have Been Prevented

Security Affairs

DECEMBER 1, 2022

While no plaintext passwords or financial data was stolen, the hack did expose answers to security questions. All of that could’ve been avoided had SolarWinds implemented a strong password policy. Weak passwords are the easiest way hackers can hack into a system. SecurityAffairs – hacking, data breaches).

Data breaches

Data breaches Passwords Social Engineering Encryption

Cyber Security Awareness Month: Cyber tune-up checklist

Webroot

OCTOBER 1, 2024

billion people had their social security numbers and other personal information hacked , and all that stolen data ended up for sale on the dark web. Each of your passwords needs to incorporate numbers, symbols and capital letters, use at least 16 characters. It’s always safest to enter your passwords each time you log in.

Security Awareness

Security Awareness Backups Passwords Password Management

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

Security Affairs

MAY 13, 2024

.” To defend against ransomware campaign like this one, NJCCIC provided the following recommendations: Security Awareness Training : Engage in security awareness training to enhance defense mechanisms and recognize potential signs of malicious communications.

Phishing

Phishing Ransomware Security Awareness Authentication

Security Affairs newsletter Round 402 by Pierluigi Paganini

Security Affairs

JANUARY 15, 2023

Most internet-exposed Cacti servers exposed to hacking French CNIL fined Tiktok $5.4 Most internet-exposed Cacti servers exposed to hacking French CNIL fined Tiktok $5.4 SecurityAffairs – hacking, newsletter). The post Security Affairs newsletter Round 402 by Pierluigi Paganini appeared first on Security Affairs.

Small Business

Small Business Password Management Healthcare VPN

Russia-linked Turla APT uses new TinyTurla-NG backdoor to spy on Polish NGOs

Security Affairs

FEBRUARY 16, 2024

Turla operators used the scripts to exfiltrate keys used to secure the password databases of popular password management software. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Turla) The report includes indicators of compromise (IoCs).

Malware

Malware Password Management Passwords Hacking

A bug in Chrome Password Manager caused user credentials to disappear

Feds seized $23 million in crypto stolen using keys from LastPass breaches

Trending Sources

Bitwarden vs LastPass: Compare Top Password Managers

NortonLifeLock: threat actors breached Norton Password Manager accounts

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

Trend Micro addressed two DLL Hijacking flaws in Trend Micro Password Manager

Sweet Treats, Sour Breach: Cyberattack Hits Krispy Kreme

A flaw in LastPass password manager leaks credentials from previous site

International law enforcement operation dismantled RedLine and Meta infostealers

A supply chain attack compromised the update mechanism of Passwordstate Password Manager

New Windows Meduza Stealer targets tens of crypto wallets and password managers

Password Managers Under Attack, Shady Reward Apps on Google Play, Meta Account Center 2FA Bypass

10 Behaviors That Will Reduce Your Risk Online

U.S. Offers $10M bounty for info on RedLine malware creator and state hackers

Retail giant Home Depot agrees to a $17.5 million settlement over 2014 data breach

LastPass revealed that intruders had internal access for four days during the August hack

LastPass data breach: threat actors stole a portion of source code

LastPass hack caused by an unpatched Plex software on an employee’s PC

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

Nation-state actors hacked Red Cross exploiting a Zoho bug

LastPass investigated recent reports of blocked login attempts

The Hidden Cost of Ransomware: Wholesale Password Theft

New Version of Meduza Stealer Released in Dark Web

Zoho urges fixing a critical SQL Injection flaw in ManageEngine

Port of Houston was hit by an alleged state-sponsored attack

CISA adds Zoho ManageEngine flaw to its Known Exploited Vulnerabilities Catalog

RomCom RAT campaigns abuses popular brands like KeePass and SolarWinds NPM

Credential Flusher, understanding the threat and how to protect your login data

LastPass employee targeted via an audio deepfake call

Security Affairs newsletter Round 482 by Pierluigi Paganini – INTERNATIONAL EDITION

US CISA report shares details on web shells used by Iranian hackers

FBI, CISA, and CGCYBER warn of nation-state actors exploiting CVE-2021-40539 Zoho bug

Zoho warns of zero-day authentication bypass flaw actively exploited

Study reveals top 200 most common passwords

Vulnerabilities in the Jacuzzi SmartTub app could allow to access users’ data

15 Cybersecurity Measures for the Cloud Era

Personal data of 1.3 million Clubhouse users leaked online

Lastpass discloses the second security breach this year

The Challenges Facing the Passwordless Future

3 of the Worst Data Breaches in the World That Could Have Been Prevented

Cyber Security Awareness Month: Cyber tune-up checklist

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

Security Affairs newsletter Round 402 by Pierluigi Paganini

Russia-linked Turla APT uses new TinyTurla-NG backdoor to spy on Polish NGOs

Stay Connected