How to avoid the latest LastPass Phishing Attack

Saturday, January 16th, 2016

Sean Cassidy discovered recently that the popular password manager LastPass is vulnerable to a  phishing attack that takes advantage of the way messages are displayed to users of the service. The method that he describes on his blog works in Google Chrome, and to a degree in Firefox as well. The main ...

Trend Micro password manager had remote command execution holes and dumped data to anyone

Tuesday, January 12th, 2016

A password management tool installed by default alongside Trend Micro AntiVirus was found vulnerable to remote code execution thanks to the work of Google's Project Zero security team. Discovered by Project Zero's Tavis Ormandy, the password tool was built using JavaScript and node.js, and started a local web server that would ...

Zero-Day Attack Compromises a Half-Million Web Forum Accounts

Wednesday, November 4th, 2015

Forum software-makers vBulletin and Foxit Software may have been breached by a hacker claiming to have made off with personal data belonging to some 479,895 users between the two. “Coldzer0” said in a post co-authored with @Cyber_War_News that he exploited the same zero-day vulnerability for both domains, and was able to ...

Apple CORED: Boffins reveal password-killer 0-days for iOS and OS X

Wednesday, June 17th, 2015

Six university researchers have revealed deadly zero-day flaws in Apple's iOS and OS X, claiming it is possible to crack Apple's password-storing keychain, break app sandboxes, and bypass its App Store security checks. Attackers can exploit these bugs to steal passwords from installed apps, including the native email client, without being ...

LastPass Hacked: what this means for you

Tuesday, June 16th, 2015

Online security company LastPass published an announcement yesterday on the official company blog that it detected and blocked suspicious activity on the company network. According to the information posted on the blog, the company did not find evidence that LastPass user accounts were accessed or user vault data was downloaded. The ...