The Problem of Permissions and Non-Human Identities – Why Remediating Credentials Takes Longer Than You Think

November 18, 2024 at 09:00AM Research by GitGuardian and CyberArk reveals a rise in secrets leaks among IT decision-makers, with over 12.7 million hardcoded credentials exposed on GitHub. Organizations face lengthy remediation times and unclear ownership of security responsibilities. A shared responsibility model between developers and security teams could enhance credential management and reduce risks. … Read more

New Windows Themes zero-day gets free, unofficial patches

October 29, 2024 at 04:30PM Free unofficial micropatches are now available for a Windows Themes zero-day vulnerability that allows NTLM credential theft. Discovered by ACROS Security, this issue affects all updated Windows versions. Users can apply these patches through 0patch while awaiting official fixes from Microsoft, which plans to address the problem promptly. ### Meeting … Read more

Vulns in Android WebView, Password Managers Can Leak User Credentials

December 6, 2023 at 03:51PM Researchers uncovered a vulnerability, called “AutoSpill,” in popular Android password managers that could allow malicious apps to steal credentials through WebView’s autofill feature. Despite raising awareness and contacting affected parties, some password managers and Google have yet to effectively address the issue. The researchers suggest that passkeys could ultimately resolve … Read more