April 19, 2024 at 02:09PM A sophisticated phishing campaign targeting LastPass users successfully stole master passwords using a hands-on approach. The attackers posed as customer service representatives, guiding victims to a fake website to reset their account access. LastPass has taken action to protect its customers and is urging awareness and caution against spoofed communication … Read more
April 10, 2024 at 10:21AM Password reuse poses a significant cybersecurity risk for organizations. Despite strong password policies, end-users often prioritize convenience, leading to widespread reuse. This creates opportunities for hackers to exploit and gain unauthorized access to sensitive data. Addressing this issue requires a multi-faceted approach including user education, multi-factor authentication, password managers, and … Read more
December 9, 2023 at 11:20AM Researchers presented the AutoSpill attack, targeting Android password managers during the autofill process. It exploits weaknesses in WebView controls, potentially leaking account credentials to the invoking app. Multiple password managers were found susceptible, with vendors taking steps to address the issue. The attack highlights the need for improved security measures … Read more
December 6, 2023 at 03:51PM Researchers uncovered a vulnerability, called “AutoSpill,” in popular Android password managers that could allow malicious apps to steal credentials through WebView’s autofill feature. Despite raising awareness and contacting affected parties, some password managers and Google have yet to effectively address the issue. The researchers suggest that passkeys could ultimately resolve … Read more