Security News

In this article, we walk you through how to set up and use KeePass. If you're using a different operating system, simply look for the appropriate download link under KeePass' Contributed/Unofficial KeePass Ports list.

The real impact of the cybersecurity poverty line on small organizationsIn this Help Net Security interview, Brent Deterding, CISO at Afni, delves into the realities and myths surrounding the cybersecurity poverty line, exploring the role of budget, knowledge, and leadership. Cisco IOS XE zero-day exploited by attackers to deliver implantA previously unknown vulnerability affecting networking devices running Cisco IOS XE software is being exploited by a threat actor to take control of the devices and install an implant, Cisco Talos researchers have warned today.

A Google Ads campaign was found pushing a fake KeePass download site that used Punycode to appear as the official domain of the KeePass password manager to distribute malware. Even worse, Google Ads can be abused to show the legitimate domain for Keepass in the advertisements, making the threat hard to spot even for more diligent and security-conscious users.

Users using Google to search for and download the KeePass password manager and the Notepad++ text editor may have inadvertently gotten saddled with malware, says Jérôme Segura, Director of Threat Intelligence at Malwarebytes. Malware peddlers have a number of clever tricks up their sleeve to make the malicious ads and the sites they lead to look legitimate.

KeePass has released version 2.54, fixing the CVE-2023-3278 vulnerability that allows the extraction of the cleartext master password from the application's memory.In May 2023, security researcher 'vdohney' disclosed a vulnerability and proof-of-concept exploit that allowed you to partially extract the cleartext KeepPass master password from a memory dump of the application.

Simply put, the CVE-2023-32784 vulnerability means that a KeePass master password might be recoverable from system data even after the KeyPass program has exited, because sufficient information about your password might get left behind in sytem swap or sleep files, where allocated system memory may end up saved for later. A long-term password leak in memory also means that the password could, in theory, be recovered from a memory dump of the KeyPass program, even if that dump was grabbed long after you'd typed the password in, and long after the KeePass itself had no more need to keep it around.

A proof-of-concept has been made available for a security flaw impacting the KeePass password manager that could be exploited to recover a victim's master password in cleartext under specific circumstances. "Apart from the first password character, it is mostly able to recover the password in plaintext," security researcher "Vdhoney," who discovered the flaw and devised a PoC, said.

Apple fixes WebKit 0-days under attackApple has released security updates for iOS and iPadOS, macOS, tvOS and watchOS, delivering fixes for many vulnerabilities but, most importantly, for CVE-2023-32409, a WebKit 0-day that "May have been actively exploited." Enhancing open source security: Insights from the OpenSSF on addressing key challengesIn this Help Net Security interview, we meet a prominent industry leader.

The popular KeePass password manager is vulnerable to extracting the master password from the application's memory, allowing attackers who compromise a device to retrieve the password even with the database is locked. This master password encrypts the KeePass password database, preventing it from being opened or read without first entering the password.

A vulnerability in the open-source password manager KeePass can be exploited to retrieve the master password from the software's memory, says the researcher who unearthed the flaw.The bad news is that the vulnerability is still unfixed and that a PoC exploitation tool - aptly named KeePass 2.X Master Password Dumper - is publicly available, but the good news is that the password can't be extracted remotely just by exploiting this flaw.