Security News

A report released Monday by security advice site Security.org looks at why people rely on password managers. In a survey of 1,077 American adults conducted in November, Security.org asked people about their experience with cybercrime, how they track their passwords and their views of password managers.

Password managers are a near-defacto standard for organizations, with 86% reporting they are being put to use, according to a Bitwarden survey of over 400 U.S. IT decision makers across a wide range of industries. This reflects a 9% increase in the use of password managers over the past year.

A new campaign is prying apart a known security vulnerability in the Zoho ManageEngine ADSelfService Plus password manager, researchers warned over the weekend. The threat actors have managed to exploit the Zoho weakness in at least nine global entities across critical sectors so far, deploying the Godzilla webshell and exfiltrating data.

Password managers are a good way to keep your passwords unique, strong and safe. A password manager is still the best way that balances convenience and security-with a heavy tilt toward security.

A critical security vulnerability in the Zoho ManageEngine ADSelfService Plus platform could allow remote attackers to bypass authentication and have free rein across users' Active Directory and cloud accounts. The Zoho ManageEngine ADSelfService Plus is a self-service password management and single sign-on solution for AD and cloud apps, meaning that any cyberattacker able to take control of the platform would have multiple pivot points into both mission-critical apps and other parts of the corporate network via AD. It is, in other words, a powerful, highly privileged application which can act as a convenient point-of-entry to areas deep inside an enterprise's footprint for both users and attackers alike.

A vulnerability in the Kaspersky Password Manager resulted in the created passwords being weak enough to allow an attacker to brute-force them in seconds, a security researcher claims. Developed by Russian security firm Kaspersky, the Kaspersky Password Manager allows users not only to securely store passwords and documents, but also to generate passwords when needed.

Last year, Kaspersky Password Manager users got an alert telling them to update their weaker passwords. Three months later, a team from security consultancy Donjon found that KPM didn't manage either task particularly well - the software used a pseudo-random number generator that was insufficiently random to create strong passwords.

The password generator included in Kaspersky Password Manager had several problems. All the passwords it created could be bruteforced in seconds.

Jack Wallen installed 1Password on Linux and found it to be a fantastic solution for password management. Follow his tutorial on how to get this proprietary solution installed on your open source OS. This is a tricky proposition for some-an official 1Password client has been released for Linux.

Click Studios, the Australian software company behind the Passwordstate password management application, has notified customers to reset their passwords following a supply chain attack. "Manual Upgrades of Passwordstate are not compromised. Affected customers password records may have been harvested."