What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-01-31 15:08:03 | Journée du changement de mot de passe : 5 réflexes à adopter pour mieux se protéger ! (lien direct) |  Demain, le vendredi 1er février sera la journée officielle du changement de mot de passe. Alors que les piratages s'accumulent en grande partie à cause de mots de passe défectueux et aussi en libre-service sur Internet, LastPass, spécialiste dans la gestion de mots de passe dévoile les 5 bons réflexes à adopter pour inverser la tendance et se protéger au maximum. |
LastPass | ||
 |
2019-01-19 22:12:01 | Collection #1 Breach Comments (lien direct) | A security researcherdiscoveredmore than 772 million unique email address and over 21 million unique passwords were posted to a hacking forum. The data dump showcases the importance of having strong, unique passwords for every account. Expert Comments Below: Sandor Palfy, CTO at LastPass: “This Collection #1 data dump is yet another example indicating the importance … The ISBuzz Post: This Post Collection #1 Breach Comments | LastPass | ★★ | |
|
2019-01-07 20:16:01 | Sécurité autour des mots de passe : comment inculquer une prise de conscience en entreprise ? (lien direct) |  Le " Rapport mondial 2018 sur la sécurité des mots de passe " révèle qu'en moyenne, un employé partage six mots de passe avec ses collègues, démontrant ainsi que la gestion des mots de passe doit plus que jamais être mieux administrée. 50% des entreprises ne sécurisent pas les mots de passe. LastPass solution de […] |
LastPass | ||
 |
2018-11-29 12:04:05 | Smashing Security #106: Google Maps, Fed phishing, and Grinch bots (lien direct) |  How are scammers stealing your money through Google Maps? Why did the FBI create a fake FedEx website? And how are US senators hoping to stop Grinch bots ruining Christmas?
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.
And don't miss our special bonus interview about passwords with Rachael Stockton of LastPass.
|
FedEx LastPass | ||
 |
2018-11-26 18:21:03 | A week in security (November 19 – 25) (lien direct) |
A roundup of last week's security news from November 19–25, including a business email compromise attack, deep dive into DNA testing kits, and more troubles for Tesla.
Categories:
Security world
Week in security
Tags: AndroiddnaGoogle Playlastpassmalwarephishingroundupteslaweek in security
(Read more...)
|
Tesla LastPass | ||
 |
2018-11-19 14:00:00 | Is the Internet of Things Threatening Your Company\'s Security? (lien direct) |
The internet of things (IoT) is changing nearly every industry. Smart devices that can collect and process data, and even make decisions based on that data, though artificial intelligence promises to disrupt business as we know it for years to come.
However, there are some legitimate concerns. The more connected devices your company has, the more potential vulnerabilities are out there. As business owners we want to be able to access the data we collect through the IoT, but we also need to be able to protect that data, and we bear the responsibility for keeping that data secure.
This, like many areas of business, is a time for brutal honesty. If you have vulnerabilities, you need to fix them. You don’t want to be part of the headlines about companies who acted too late or not at all. Your security must adapt to the IoT, and it needs to do so now.
Is the internet of things threatening your company’s security? There are a few questions you will need to ask yourself and your IT department to truly determine the answer:
How do I know?
Most experts agree that the weakness in any network is the devices that make up the IoT. For example, if you have smart light bulbs in your home, they are likely controlled by a hub which not only provides you with more flexibility in controlling them, but also provides security so they do not become a weak point in your network.
This is why an intrusion detection system (IDS) is so important. Technologies from companies like AlienVault allow you to monitor for threats and even give you advice on how to prevent harm from them. Remember there is more than one area of vulnerability in any system. Cloud-based IDS, network IDS, and host-based IDS, along with file integrity management systems, are all essential parts of your strategy.
These alerts tell you there is an attack and can even reveal threats to you, which allows you to put remediation and prevention strategies in place. But what are the threats you should be aware of?
What are the threats?
Why don’t we have houses that are completely smart and controlled by IoT devices? What about our cars? Part of the reason is that a hacker with the right tools could potentially take over control of a house or even a connected car from the owner or driver. For example, the Bangladesh National Bank lost $81 million due to an IoT-based attack.
What are these types of attacks? There are actually several, and they mirror other types of cyberattacks.
Distributed Denial of Service (DDoS): Chrysler/Jeep was vulnerable to this type of attack. Essentially, control of devices or a system is taken by a hacker. Sometimes this comes with ransomware, where the owner or user has to pay to get that control back.
Malware: IoT devices can be used by an attacker to spread malware, sometimes to more than one devic |
Spam Tool Vulnerability | LastPass | |
|
2018-11-14 12:25:05 | Qui sont les e-commerçants les plus sûrs en France ? LastPass livre son classement 2018 (lien direct) |  A l'approche des fêtes de fin d'année, LastPass a mené une enquête pour répertorier les 10 sites de e-commerce les plus utilisés par les français afin de savoir lesquels étaient les plus sécurisés et ceux qui avaient encore des efforts à fournir. |
LastPass | ||
 |
2018-09-26 14:42:02 | Password managers can be tricked into believing that malicious Android apps are legitimate (lien direct) | Password managers from Keeper, Dashlane, LastPass, and 1Password found to be vulnerable, study finds. | LastPass | ||
|
2018-09-17 13:00:00 | People and Passwords (lien direct) |
In today's world, the Internet is a vast place filled with websites, services, and other content. Most content along with computers and other technology requires a password. The number of passwords a person has to know continues to grow. While it’s safe to say we use passwords to keep your accounts confidential, they can also be very frustrating and inconvenient to create and remember. The outcome is the use of simple, common passwords, same password on different accounts, and habits such as writing passwords.
Weak passwords are common
For example, reports from Techspot.com, Fortune.com, and USAToday.com show, that in 2017, passwords like 123456 and football were two of the top ten most used passwords. Why are such passwords still being used? They are easy to remember. People will often add weak passwords into simple variations where the alpha and number (numeric) strings combined with special characters. For instance, Football and 123456 become Football123456!, a memorable yet easily guessed password.
Current practices require complex passwords
Various companies have released their own best practices. Symantec’s how-to article, for instance, states a secure password is at least eight characters in length, has an uppercase, lowercase, and a number. Take [Football] for example. You can replace the “o” for a “0” and “a” for “@” resulting in F00tb@ll. Here, the updated password meets most policies enforced by many web applications such as Google and Outlook. It has an uppercase (F), a lowercase (tball), a number (00), a special character (@), and meets a minimum length of eight characters. Microsoft, however, takes this a step further in some of their guidelines. They state it must not be in the dictionary or incorporate the name of a person or computer. Guidelines such as those in place, demand a complex password. For example, W#T24.ro5*&F is complex yet painful to memorize.
There is a problem with difficult passwords
People, out of convenience and frustration, will try to circumvent password policies the mentioned. This becomes more prevalent as the policies get stricter. It is hard enough to remember a password like W#T24.ro5*&F. By the time you’ve memorized it, the time has come to change it and you can’t repeat the last 8 passwords. So what do people do? They add or change one or two characters (i.e. W#T24.ro5*&F turns into W#T24.ro5*&F1 or W#T24.ro5*&F123 and F00tb@ll turns into F00tb@ll123 or F00tb@ll321). While password expiration policies are arguably a best practice, they are not common outside an enterprise environment. Many websites, such as banks, do not require you to change your password regularly and those that do, might not have a decent policy on repeating passw |
Tool Guideline | LastPass | |
 |
2018-09-13 14:36:02 | LastPass intègre la saisie automatique des mots de passe sur les appareils iOS (lien direct) | LastPass, solution de LogMeIn annonce avoir mis à jour son application pour iOS, exploitant ainsi la nouvelle fonctionnalité iOS 12 permettant aux utilisateurs Apple de rentrer automatiquement leurs identifiants et leurs mots de passe directement au sein des applications et dans le navigateur Safari. Alors que la saisie automatique intégrée est actuellement disponible pour Android Oreo et les systèmes d'exploitation Android plus récents, les utilisateurs iOS n'ont désormais plus besoin de (...) - Produits | LastPass | ||
 |
2018-02-20 08:11:00 | LastPass enfin compatible avec le remplissage automatique d\'Oreo (lien direct) | Android 8.0 a introduit un nouveau mécanisme permettant aux applications de venir remplir automatiquement des champs de formulaires, dont les mots de passe. Une API pour en finir avec l'utilisation des technologies d'assistance, parfois vectri...Lire la suite | LastPass | ||
 |
2018-01-27 10:03:20 | Weekly Update 71 (Denmark Edition) (lien direct) | Presently sponsored by: LastPass: Effortless password security for your business. With 81% of breaches caused by passwords, failing to protect them could be costly.I'm in Denmark! Well I'm just in Denmark, I'm about to head out the hotel door and into 30 hours of travel which isn't exactly fun, but that's the nature of living on the other side of the world to pretty much everything. This week's update is a little late... | LastPass | ||
|
2018-01-24 17:27:07 | We\'re Doing an All New Series on Pluralsight: Creating a Security-centric Culture (lien direct) | Presently sponsored by: LastPass: Effortless password security for your business. With 81% of breaches caused by passwords, failing to protect them could be costly.Usually when we talk about information security, we're talking about the mechanics of how things work. The attacker broke into a system due to a reused password, there was SQL injection because queries weren't parameterised or the company got ransomware'd because they didn't patch their things. These are all good... | LastPass | ||
|
2018-01-19 10:54:25 | Weekly Update 70 (NDC London Edition) (lien direct) | Presently sponsored by: LastPass: Effortless password security for your business. With 81% of breaches caused by passwords, failing to protect them could be costly.It's NDC London! I'm pushing this week's update out a little later due to the different time zones and frankly, due to it being an absolutely non-stop week of events. I talk about those, about how I'm trying to tackle breach disclosures now and about some upcoming events. Next week... | LastPass | ||
|
2018-01-15 06:10:01 | Streamlining Data Breach Disclosures: A Step-by-Step Process (lien direct) | Presently sponsored by: LastPass: Effortless password security for your business. With 81% of breaches caused by passwords, failing to protect them could be costly.I don't know how many data breaches I'm sitting on that I'm yet to process. 100? 200? It's hard to tell because often I'm sent collections of multiple incidents in a single archive, often there's junk in there and often there's redundancy across those collections. All I really know is... | LastPass | ||
|
2018-01-09 17:27:23 | 3 règles pour renforcer la sécurité de votre entreprise (lien direct) | Bien que la sécurité des entreprises n'ait jamais été un paramètre aussi important qu'aujourd'hui, nombre d'entre elles continuent de laisser leurs données à la merci d'individus malintentionnés. |
LastPass | ||
|
2017-11-23 14:08:51 | Mots de passe en entreprises : Le rapport " The Password Exposé " de LastPass (lien direct) | Le rapport " The Password Exposé " de LastPass a compilé les données, de façon anonyme, de plus de 30 000 entreprises clientes pour en tirer des chiffres fiables sur la réalité des mots de passe en entreprise, et non pas en se basant simplement les déclarations des employés. |
LastPass | ||
 |
2017-10-09 10:31:20 | Nearly 80 per cent of IT executives lack control over password security in their organisations (lien direct) | >A new study from LastPass and Ovum reveals that despite the clear and present danger that weak passwords pose to organisations, many remain focused on implementing technology based on policy, not the user, to address the problem. More than half of IT executives surveyed rely on employees alone to monitor their own password behaviour, subsequently ... | LastPass | ||
 |
2017-06-02 07:23:48 | Buttercup – Un gestionnaire de mot de passe libre qui vaut le coup d\'oeil (lien direct) | Si vous cherchez un bon petit gestionnaire de mots de passe, qui ne soit pas 1password, Keepass, Dashlane ou Lastpass, je vous invite à jeter un oeil à ButterCup. Encore en beta, ce gestionnaire de mot de passe a la particularité d'être sous licence libre et d'être dispo pour Windows, Mac et Linux. Basé sur > Lire la suite Cet article merveilleux et sans aucun égal intitulé : Buttercup – Un gestionnaire de mot de passe libre qui vaut le coup d’oeil ; a été publié sur Korben, le seul site qui t'aime plus fort que tes parents. | LastPass | ||
 |
2017-05-24 14:25:21 | LastPass\'s new cloud backup option – sunny skies or a brewing storm? (lien direct) | Cloud backup for the password manager's Authenticator certainly reduces the hassle for users - but it's a security compromise |
LastPass | ||
|
2017-04-26 10:35:20 | More LastPass flaws: researcher pokes holes in 2FA (lien direct) | LastPass has been in the news again for another chink in its armour - though it has now been fixed, you'll be glad to hear |
LastPass | ||
|
2017-04-07 13:00:00 | Alien Eye in the Sky 7th April 2017 (lien direct) |
It's been an exciting week for sure in InfoSec. Here are some of the top stories I found:
1. New features in Open Threat Exchange (OTX)
The worlds largest open threat sharing platform has introduced some new tricks. There are many improvements, but perhaps one of the most interesting is the new adversary pages. Each adversary gets its own page and pulls together information from various sources.
Operation Cloud Hopper
Operation Cloud Hopper Pulse
2. Robbing banks
Cyberciminals apparently took control of a Brazilian Bank for five hours. During this time they intercepted all of its online banking, mobile, point of sale, ATM, and investment transactions. The attack made use of valid SSL digital certificates and Google Cloud.
Fileless banking malware attackers break in, cash out, disappear
More evidence N. Korea linked to Bangladesh heist
3. Password managers don’t have to be perfect
Troy Hunt weighs in on the LastPass issue and why despite these issues, the benefits of a password manager outweight the disadvantages.
Overall, this is an excellent point which many security professionals often lose sight of. Often, much time and many resources are spent in an attempt to get the perfect security solution, when in actual fact, “good enough” often is adequate.
How changing your Netflix password can save your marriage
4.Infrastructure diversity – Hunting in Shared Infrastructure
A really good read that also serves as a reminder to red teams not to fall into a rigid routine
Russian hackers have used the same backdoor for two decades
5. Explaining the broadband privacy bill
The average person remains somewhat confused around what the privacy bill is and what does it mean. Like what can your ISP track or not?
So JD wrote a letter to his family explaining it.
6. Don’t mess with your IoT provider
It’s not just cyber-criminals that are looking to hold your IoT devices to ransom. A customer purchased an IoT garage opener and wasn’t overly happy with it, so left a negative review. The result – the manufacturer blocked the device from accessi |
LastPass | ||
|
2017-04-04 08:23:27 | Password managers don\'t have to be perfect, they just have to be better than not having one (lien direct) | LastPass had an issue the other day, a rather nasty one by all accounts that under certain (undisclosed) circumstances, it looks like it could lead to someone's password (or possibly passwords) being disclosed by virtue of a remote code execution vulnerability. This is not a good thing - nobody wants | Guideline | LastPass | |
|
2017-03-30 13:28:40 | LastPass has a secret major vulnerability - and, as yet, there\'s no fix (lien direct) |  The popular password management firm LastPass is working to fix major vulnerability in its software, responsibly disclosed to it by a security researcher.
David Bisson reports.
|
LastPass | ||
|
2017-03-29 14:57:15 | Another hole opens up in LastPass that could take weeks to fix (lien direct) | New flaw affects version 4.x across all browsers and platforms - here's our advice on how to use LastPass safely while we wait for the fix |
LastPass | ||
 |
2017-03-28 19:06:20 | Potent LastPass exploit underscores the dark side of password managers (lien direct) | Developers are scrambling to fix flaw that allows theft, malicious code execution. | LastPass | ||
 |
2017-03-28 09:49:56 | LastPass is scrambling to fix another serious vulnerability (lien direct) | For the second time in two weeks developers of the popular LastPass password manager are working to fix a serious vulnerability that could allow malicious websites to steal user passwords or infect computers with malware.Like the LastPass flaws patched last week, the new issue was discovered and reported to LastPass by Tavis Ormandy, a researcher with Google's Project Zero team. The researcher revealed the vulnerability's existence in a message on Twitter, but didn't publish any technical details about it that could allow attackers to exploit it.To read this article in full or to leave a comment, please click here | LastPass | ||
 |
2017-03-28 08:47:17 | Google Researcher Finds New Flaw in LastPass (lien direct) | Google Project Zero researcher Tavis Ormandy has identified yet another serious vulnerability in the LastPass browser extension. The developers of the password manager are aware of the flaw and are working on a patch. | LastPass | ||
|
2017-03-27 15:00:47 | LastPass steps up quickly to fix vulnerabilities spotted by researchers (lien direct) | LastPass's response to being alerted to security flaws in its products is an example of the right attitude to fixing problems |
LastPass | ★★★★ | |
 |
2017-03-24 14:45:15 | Threatpost News Wrap, March 27, 2017 (lien direct) | The latest Wikileaks dump of Apple hacking tools, the LastPass vulnerabilities, and a new Android security report are discussed. | LastPass | ||
 |
2017-03-23 10:15:22 | LastPass releases fix browser extension security flaws (lien direct) | LastPass has been praised for its quick response in fixing flaws reported in browser extensions for its password manager | LastPass | ||
 |
2017-03-23 09:35:00 | LastPass Fixes Serious Security Flaw in Chrome, Firefox Extensions (lien direct) | Password manager LastPass creates a workaround for a serious vulnerability affecting browser extensions in Chrome, Firefox, and Microsoft Edge. | LastPass | ||
|
2017-03-22 15:08:08 | LastPass Fixes Three Password Theft Vulnerabilities (lien direct) | LastPass has fixed three bugs in the password manager discovered by Google research Tavis Ormandy in the last 24 hours. | LastPass | ||
|
2017-03-22 14:21:49 | LastPass fixes serious password leak vulnerabilities (lien direct) | Developers of the popular LastPass password manager rushed to push out a fix to solve a serious vulnerability that could have allowed attackers to steal users' passwords or execute malicious code on their computers.The vulnerability was discovered by Google security researcher Tavis Ormandy and was reported to LastPass on Monday. It affected the browser extensions installed by the service's users for Google Chrome, Mozilla Firefox and Microsoft Edge.According to a description in the Google Project Zero bug tracker, the vulnerability could have given attackers access to internal commands inside the LastPass extension. Those are the commands used by the extension to copy passwords or fill in web forms using information stored in the user's secure vault.To read this article in full or to leave a comment, please click here | LastPass | ||
|
2017-03-22 09:39:20 | LastPass Flaws Allow Hackers to Steal Passwords (lien direct) | Critical vulnerabilities found in the Chrome and Firefox extensions of the LastPass password manager can be exploited to steal passwords, warned Google Project Zero researcher Tavis Ormandy. The expert has discovered several flaws, but only one of them appears to have been patched by LastPass developers. | LastPass | ||
 |
2017-03-22 07:21:30 | Festival de failles critiques chez LastPass, le gestionnaire de mots de passe (lien direct) | Google Project Zero a mis la main, coup sur coup, sur des bugs permettant de voler les mots de passe des utilisateurs, voire exécuter du code malveillant à distance sur leurs machines. Tout a depuis été corrigé.  |
LastPass | ||
|
2017-03-22 07:15:00 | Stop using password manager browser extensions (lien direct) | It's been over a year since I presented on LostPass at ShmooCon, and in that time, many more bugs have been found in password managers. The most severe of which are in browser-based password managers extensions such as LastPass. Tavis Ormandy yesterday demonstrated a remote code execution on the latest LastPass version. This isn't the first extremely severe bug he's found in LastPass, either; there've been so many extremely severe bugs in LastPass it would be tedious to list them out. But LastPass isn't alone: Keeper, Dashlane and even 1Password have had severe vulnerabilities that allowed attackers to steal all of the passwords in a user's account without their knowledge.To read this article in full or to leave a comment, please click here | LastPass | ||
 |
2017-03-22 05:28:59 | LastPass Bugs Allow Malicious Websites to Steal Passwords (lien direct) | LastPass says it patched one of two separate bugs that affected its Chrome and Firefox browser extensions, which if exploited, would have allowed a third-party to extract passwords from users visiting a malicious website. [...] | LastPass | ★★★★ | |
 |
2016-11-09 20:03:12 | LastPass: The smart person\'s guide (lien direct) | This comprehensive guide covers everything you need to know about password management app LastPass, including its newly announced free cross-platform access. | LastPass | ||
|
2016-11-03 09:50:00 | LastPass Offers Free Password Sync Across Devices (lien direct) | The new scheme will allow LastPass to be synced on all Internet-enabled mobile and desktop devices. | LastPass | ||
|
2016-11-03 08:00:00 | LastPass Is Now Free for Everyone, on Any Device (lien direct) | [...] | LastPass | ★★★ | |
|
2016-11-02 13:04:03 | LastPass brings free password management to all your devices (lien direct) | The company's free password manager is no longer locked to only one device you own. | LastPass | ||
|
2016-10-18 07:30:39 | EnPass, le gestionnaire de mots de passe, disponible en version portable (lien direct) | En septembre l'année dernière, je vous présentais EnPass, un gestionnaire de mot de passe semblable à Keepass, c'est-à-dire qu'il fonctionne avec une base de données locale uniquement, chiffrée avec de l'AES 256. D'un côté, c'est top si vous ne voulez pas mettre votre base de mots de passe en ligne comme avec un Lastpass ou > Lire la suite Cet article merveilleux et sans aucun égal intitulé : EnPass, le gestionnaire de mots de passe, disponible en version portable ; a été publié sur Korben, le seul site qui t'aime plus fort que tes parents. | LastPass | ||
|
2016-08-10 13:44:52 | LastPass – Mise à jour d\'Authenticator avec authentification à deux facteurs (lien direct) |  LastPass, éditeur du plus célèbre gestionnaire de mots de passe, présente la nouvelle version de LastPass Authenticator, son application gratuite d'authentification à deux facteurs (2FA). |
LastPass | ||
|
2016-07-29 14:45:04 | Threatpost News Wrap, July 29, 2016 (lien direct) | Mike Mimoso and Chris Brook discuss the news of the week, including a wireless keyboard vulnerability - KeySniffer, NIST's statement on 2FA, a LastPass remote compromise bug, and a new Tor paper. | LastPass | ||
|
2016-07-28 12:58:02 | LastPass Patches Ormandy Remote Compromise Flaw (lien direct) | LastPass has patched a vulnerability in its Firefox add-on that allows attackers complete remote compromise of the password manager | LastPass | ||
|
2016-07-28 08:03:56 | LastPass Rushes to Patch Flaw That Exposed User Passwords (lien direct) | It took the developers of the popular password manager LastPass just a few hours to patch a critical vulnerability that could have been exploited to hack the application and gain access to users' passwords. | LastPass | ||
|
2016-07-27 12:47:06 | LastPass password manager “zero-day” bug hits the news (lien direct) | A serious security vulnerability has been reported in popular password manager LastPass... should you be worried? |
LastPass | ★★★★ | |
|
2016-07-27 12:44:57 | LastPass, une faille zero day menace tous les comptes de ce gestionnaire de mots de passe (lien direct) | Un chercheur en sécurité de Google a débusqué une série de faille dont une très critique dans le très populaire service de gestion de mots de passe. Un rapport a été envoyé aux ingénieurs de LastPass. On ne sait pas si la faille est déjà utilisée.  |
LastPass | ||
|
2016-07-27 11:50:43 | LastPass security hole could have seen hackers steal your passwords (lien direct) | Mathias Karlsson, a security researcher at Detectify Labs, writes:Stealing all your passwords by just visiting a webpage. Sounds too bad to be true? That's what I thought too before I decided to check out the security of the LastPass browser extension.In his article, Karlsson explains how he was able to trick LastPass into believing that it was on the real Twitter website, and cough up the users' credentials because of a bug in the LastPass password manager's autofill functionality.The same technique could have been used to steal passwords associated with other websites.Yeuch!The good news is that Karlsson believes in responsible disclosure, and so informed LastPass of the problem. In more good news LastPass fixed the issue in less than a day (and awarded Karlsson a $1,000 bug bounty for his efforts).Karlsson recommends that LastPass users disable the autofill functionality and enable multi-factor authentication for better security.Although his discovery is troubling, I agree with Karlsson when he points out that using a password manager is still better than reusing passwords on different websites.PS. Well-known vulnerability researcher Tavis Ormandy has also tweeted overnight that he has also found a flaw in LastPass. Details have not yet been made public, and LastPass is reportedly working with him on resolving the issue.PPS. Readers with good memories will recall that LastPass was acquired by LogMeIn last year to the concern of some. Overnight it has been announced that LogMeIn is itself being acquired by Citrix. | LastPass |
To see everything:
Our RSS (filtrered)
