This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-06-01T22:58:52+00:00 www.secnews.physaphae.fr TechRepublic - Security News US Take advantage of this limited-time offer on LastPass. A LastPass Premium membership is now available for only $2 per month. ]]> 2022-10-13T09:15:34+00:00 https://www.techrepublic.com/article/lastpass-premium-discount/ www.secnews.physaphae.fr/article.php?IdArticle=7431338 False None LastPass None Naked Security - Blog sophos 2022-09-19T16:59:05+00:00 https://nakedsecurity.sophos.com/2022/09/19/lastpass-source-code-breach-incident-response-report-released/ www.secnews.physaphae.fr/article.php?IdArticle=7003919 False Data Breach LastPass None SecurityWeek - Security News 2022-09-19T10:47:33+00:00 https://www.securityweek.com/lastpass-found-no-code-injection-attempts-following-august-data-breach www.secnews.physaphae.fr/article.php?IdArticle=7001778 False Data Breach LastPass None Security Affairs - Blog Secu The Password management solution LastPass revealed that the threat actors had access to its systems for four days during the August hack. Password management solution LastPass shared more details about the security breach that the company suffered in August 2022. The company revealed that the threat actor had access to its network for four days […] ]]> 2022-09-17T18:11:10+00:00 https://securityaffairs.co/wordpress/135869/hacking/lastpass-august-hack-notice.html www.secnews.physaphae.fr/article.php?IdArticle=6960731 False Hack,Threat LastPass None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-09-17T08:17:00+00:00 https://thehackernews.com/2022/09/hackers-had-access-to-lastpasss.html www.secnews.physaphae.fr/article.php?IdArticle=6944550 False Threat LastPass None Bleeping Computer - Magazine Américain 2022-09-16T15:30:30+00:00 https://www.bleepingcomputer.com/news/security/lastpass-says-hackers-had-internal-access-for-four-days/ www.secnews.physaphae.fr/article.php?IdArticle=6936027 False None LastPass None Naked Security - Blog sophos 2022-09-01T16:55:43+00:00 https://nakedsecurity.sophos.com/2022/09/01/s3-ep98-the-lastpass-saga-should-we-stop-using-password-managers-audio-text/ www.secnews.physaphae.fr/article.php?IdArticle=6667674 False None LastPass None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence LastPass Hackers Stole Source Code (published: August 26, 2022) In August 2022, an unidentified threat actor gained access to portions of the password management giant LastPass development environment. LastPass informed that it happened through a single compromised developer account and the attacker took portions of source code and some proprietary LastPass technical information. The company claims that this incident did not affect customer data or encrypted password vaults. Analyst Comment: This incident doesn’t seem to have an immediate impact on LastPass users. Still, organizations relying on LastPass should raise the concern in their risk assessment since “white-box hacking” (when source code of the attacking system is known) is easier for threat actors. Organizations providing public-facing software should take maximum measures to block threat actors from their development environment and establish robust and transparent security protocols and practices with all third parties involved in their code development. Tags: LastPass, Password manager, Data breach, Source code Mercury Leveraging Log4j 2 Vulnerabilities in Unpatched Systems to Target Israeli (published: August 25, 2022) Starting in July 2022, a new campaign by Iran-sponsored group Static Kitten (Mercury, MuddyWater) was detected targeting Israeli organizations. Microsoft researchers detected that this campaign was leveraging exploitation of Log4j 2 vulnerabilities (CVE-2021-45046 and CVE-2021-44228) in SysAid applications (IT management tools). For persistence Static Kitten was dropping webshells, creating local administrator accounts, stealing credentials, and adding their tools in the startup folders and autostart extensibility point (ASEP) registry keys. Overall the group was heavily using various open-source and built-in operating system tools: eHorus remote management software, Ligolo reverse tunneling tool, Mimikatz credential theft tool, PowerShell programs, RemCom remote service, Venom proxy tool, and Windows Management Instrumentation (WMI). Analyst Comment: Network defenders should monitor for alerts related to web shell threats, suspicious RDP sessions, ASEP registry anomaly, and suspicious account creation. Similarly, SysAid users can monitor for webshells and abnormal processes related to SysAisServer instance. Even though Static Kitten was observed leveraging the Log4Shell vulnerabilities in the past (targeting VMware apps), most of their attacks still start with spearphishing, often from a compromised email account. MITRE ATT&CK: [MITRE ATT&CK] Exploit Public-Facing Application - T1190 | [MITRE ATT&CK] OS Credential Dumping - T1003 | [MITRE ATT&CK] Phishing - T1566 | ]]> 2022-08-30T15:01:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-first-real-life-video-spoofing-attack-magicweb-backdoors-via-non-standard-key-identifier-lockbit-ransomware-blames-victim-for-ddosing-back-and-more www.secnews.physaphae.fr/article.php?IdArticle=6626943 False Ransomware,Hack,Tool,Vulnerability,Threat,Guideline,Cloud APT 29,APT 37,LastPass None Global Security Mag - Site de news francais Malwares]]> 2022-08-30T14:57:52+00:00 http://www.globalsecuritymag.fr/LastPass-code-source-derobe,20220830,129305.html www.secnews.physaphae.fr/article.php?IdArticle=6626851 False None LastPass None ComputerWeekly - Computer Magazine 2022-08-30T08:15:00+00:00 https://www.computerweekly.com/news/252524346/LastPass-breach-limited-in-scale-and-well-managed-say-experts www.secnews.physaphae.fr/article.php?IdArticle=6624898 False None LastPass None InformationSecurityBuzzNews - Site de News Securite 2022-08-29T20:48:52+00:00 https://informationsecuritybuzz.com/expert-comments/password-manager-with-25-million-users-confirms-breach-expert-weighs-in/ www.secnews.physaphae.fr/article.php?IdArticle=6616016 False Guideline LastPass None Naked Security - Blog sophos 2022-08-29T16:59:25+00:00 https://nakedsecurity.sophos.com/2022/08/29/lastpass-source-code-breach-do-we-still-recommend-password-managers/ www.secnews.physaphae.fr/article.php?IdArticle=6614221 False None LastPass None Ars Technica - Risk Assessment Security Hacktivism 2022-08-26T19:54:39+00:00 https://arstechnica.com/?p=1876496 www.secnews.physaphae.fr/article.php?IdArticle=6551654 False Hack LastPass None Dark Reading - Informationweek Branch 2022-08-26T17:37:45+00:00 https://www.darkreading.com/cloud/lastpass-data-breach-source-code-stolen www.secnews.physaphae.fr/article.php?IdArticle=6548130 False None LastPass None Silicon - Site de News Francais 2022-08-26T15:58:34+00:00 https://www.silicon.fr/lastpass-alerte-cyber-445620.html www.secnews.physaphae.fr/article.php?IdArticle=6549407 False None LastPass None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-08-26T14:40:00+00:00 https://thehackernews.com/2022/08/hackers-breach-lastpass-developer.html www.secnews.physaphae.fr/article.php?IdArticle=6539990 False None LastPass None The State of Security - Magazine Américain Read More ]]> 2022-08-26T14:03:07+00:00 https://www.tripwire.com/state-of-security/security-data-protection/lastpass-attackers-steal-source-code-no-password-compromise/ www.secnews.physaphae.fr/article.php?IdArticle=6544957 False None LastPass None CSO - CSO Daily Dashboard a company blog post.Toubba explained that the master passwords of the company's users are protected by a zero-knowledge architecture, which prevents LastPass from knowing or accessing those passwords.To read this article in full, please click here]]> 2022-08-26T13:34:00+00:00 https://www.csoonline.com/article/3671152/password-manager-lastpass-reveals-intrusion-into-development-system.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=6551480 False None LastPass None Malwarebytes Labs - MalwarebytesLabs Categories: NewsTags: LastPass Tags: source code Tags: MFA Tags: random Tags: password manager LastPass let the public know that an unauthorized party gained access to portions of the LastPass development environment (Read more...) ]]> 2022-08-26T10:00:00+00:00 https://www.malwarebytes.com/blog/news/2022/08/source-code-of-password-manager-lastpass-stolen-by-attacker www.secnews.physaphae.fr/article.php?IdArticle=6554955 False None LastPass None InfoSecurity Mag - InfoSecurity Magazine 2022-08-26T08:30:00+00:00 https://www.infosecurity-magazine.com/news/lastpass-hackers-stole-source-code/ www.secnews.physaphae.fr/article.php?IdArticle=6539179 False None LastPass None Security Affairs - Blog Secu Password management software firm LastPass has suffered a data breach, threat actors have stole source code and other data. Password management software firm LastPass disclosed a security breach, threat actors had access to portions of the company development environment through a single compromised developer account and stole portions of source code and some proprietary technical […] ]]> 2022-08-25T23:18:15+00:00 https://securityaffairs.co/wordpress/134858/data-breach/lastpass-data-breach.html www.secnews.physaphae.fr/article.php?IdArticle=6529872 False Threat LastPass None SecurityWeek - Security News 2022-08-25T20:05:19+00:00 https://www.securityweek.com/lastpass-says-source-code-stolen-data-breach www.secnews.physaphae.fr/article.php?IdArticle=6526818 False Data Breach LastPass None Bleeping Computer - Magazine Américain 2022-08-25T16:59:05+00:00 https://www.bleepingcomputer.com/news/security/lastpass-developer-systems-hacked-to-steal-source-code/ www.secnews.physaphae.fr/article.php?IdArticle=6526934 False Threat LastPass None TechRepublic - Security News US Transferring data between password managers is a serious undertaking. Learn how to safely transfer data from LastPass to 1Password. ]]> 2022-06-28T17:41:21+00:00 https://www.techrepublic.com/article/how-to-transfer-data-from-lastpass-to-1password/ www.secnews.physaphae.fr/article.php?IdArticle=5434969 False None LastPass None TechRepublic - Security News US Jack Wallen walks you through the process of migrating your password vault from LastPass to Bitwarden. ]]> 2022-06-27T13:54:30+00:00 https://www.techrepublic.com/article/transfer-lastpass-bitwarden/ www.secnews.physaphae.fr/article.php?IdArticle=5419117 False None LastPass None TechRepublic - Security News US LastPass and Dashlane are both password managers, but they do things differently. Here's how to transfer passwords from one to the other. ]]> 2022-06-23T18:35:50+00:00 https://www.techrepublic.com/article/transfer-passwords-lastpass-dashlane/ www.secnews.physaphae.fr/article.php?IdArticle=5345809 False None LastPass None TechRepublic - Security News US If you're like most people, you may become overwhelmed by the number of passwords created, used and remembered in your everyday life. Password managers like Bitwarden and LastPass make those tasks easier. ]]> 2022-06-10T13:35:14+00:00 https://www.techrepublic.com/article/bitwarden-vs-lastpass/ www.secnews.physaphae.fr/article.php?IdArticle=5076229 False None LastPass None TechRepublic - Security News US Compare key features of password managers Keeper and LastPass, including zero trust and user authentication capabilities. ]]> 2022-06-03T17:21:33+00:00 https://www.techrepublic.com/article/keeper-vs-lastpass/ www.secnews.physaphae.fr/article.php?IdArticle=4955410 False None LastPass None InformationSecurityBuzzNews - Site de News Securite 2022-02-23T13:27:48+00:00 https://informationsecuritybuzz.com/study-research/identity-and-access-management-survey-finds-45-of-organisations-have-deployed-an-enterprise-password-management-solution/ www.secnews.physaphae.fr/article.php?IdArticle=4171686 False Guideline LastPass None TechRepublic - Security News US 2022-01-20T17:00:01+00:00 https://www.techrepublic.com/article/secure-your-passwords-and-access-them-anywhere-with-lastpass/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=4004345 False None LastPass None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Fintech Firm Hit by Log4j Hack Refuses to Pay $5 Million Ransom (published: December 29, 2021) The Vietnamese crypto trading, ONUS, was breached by unknown threat actor(s) by exploiting the Log4Shell (CVE-2021-44228) vulnerability between December 11 and 13. The exploited target was an AWS server running Cyclos, which is a point-of-sale software provider, and the server was only intended for sandbox purposes. Actors were then able to steal information via the misconfigured AWS S3 buckets containing information on approximately two million customers. Threat actors then attempted to extort five million dollars (USD). Analyst Comment: Although Cyclos issued a warning to patch on December 13, the threat actors had already gained illicit access. Even though Log4Shell provided initial access to the compromised server, it was the misconfigured buckets the actors took advantage of to steal data. MITRE ATT&CK: [MITRE ATT&CK] Exploitation for Client Execution - T1203 Tags: ONUS, Log4Shell, CVE-2021-44228, Strategically Aged Domain Detection: Capture APT Attacks With DNS Traffic Trends (published: December 29, 2021) Palo Alto Networks Unit42 researchers have published a report based on their tracking of strategically-aged malicious domains (registered but not used until a specific time) and their domain generation algorithm (DGA) created subdomains. Researchers found two Pegasus spyware command and control domains that were registered in 2019 and were not active until July 2021. A phishing campaign using DGA subdomains that were similar to those used during the SolarWinds supply chain attack was also identified. Analyst Comment: Monitor your networks for abnormal DNS requests, and have bandwidth limitations in place, if possible, to prevent numerous connections to DGA domains. Knowing which DGAs are most active in the wild will allow you to build a proactive defense by detecting any DGA that is in use. Anomali can detect DGA algorithms used by malware to assist in defending against these types of threats. MITRE ATT&CK: [MITRE ATT&CK] Dynamic Resolution - T1568 | [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] Application Layer Protocol - T1071 Tags: DGA , Pegasus, Phishing Implant.ARM.iLOBleed.a (published: December 28, 2021) Amnpardaz researchers discovered a new rootkit that has been targeting Hewlett-Packard Enterprise’s Integrated Lights-Out (iLO) server managemen]]> 2022-01-05T19:55:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-5-million-breach-extortion-apts-using-dga-subdomains-cyberespionage-group-incorporates-a-new-tool-and-more www.secnews.physaphae.fr/article.php?IdArticle=3928542 False Malware,Hack,Tool,Vulnerability,Threat LastPass None SecurityWeek - Security News 2021-12-29T17:44:14+00:00 https://www.securityweek.com/lastpass-automated-warnings-linked-%E2%80%98credential-stuffing%E2%80%99-attack www.secnews.physaphae.fr/article.php?IdArticle=3904963 False None LastPass 3.0000000000000000 Security Affairs - Blog Secu 2021-12-28T21:52:55+00:00 https://securityaffairs.co/wordpress/126116/hacking/lastpass-hacking-attempts.html?utm_source=rss&utm_medium=rss&utm_campaign=lastpass-hacking-attempts www.secnews.physaphae.fr/article.php?IdArticle=3900628 False Threat LastPass None Bleeping Computer - Magazine Américain 2021-12-28T12:27:44+00:00 https://www.bleepingcomputer.com/news/security/lastpass-users-warned-their-master-passwords-are-compromised/ www.secnews.physaphae.fr/article.php?IdArticle=3899528 False None LastPass None InfoSecurity Mag - InfoSecurity Magazine 2021-12-14T19:09:00+00:00 https://www.infosecurity-magazine.com/news/lastpass-to-become-standalone/ www.secnews.physaphae.fr/article.php?IdArticle=3795724 False None LastPass 5.0000000000000000 AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Lastpass survey, US employees working in mid-sized corporate businesses must manage approximately 75 passwords for work. Unsurprisingly, employees recycle passwords 13 times on average. In other words, employees are using the same passwords over and over. And in many cases, especially for corporate applications and resources that lack strong password requirements, some passwords just aren’t strong enough. Cybercriminals know this, and it’s why breaches happen. If hackers get access to your trusted data, the ramifications can be dire. The costs of a data breach go well beyond financial, and include damage to your company’s brand, trust and reputation. Why do we need stronger and longer passwords? As malware, phishing, and ransomware continue to skyrocket, we must understand that the password is the primary method for attackers to gain access to corporate systems.  Phishing passwords may be the easiest method, but passwords can also be cracked. The stronger the password, the harder it is for cybercriminals to decode. In a typical attack—the brute force password attack—attackers will use software that quickly attempts every possible password combination of numbers, letters, and symbols. These software programs get better as computing power increases. For example, an eight-character strong password was not long ago considered secure and difficult to crack. Today, it can be cracked in eight hours. But if we tack on two more characters to make it ten-character, cracking the password can take approximately five years.  Why do we need unique passwords for every login? As mentioned above, phishing is one of the simplest ways for hackers to steal our passwords. If you think your company has been victimized by phishing, malware, or ransomware, perhaps you’ve taken steps to reset those passwords. But the security risk here is if employees are using the same passwords for different apps, sites or resources. Have you heard about credential stuffing? With credential stuffing, attackers take username and password combinations they already know (which have been stolen or paid for on the dark web) and try them everywhere they can. Use of credential stuffing is escalating, and businesses of all sizes should take note. This type of attack is only successful if and when employees use the same password for different logins. What about password managers? Managing all those passwords doesn’t have to be complicated. A password management system is software that keeps an up-to-date list of all your passwords and logins, using a master password to access the password “vault”. That master password is the only one you need to remember. What if a hacker accesses your vault? Isn’t that riskier? Sure, there is undoubtedly an element of risk, but it’s critical to think in terms of relative safety. As a general rule, using some type of password ]]> 2021-05-06T10:00:00+00:00 https://feeds.feedblitz.com/~/651048994/0/alienvault-blogs~Password-security-tips-and-best-practices-for-enterprises www.secnews.physaphae.fr/article.php?IdArticle=2745384 False Ransomware,Data Breach,Hack LastPass None TechRepublic - Security News US 2021-04-08T13:33:11+00:00 https://www.techrepublic.com/article/how-password-anxiety-is-impacting-individuals-and-organizations/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=2605045 False None LastPass None Wired Threat Level - Security News 2021-03-13T13:00:00+00:00 https://www.wired.com/story/lastpass-how-to-export-your-data-and-leave www.secnews.physaphae.fr/article.php?IdArticle=2478937 False None LastPass None TroyHunt - Blog Security 2021-03-08T16:04:42+00:00 https://arstechnica.com/?p=1747845 www.secnews.physaphae.fr/article.php?IdArticle=2452188 False None LastPass None We Live Security - Editeur Logiciel Antivirus ESET 2021-03-01T16:21:48+00:00 http://feedproxy.google.com/~r/eset/blog/~3/NuAoUl1QKpA/ www.secnews.physaphae.fr/article.php?IdArticle=2421115 False None LastPass None 01net. Actualites - Securite - Magazine Francais ]]> 2021-02-26T03:29:00+00:00 https://www.01net.com/actualites/lastpass-l-appli-android-du-gestionnaire-de-mots-de-passe-vous-espionne-a-votre-insu-2036172.html www.secnews.physaphae.fr/article.php?IdArticle=2404087 False None LastPass None TechRepublic - Security News US 2021-02-22T14:07:14+00:00 https://www.techrepublic.com/article/free-password-manager-alternatives-to-lastpass/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=2382670 False None LastPass None Wired Threat Level - Security News 2021-02-20T15:21:52+00:00 https://www.wired.com/story/site-tracking-favicons-clubhouse-right-to-repair-security-news www.secnews.physaphae.fr/article.php?IdArticle=2376386 False None LastPass None TechRepublic - Security News US 2021-02-17T21:23:00+00:00 https://www.techrepublic.com/article/lastpass-the-smart-persons-guide/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=2362822 False None LastPass None 01net. Actualites - Securite - Magazine Francais ]]> 2021-02-17T08:11:25+00:00 https://www.01net.com/actualites/lastpass-limite-l-usage-gratuit-de-son-gestionnaire-de-mots-de-passe-2035132.html www.secnews.physaphae.fr/article.php?IdArticle=2359261 False None LastPass None Bleeping Computer - Magazine Américain 2021-02-16T10:57:08+00:00 https://www.bleepingcomputer.com/news/security/lastpass-free-to-force-users-to-choose-between-mobile-desktop/ www.secnews.physaphae.fr/article.php?IdArticle=2355815 False None LastPass None The Security Ledger - Blog Sécurité Read the whole entry...  _!fbztxtlnk!_ https://feeds.feedblitz.com/~/641211904/0/thesecurityledger -->» ]]> 2021-01-08T17:13:04+00:00 https://feeds.feedblitz.com/~/641211904/0/thesecurityledger~Episode-COVID%e2%80%99s-Other-Legacy-Data-Theft-and-Enterprise-Insecurity/ www.secnews.physaphae.fr/article.php?IdArticle=2159663 False None LastPass None The Security Ledger - Blog Sécurité Episode 197: The Russia Hack Is A 5 Alarm Fire | Also: Shoppers Beware!]]> 2020-12-18T17:55:57+00:00 https://feeds.feedblitz.com/~/640470266/0/thesecurityledger~Episode-The-Russia-Hack-Is-A-Alarm-Fire-Also-Shoppers-Beware/ www.secnews.physaphae.fr/article.php?IdArticle=2110852 False Hack LastPass None Graham Cluley - Blog Security 2020-11-05T10:20:09+00:00 https://grahamcluley.com/smashing-security-podcast-203/ www.secnews.physaphae.fr/article.php?IdArticle=2016909 False None LastPass None Graham Cluley - Blog Security 2020-10-29T12:00:03+00:00 https://grahamcluley.com/smashing-security-podcast-202-the-wu-tang-clan-are-among-us/ www.secnews.physaphae.fr/article.php?IdArticle=2002047 False None LastPass None The Security Ledger - Blog Sécurité Read the whole entry...  _!fbztxtlnk!_ https://feeds.feedblitz.com/~/636683234/0/thesecurityledger -->» ]]> 2020-10-11T18:30:06+00:00 https://feeds.feedblitz.com/~/636683234/0/thesecurityledger~Episode-Years-CVEs-Also-COVIDs-Lasting-Security-Lessons/ www.secnews.physaphae.fr/article.php?IdArticle=1970114 False None LastPass None TechRepublic - Security News US 2020-10-01T13:47:07+00:00 https://www.techrepublic.com/article/how-organizations-can-reduce-their-reliance-on-passwords/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=1950234 False None LastPass None The Security Ledger - Blog Sécurité Read the whole entry...  _!fbztxtlnk!_ https://feeds.feedblitz.com/~/634092054/0/thesecurityledger -->» ]]> 2020-08-21T14:33:26+00:00 https://feeds.feedblitz.com/~/634092054/0/thesecurityledger~Episode-Crowdsourcing-Surveillance-with-Flock-Safety/ www.secnews.physaphae.fr/article.php?IdArticle=1874574 False None LastPass None The Security Ledger - Blog Sécurité The Essential Role of IAM in Remote Work]]> 2020-08-10T12:00:00+00:00 https://feeds.feedblitz.com/~/633088716/0/thesecurityledger~The-Essential-Role-of-IAM-in-Remote-Work/ www.secnews.physaphae.fr/article.php?IdArticle=1851780 False None LastPass None InformationSecurityBuzzNews - Site de News Securite LogMeIn Introduces New LastPass Security Dashboard and Dark Web Monitoring, Delivering a Complete Command Center for Managing Digital Security]]> 2020-08-07T08:17:12+00:00 https://www.informationsecuritybuzz.com/news/logmein-introduces-new-lastpass-security-dashboard-and-dark-web-monitoring-delivering-a-complete-command-center-for-managing-digital-security/ www.secnews.physaphae.fr/article.php?IdArticle=1846682 False None LastPass None The Security Ledger - Blog Sécurité What’s Good IAM? The Answer may depend on your Industry]]> 2020-06-23T15:26:00+00:00 https://feeds.feedblitz.com/~/631261306/0/thesecurityledger~Whats-Good-IAM-The-Answer-may-depend-on-your-Industry/ www.secnews.physaphae.fr/article.php?IdArticle=1821607 False None LastPass None TechRepublic - Security News US 2020-05-20T15:35:40+00:00 https://www.techrepublic.com/article/new-phishing-campaign-impersonates-logmein-to-steal-user-credentials/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=1720882 False None LastPass None The Security Ledger - Blog Sécurité New LastPass report finds consumer behavior affects the workplace appeared first...Read the whole entry...  _!fbztxtlnk!_ https://feeds.feedblitz.com/~/624566779/0/thesecurityledger -->»]]> 2020-05-20T13:44:55+00:00 https://feeds.feedblitz.com/~/624566779/0/thesecurityledger~New-LastPass-report-finds-consumer-behavior-affects-the-workplace/ www.secnews.physaphae.fr/article.php?IdArticle=1720780 False None LastPass None The Security Ledger - Blog Sécurité Password Psychology: users know reuse is bad, do it anyway]]> 2020-05-20T13:44:55+00:00 https://feeds.feedblitz.com/~/624566779/0/thesecurityledger~Password-Psychology-users-know-reuse-is-bad-do-it-anyway/ www.secnews.physaphae.fr/article.php?IdArticle=1734679 True None LastPass None TechRepublic - Security News US 2020-05-05T13:00:22+00:00 https://www.techrepublic.com/article/this-common-online-behavior-puts-you-and-your-data-at-great-risk/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=1692304 False None LastPass None Graham Cluley - Blog Security 2020-04-16T09:25:59+00:00 https://www.grahamcluley.com/feed-sponsor-lastpass/ www.secnews.physaphae.fr/article.php?IdArticle=1657928 False None LastPass None The Security Ledger - Blog Sécurité Read the whole entry...  _!fbztxtlnk!_ https://feeds.feedblitz.com/~/620539742/0/thesecurityledger -->»]]> 2020-03-30T12:30:00+00:00 https://feeds.feedblitz.com/~/620539742/0/thesecurityledger~Ways-to-make-Your-Remote-Work-Easy-and-Secure/ www.secnews.physaphae.fr/article.php?IdArticle=1628121 False None LastPass None 01net. Actualites - Securite - Magazine Francais ]]> 2020-03-20T02:52:02+00:00 https://www.01net.com/actualites/les-applis-android-de-lastpass-et-1password-sont-vulnerables-au-phishing-1878546.html www.secnews.physaphae.fr/article.php?IdArticle=1609680 False None LastPass None The Security Ledger - Blog Sécurité Read the whole entry...  _!fbztxtlnk!_ https://feeds.feedblitz.com/~/620019002/0/thesecurityledger -->» ]]> 2020-03-18T20:39:16+00:00 https://feeds.feedblitz.com/~/620019002/0/thesecurityledger~Episode-Killing-Encryption-Softly-with-the-EARN-IT-Act-Also-SMBs-Struggle-with-Identity/ www.secnews.physaphae.fr/article.php?IdArticle=1605758 False None LastPass None The Security Ledger - Blog Sécurité Spotlight Podcast: The Demise of the Password may be closer than you think!]]> 2020-02-27T01:27:44+00:00 https://feeds.feedblitz.com/~/619112596/0/thesecurityledger~Spotlight-Podcast-The-Demise-of-the-Password-may-be-closer-than-you-think/ www.secnews.physaphae.fr/article.php?IdArticle=1567938 False None LastPass None The Security Ledger - Blog Sécurité As Cyber Attacks Mount, Small Businesses seek Authentication...Read the whole entry...  _!fbztxtlnk!_ https://feeds.feedblitz.com/~/618965882/0/thesecurityledger -->»]]> 2020-02-24T12:30:00+00:00 https://feeds.feedblitz.com/~/618965882/0/thesecurityledger~As-Cyber-Attacks-Mount-Small-Businesses-seek-Authentication-Fix/ www.secnews.physaphae.fr/article.php?IdArticle=1563204 False Guideline LastPass None Graham Cluley - Blog Security 2020-01-24T12:22:12+00:00 https://www.grahamcluley.com/whoops-lastpass-accidentally-deleted-its-browser-extension-from-the-chrome-store-but-its-back-now/ www.secnews.physaphae.fr/article.php?IdArticle=1507892 False None LastPass 5.0000000000000000 Bleeping Computer - Magazine Américain 2020-01-23T10:54:30+00:00 https://www.bleepingcomputer.com/news/security/lastpass-mistakenly-removes-extension-from-chrome-store-causes-outage/ www.secnews.physaphae.fr/article.php?IdArticle=1506368 False Guideline LastPass None ZD Net - Magazine Info 2020-01-20T07:50:00+00:00 https://www.zdnet.com/article/lastpass-is-in-the-midst-of-a-major-outage/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1502252 False None LastPass None Graham Cluley - Blog Security 2020-01-14T17:24:54+00:00 https://www.grahamcluley.com/lastpass-releases-its-3rd-annual-global-password-security-report/ www.secnews.physaphae.fr/article.php?IdArticle=1501520 False None LastPass 3.0000000000000000 AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC previous posts, I have been misunderstood and thought to be promoting a position, but that isn't my intended purpose - cybersecurity awareness is. In the interview, the Congressional member told an entertaining story about how a site was requesting the creation of a “Security Question”.  We have all been subject to these inane questions that require horribly predictable, and sometimes, very publicly known answers.  These questions are usually used for password recovery, or password reset functions. In this particular case, the question that was chosen is “What is the name of your dog?”  What happened next is where I was mortified at the lack of awareness.  The conversation went something like this: Congress member:  “So I put in the name of my dog, and the site said that the name was too short.” Did you just perform a face-palm, as I did when I heard that?  Let’s review some of the more common short-names for dogs: Rex, Spot, Hero, Bud. I am sure that you can come up with a few others.  The problem here is that this Congressional representative just narrowed the search criteria for anyone who wants to guess one of the security questions for a forgotten password.  There is no need to use long names in a brute-force attack when it has already been revealed that the dog has a short name. We know for certain that the dog’s name is definitely NOT Alistair, or even Bunsen Honeydew. This also indicates that this Congress person is not using a password manager.  One need not search too long to find many resources about how to generate and store random answers for those security questions.  As was reported during the “Celebgate” and “TheFappening” nude photo scandals, some celebrities were victims of social engineering that caused them to reveal their security answers. One impressive lesson from this experience is that the web site that was requesting the security answer has made a bit of an effort to prevent easily-guessed, short names.  However, to the average person, what are they to do if their dog’s name is simply “Rex”?  Should they change their dog’s name to appease a web site?  Or, should they create a name to satisfy the question? How are they to remember that fake name?  These problems are what cause people to develop a strong disdain for security. Moreover, why are sites still using these horrible pre-defined verification questions?  I am no fan of those questions, and even on sites that allow a person to enter a unique question, most folks will use very common questions, and answers.  With all the other mechanisms out there, such as mobile authenticators, and multi-factor options, there must be a better way to authenticate a person.  In the meantime, please be careful with those security answers.  ]]> 2020-01-06T14:00:00+00:00 https://feeds.feedblitz.com/~/614987756/0/alienvault-blogs~Don%e2%80%99t-give-away-your-secret-answers www.secnews.physaphae.fr/article.php?IdArticle=1496525 False None LastPass None UnderNews - Site de news "pirate" francais LastPass, la solution de gestion de mots de passe, lance, avec LastPass Identity, la solution d'accès et d'authentification unifiée pour gérer en toute sécurité l'identité utilisateur, la connexion sans mot de passe pour ses clients professionnels.]]> 2019-12-05T13:36:39+00:00 https://www.undernews.fr/undernews/lastpass-lance-lauthentification-sans-mot-de-passe.html www.secnews.physaphae.fr/article.php?IdArticle=1493561 False None LastPass None Graham Cluley - Blog Security 2019-10-24T10:59:44+00:00 https://www.grahamcluley.com/smashing-security-151-frankly-sometimes-paying-the-ransom-is-a-good-idea/ www.secnews.physaphae.fr/article.php?IdArticle=1423785 False Ransomware LastPass None UnderNews - Site de news "pirate" francais Rapport mondial 2019 de LastPass sur la sécurité des mots de passe Mauvaises habitudes persistantes en entreprise : un frein pour l'adoption de règles de sécurité efficaces. Ce 3ème Rapport mondial sur la sécurité des mots de passe mené par LastPass montre que certaines pratiques comme la réutilisation généralisée des mots de passe reste très répandue, et ce malgré de forts investissements par les entreprises dans des outils de sécurité comme l'authentification multifactorielle.]]> 2019-10-24T07:46:49+00:00 https://www.undernews.fr/authentification-biometrie/securite-et-mots-de-passe-ou-en-sommes-nous.html www.secnews.physaphae.fr/article.php?IdArticle=1423555 False None LastPass None Wired Threat Level - Security News 2019-10-22T10:00:00+00:00 https://www.wired.com/story/time-to-outsource-your-passwords-app www.secnews.physaphae.fr/article.php?IdArticle=1419383 False None LastPass None The Security Ledger - Blog Sécurité Read the whole entry...  _!fbztxtlnk!_ https://feeds.feedblitz.com/~/607945602/0/thesecurityledger -->» ]]> 2019-10-16T22:22:57+00:00 https://feeds.feedblitz.com/~/607945602/0/thesecurityledger~Spotlight-Podcast-Global-Audit-Finds-Small-Firms-struggle-with-Password-Hygiene/ www.secnews.physaphae.fr/article.php?IdArticle=1412202 False None LastPass None The Security Ledger - Blog Sécurité ]]> 2019-10-10T02:06:08+00:00 https://feeds.feedblitz.com/~/607615438/0/thesecurityledger~Episode-Who-owns-the-Data-Smart-Cars-collect-Also-making-Passwords-work/ www.secnews.physaphae.fr/article.php?IdArticle=1393854 False None LastPass None IT Security Guru - Blog Sécurité 2019-10-09T12:32:08+00:00 https://www.itsecurityguru.org/2019/10/09/new-lastpass-research-finds-password-habits-remain-key-obstacle-to-business-security/ www.secnews.physaphae.fr/article.php?IdArticle=1392463 False None LastPass None TechRepublic - Security News US 2019-10-08T16:29:00+00:00 https://www.techrepublic.com/article/more-companies-use-multi-factor-authentication-but-security-still-weak-from-poor-password-habits/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=1390958 False Guideline LastPass None Bleeping Computer - Magazine Américain 2019-10-08T09:00:00+00:00 https://www.bleepingcomputer.com/news/security/57-percent-of-businesses-use-multi-factor-auth-mfa-says-lastpass/ www.secnews.physaphae.fr/article.php?IdArticle=1390584 False None LastPass None The Security Ledger - Blog Sécurité Read the whole entry...  _!fbztxtlnk!_ https://feeds.feedblitz.com/~/607423780/0/thesecurityledger -->» ]]> 2019-10-03T22:49:43+00:00 https://feeds.feedblitz.com/~/607423780/0/thesecurityledger~Episode-Cyber-Risk-has-a-DunningKruger-Problem-also-Bad-Password-Habits-start-at-Home/ www.secnews.physaphae.fr/article.php?IdArticle=1393855 True None LastPass None The Security Ledger - Blog Sécurité Read the whole entry...  _!fbztxtlnk!_ https://feeds.feedblitz.com/~/607423780/0/thesecurityledger -->» ]]> 2019-10-03T22:49:43+00:00 https://feeds.feedblitz.com/~/607423780/0/thesecurityledger~Episode-Cyber-Risk-has-a-DunningKruger-Problem-Also-Bad-Password-Habits-start-at-Home/ www.secnews.physaphae.fr/article.php?IdArticle=1378941 False None LastPass None TechRepublic - Security News US 2019-10-02T08:44:00+00:00 https://www.techrepublic.com/article/two-enterprise-worthy-password-managers-lastpass-and-roboform/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=1375116 False None LastPass None The Security Ledger - Blog Sécurité ]]> 2019-09-30T13:02:24+00:00 https://feeds.feedblitz.com/~/607308380/0/thesecurityledger~Explained-TwoFactor-vs-MultiFactor-Authentication/ www.secnews.physaphae.fr/article.php?IdArticle=1371088 False None LastPass None The Security Ledger - Blog Sécurité ]]> 2019-09-26T17:41:33+00:00 https://feeds.feedblitz.com/~/607196136/0/thesecurityledger~Spotlight-Podcast-Breaking-Bad-Password-Habits-to-Fight-Advanced-Threats/ www.secnews.physaphae.fr/article.php?IdArticle=1363532 False None LastPass None The Security Ledger - Blog Sécurité Read the whole entry...  _!fbztxtlnk!_ https://feeds.feedblitz.com/~/607155916/0/thesecurityledger -->» ]]> 2019-09-25T16:32:50+00:00 https://feeds.feedblitz.com/~/607155916/0/thesecurityledger~Episode-Have-We-missed-Electric-Grid-Cyber-Attacks-for-Years-Also-Breaking-Bad-Security-Habits/ www.secnews.physaphae.fr/article.php?IdArticle=1361125 False Hack LastPass None Graham Cluley - Blog Security 2019-09-18T23:04:47+00:00 https://www.grahamcluley.com/smashing-security-146-password-secrets-and-baking-brownies/ www.secnews.physaphae.fr/article.php?IdArticle=1344744 False None LastPass None InformationSecurityBuzzNews - Site de News Securite LastPass And Malicious Websites Extract Your Last Used Password]]> 2019-09-18T10:21:22+00:00 https://www.informationsecuritybuzz.com/expert-comments/lastpass-fixes-bug-that-could-let-malicious-websites-extract-your-last-used-password/ www.secnews.physaphae.fr/article.php?IdArticle=1343098 False None LastPass None Wired Threat Level - Security News 2019-09-17T23:42:04+00:00 https://www.wired.com/story/gm-strike-electric-car-lastpass-password-bug www.secnews.physaphae.fr/article.php?IdArticle=1341667 False None LastPass None Wired Threat Level - Security News 2019-09-17T21:57:51+00:00 https://www.wired.com/story/a-password-exposing-bug-was-purged-from-lastpass www.secnews.physaphae.fr/article.php?IdArticle=1341395 False None LastPass None Graham Cluley - Blog Security 2019-09-17T08:08:04+00:00 https://www.grahamcluley.com/lastpass-users-automatically-updated-to-fix-security-vulnerability-in-browser-extension/ www.secnews.physaphae.fr/article.php?IdArticle=1339378 False Vulnerability LastPass None SecurityWeek - Security News 2019-09-16T14:40:28+00:00 http://feedproxy.google.com/~r/Securityweek/~3/a3b6-ISqHNE/lastpass-patches-bug-leaking-last-used-credentials www.secnews.physaphae.fr/article.php?IdArticle=1340304 False Vulnerability LastPass None Security Affairs - Blog Secu 2019-09-16T11:57:15+00:00 https://securityaffairs.co/wordpress/91338/hacking/lastpass-credentials-leak.html www.secnews.physaphae.fr/article.php?IdArticle=1336568 False Vulnerability LastPass None ZD Net - Magazine Info 2019-09-16T08:45:40+00:00 https://www.zdnet.com/article/lastpass-bug-leaks-credentials-from-previous-site/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1336355 False Vulnerability LastPass None Bleeping Computer - Magazine Américain 2019-09-16T08:24:36+00:00 https://www.bleepingcomputer.com/news/security/password-revealing-bug-quickly-fixed-in-lastpass-extensions/ www.secnews.physaphae.fr/article.php?IdArticle=1336847 False Vulnerability LastPass None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC has had two espionage attempts in one year, foiled just as the convicts were departing the country. In fact, a 2014 report estimated the global cost of industrial espionage to be $445 billion. Considering how the economy has shaped up since then, the figure may well be over the $1 trillion mark. Should small businesses be concerned? It’s not only the Silicon Valley giants who have to face espionage. Rather, smaller businesses have more to lose. With 31% of all cyber-espionage attacks aimed at small businesses, the loss of important information can leave them facing bankruptcy. Source: https://www.freepik.com/free-photo/hacker-with-laptop_3361105.htm Indeed, according to the U.S National Cyber Security Alliance, 60% of Small Medium Enterprises (SMEs) shut down within six months after a cyber-attack. What’s more, it costs approximately $690,000 and $1million for such businesses to clean up after an attack. As Jody Westby, CEO of Global Cyber Risk says, “it is the data that makes a business attractive, not the size – especially if it is delicious data, such as lots of customer contact info, credit card data, health data, or valuable intellectual property.” Why Are Small Businesses Targeted? Smaller businesses are easy targets of corporate espionage, as they tend to have weaker security compared to large corporations. The Internet Security Threat Report shows, for instance, that while 58% of small businesses show awareness and concern about a possible attack, 51% of them still have no budget allocated to prevent it. It seems, also, that the problem is getting worse, as outlined by cyber-security experts in PwC’s Global State of Information Security Survey: small organizations, with annual revenue of under $100 million, have reduced their security budget by 20%, even as large organizations are spending 5% more on security. Indeed, as large organizations are getting better at defending themselves against different types of espionage, criminals are “moving down the business food chain.” For example, cyber-attacks to steal information from small businesses have increased by 64% in a span of four years, as large businesses have adopted more robust security protocols. As a result, all kinds of small]]> 2019-09-10T13:00:00+00:00 https://feeds.feedblitz.com/~/606638870/0/alienvault-blogs~Should-small-business-owners-concern-themselves-with-business-espionage www.secnews.physaphae.fr/article.php?IdArticle=1317541 False Guideline LastPass None InformationSecurityBuzzNews - Site de News Securite Study Finds 92 Per Cent Of Businesses Experience Identity Challenges]]> 2019-07-12T16:30:03+00:00 https://www.informationsecuritybuzz.com/study-research/study-finds-92-per-cent-of-businesses-experience-identity-challenges/ www.secnews.physaphae.fr/article.php?IdArticle=1202117 False None LastPass None IT Security Guru - Blog Sécurité 2019-06-12T10:59:01+00:00 https://www.itsecurityguru.org/2019/06/12/logmein-takes-aim-at-cloud-identity-with-new-lastpass-business-lineup/ www.secnews.physaphae.fr/article.php?IdArticle=1150554 False None LastPass None UnderNews - Site de news "pirate" francais Malgré l'augmentation constante des cyberattaques, les entreprises peinent encore à mettre en place des politiques de sécurité efficaces. Pour pallier la faiblesse des mots de passe et la mauvaise éducation des employés en la matière, les RSSI doivent gagner en visibilité sur le comportement et les habitudes de leurs employés. ]]> 2019-05-06T14:18:00+00:00 https://www.undernews.fr/authentification-biometrie/comment-donner-aux-rssi-les-meilleurs-outils-pour-ameliorer-la-securite-des-mots-de-passe.html www.secnews.physaphae.fr/article.php?IdArticle=1097400 False None LastPass None InformationSecurityBuzzNews - Site de News Securite Fundamental Flaw In Password Managers Exposes User Credentials In Computer Memory]]> 2019-02-21T23:37:00+00:00 https://www.informationsecuritybuzz.com/expert-comments/fundamental-flaw-in-password/ www.secnews.physaphae.fr/article.php?IdArticle=1036176 False None LastPass None