“Current and former top executives at SolarWinds are blaming a company intern for a critical lapse in password security that apparently went undiagnosed for years,” reports CNN. The password in question, “solarwinds123,” was discovered in 2019 on the public internet by an independent security researcher who warned the company that the leak had exposed a SolarWinds file server… It is still…
Tag: Passwords
Google’s Password Checkup Feature Coming To Android
Android users can now take advantage of the Password Checkup feature that Google first introduced in its Chrome web browser in late 2019, the OS maker announced today. From a report: On Android, the Password Checkup feature is now part of the “Autofill with Google” mechanism, which the OS uses to select text from a cache and fill in forms. The…
France Says Russian State Hackers Targeted IT Monitoring Firm Centreon’s Servers in Years-Long Campaign
France’s cyber-security agency said that a group of Russian military hackers, known as the Sandworm group, have been behind a three-years-long operation during which they breached the internal networks of several French entities running the Centreon IT monitoring software. From a report: The attacks were detailed in a technical report released today by Agence Nationale de la Securite des Systemes d’Information,…
Yandex Said It Caught an Employee Selling Access To Users’ Inboxes
An anonymous reader quotes a report from ZDNet: Russian search engine and email provider Yandex said today that it caught one of its employees selling access to user email accounts for personal gains. The company, which did not disclose the employee’s name, said the person was “one of three system administrators with the necessary access rights to provide technical support” for…
Authorities Arrest SIM Swapping Gang that Targeted Celebrities
Eight men were arrested across England and Scotland this week as part of a coordinated crackdown against a SIM swapping gang that has hijacked the identities and social media profiles of US celebrities. From a report: The UK National Crime Agency, which made the arrests on Tuesday, said the gang targeted well-known sports stars, musicians, and influencers, primarily located in the…
Google Chrome Sync Feature Can Be Abused For C&C and Data Exfiltration
Threat actors have discovered they can abuse the Google Chrome sync feature to send commands to infected browsers and steal data from infected systems, bypassing traditional firewalls and other network defenses. From a report: For non-Chrome users, Chrome sync is a feature of the Chrome web browser that stores copies of a user’s Chrome bookmarks, browsing history, passwords, and browser and…
Suspected Russian Hack Extends Far Beyond SolarWinds Software, Investigators Say
Investigators probing a massive hack of the U.S. government and businesses say they have found concrete evidence the suspected Russian espionage operation went far beyond the compromise of the small software vendor publicly linked to the attack. From a report: Close to a third of the victims didn’t run the SolarWinds software initially considered the main avenue of attack for the…
iCloud For Windows Gaining Support For iCloud Passwords Chrome Extension
Apple yesterday released a new version of iCloud for Windows 10, and based on multiple reports and the update’s release notes, it appears Apple is introducing an iCloud Passwords extension designed for Chrome, which will allow “iCloud” Keychain passwords to be used on Windows machines. MacRumors reports: As noted by The 8-Bit and a few other sources, the update adds support…
Lost Passwords Lock Millionaires Out of Their Bitcoin Fortunes
Stefan Thomas, a German-born programmer living in San Francisco, has two guesses left to figure out a password that is worth, as of this week, about $220 million. From a report: The password will let him unlock a small hard drive, known as an IronKey, which contains the private keys to a digital wallet that holds 7,002 Bitcoin. While the price…