A common refrain among digital security professionals is for users to rely on the services of a strong password manager for their myriad account credentials online. Because in lieu of that, too many people default to the convenience of memory and reuse passwords or create too many that are easily memorable (and, thus, easily guessable for hackers). We’re only barely into the second quarter of 2021, but we’ve already written a slew of posts so far this year explaining why that is a terrible practice.
We’ve also talked about the importance of (and recommended) password managers here on a number of different occasions — but there is a downside to them that you can probably surmise. Such managers can be one-stop-shop solutions that represent juicy targets of opportunity for hackers, as demonstrated by the recent security incident that enterprise password manager Passwordstate warned its customers about a few days ago.
Today’s Top Deal
Amazon shoppers are obsessed with the $30 gadget that opens your garage with your smartphone or voice!
As the company explains it, hackers apparently compromised a software upgrade that went out to customers last week. A malicious version of an otherwise legitimate update file was installed that would have been able to extract customer data for the attackers.
Passwordstate’s advisories say the number of affected customers here looks to be small, but it still doesn’t hurt to assume that your password or passwords were included in this incident and to take this opportunity to just go ahead and change them anyway. By the way, data that may have been compromised in this incident includes things like usernames and passwords, as well as various other details about users and their systems.
Breaking: Password manager Passwordstate hacked to deploy malware on customer systems
-The app’s update mechanism was compromised for 28h
-Unclear what the malware did, but assume your passwords have been compromised and start changing everythinghttps://t.co/YJ00TxwiMK pic.twitter.com/TLZBog1IVv
— Catalin Cimpanu (@campuscodi) April 23, 2021
Individuals are often the target of attacks from hackers, partly because of the way people can make so many dumb mistakes that open the door for an attack. However, this incident with Passwordstate is also reminiscent of some others we’ve written about recently, attacks that targeted the infrastructure underpinning peoples’ digital experience.
For example, just a few days ago we wrote about an attack that has hallmarks of being a kind of SolarWinds 2.0. It targeted a San Francisco-based software auditing company that the general public has likely never heard of before called Codecov. Basically, it was revealed in recent days that federal investigators are probing an intrusion at this particular company, because of how hackers were able to tamper with the software used by its 29,000 customers. This is pretty ominous because Codecov’s software is used to help companies test their own software code for errors and potential vulnerabilities that hackers could exploit — meaning, maliciously tampering with Codecov’s software could conceivably leave all sorts of holes and vulnerabilities in companies that rely on its software.
As if all that wasn’t worrying enough, the breach or intrusion of Codecov’s software happened in January, but Codecov itself didn’t learn about this until April, meaning hackers presumably had an obscene amount of time to unleash their mischief. It’s a reminder that no digital system is impenetrable, even though password managers are still better than relying on simple and memorable passwords that you come up with yourself.
Today’s Top Deal
ALISO VIEJO, Calif.–(BUSINESS WIRE)–BrainChip Holdings Ltd (ASX: BRN), (OTCQX: BRCHF), a leading provider of ultra-low power high performance artificial intelligence technology, today announced that Chief Development Officer Anil Mankar will present “Intelligent Edge AI: The Future is Now” at the Linley Fall Processor Conference 2021 in the Hyatt Regency Hotel in Santa Clara, California, October…
Artificial intelligence (AI), which has seen rapid growth over the past few years, is mainly due to the development of deep neural networks and artificial intelligence computing technology. Experts believe that there will come a time when artificial intelligence will exceed human intelligence, or be able to do many tasks better than humans.
WASHINGTON – As part of its mission to recruit diverse cybersecurity talent and build the workforce of the future, the Cybersecurity and Infrastructure Security Agency (CISA) has awarded $2 million to two innovative organizations for development of cyber workforce training programs. The NPower and CyberWarrior organizations, which received the awards, will focus on the unemployed…
WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA) published a cybersecurity advisory today regarding BlackMatter ransomware cyber intrusions targeting multiple U.S. critical infrastructure entities, including two U.S. food and agriculture sector organizations. The advisory includes technical details, analysis, and assessment of this cyber threat,…
Most Popular Articles on dWeb.News
- RESEARCH: 'Whoop' – New Autonomous Method Precisely Detects Endangered Whale Vocalizations
- Dunzo Is Building India’s Largest Quick Commerce Platform with Dunzo Daily
- Front Page: US Seeks To Contain Beijing Anger After Biden Vows Taiwan Defense
- GAMING: How To Unlock The LAPA SMG For CoD: Warzone And Black Ops Cold War
- BUSINESS: Moonbug Announces A New Character Meekah To Join Blippi Universe
- CANADA NEWS: 40 shipping containers floating near entrance to Juan de Fuca Strait