1Password Vulnerability Let Attackers Exfiltrate Vault Items

1Password developers reported a critical vulnerability found in the Mac version of the app. This vulnerability, identified as CVE-2024-42219, was discovered by Robinhood’s Red Team during an independent security assessment of 1Password for Mac. It allows a malicious process running locally on a computer to bypass protections for inter-process communication. This issue affects all app versions up to 8.10.36.

Vulnerabilities in password managers are always a massive source of headache for both developers and users. Recent events around the LastPass password manager, that led to a huge leak of login credentials, is the perfect example of what may happen if that case is not managed properly. Fortunately, 1Password acknowledged the issue way before hackers started exploiting it in real-world attacks.

Technical Details

The CVE-2024-42219 vulnerability is related to bypassing inter-process communication (IPC) protections in 1Password for Mac across all versions up to 8.10.36. If a malicious process is running locally on the computer, it can circumvent these protections. This allows attackers to steal vault items and obtain credentials necessary for logging into 1Password, such as the account unlock key and SRP-𝑥 (Secure Remote Password) values. 1Password Vaults are secure containers for storing and organizing items, allowing users to share specific information with selected individuals. Essentially, they are mini password managers within the main application.

However, certain conditions are required to exploit this vulnerability: the attacker needs to convince the user to execute malicious software on their computer. During the attack, the absence of specific macOS checks for inter-process communication can be exploited. This allows the attacker to spoof or hijack trusted 1Password integrations, such as the browser extension or command-line interface. Fortunately, there have been no reports of this vulnerability being exploited in the wild.

1Password’s Response

1Password promptly released an update to patch this vulnerability as soon as they were notified. Details about the issue were disclosed on relevant news platforms after the patch was released, which upset some users who expected to see it in the changelog. However, it’s clear that the company maintained informational silence to ensure user safety.

1Password strongly recommends that all users update their app to version 8.10.36 as soon as possible to mitigate potential risks. The company also expressed gratitude to Robinhood’s team for responsibly disclosing the vulnerability and for their close collaboration, which ensured timely protection for users.

The post 1Password Vulnerability for MacOS Causes Credentials Leak appeared first on Gridinsoft Blog.

Password Security Dangers

Today, one user on average has about 100 accounts, including social media, banking, and personal accounts. Despite looking as something of a lesser value, they in total give a tremendous amount of information about the user. Moreover, possessing someone’s online account opens gates to impersonation attacks – a type of phishing that is considered one of the most effective.

Cybercriminals may use gazillion different tools to get their hands on user information. However, the majority of them bear on only a few mistakes and weaknesses of how people usually treat passwords. This, in combination with more proactive approaches, puts quite a lot of people in danger of password leaks and identity compromise. I’ve gathered the most common password security dangers:

How to Store Passwords Securely?

There are two main methods for securely storing passwords today. The most reliable method is using a password manager. Compared to other methods, which I will discuss shortly, password managers have significant advantages. These programs allow you to securely store passwords in an encrypted form, generate complex passwords, and automatically fill them in on websites.

Another relatively safe method for storing passwords is the standard password-saving feature in browsers. Previously, this was not a very secure place to store passwords, as they were stored in plain text and could easily be stolen by attackers. However, today, all popular browsers store passwords in an encrypted form, adding an additional layer of security. Nonetheless, despite these browsers taking extra precautions to ensure the safety of saved passwords, this method is still not the most secure option for storing your credentials.

Keeping in a Web Browser

All modern web browsers offer built-in password storage, which many people readily use. But is it really secure? In the past, web browsers stored passwords locally on the user’s disk in plain text. This meant that attackers could easily gain access by copying the password file or dumping its contents. Today, the situation has improved – most popular web browsers store passwords in encrypted form. These are the following:

• Google Chrome
• Microsoft Edge
• Mozilla Firefox
• Safari

These browsers use two-factor authentication, AES encryption (with Apple Safari using Keychain for storing passwords on Apple devices), and allow password synchronization through user accounts.

In addition to the browsers listed above, there are others such as Opera, Brave, and Vivaldi. While Opera uses encryption to store passwords, it doesn’t develop as actively as the aforementioned browsers. For other Chromium-based browsers, security depends on the specific browser and its update and protection policies.

Password Keeping Applications

Password managers are applications designed to create secure passwords and store them in an encrypted vault. They allow you to store hundreds of encrypted passwords. The only password you need to remember is the master password. I recommend using this method for storing passwords because it is perfectly suited for the task.

Since password storage is a big responsibility, I recommend using an open-source password manager. This ensures security because anyone can review the source code and verify its safety. One such option is Bitwarden, which is fully open-source, regularly undergoes security audits, and has never been involved in data breaches. In terms of functionality, Bitwarden offers features like multi-device support and offline access. Another excellent open-source password manager is KeePass, which is also free.

Another useful feature of these password managers is the built-in password generator. Whenever a user registers on a website, the password manager can generate a strong, unique password and save it immediately. Users can customize the password length and the characters used. This significantly reduces the chance of passwords being cracked through brute-force attacks.

However, not all password managers are secure. For instance, the once-popular password manager LastPass, which was considered the best at one time, has had multiple security issues. Despite not being an open-source manager, it has been hacked several times, with attackers managing to steal users’ saved passwords. Therefore, for security reasons, I do not recommend using LastPass.

Worst Ways to Store Passwords

We’ve discussed how to properly store passwords; now let’s look at how not to store them. The general rule is to never store your passwords in a visible place, especially if that place can be accessed by others. Here are some of the worst places to store passwords:

Sticky Notes

While it may seem convenient and easily accessible, this is also highly insecure, especially if the note is stuck to your computer monitor or desk. In such cases, passwords meant to protect your accounts are easily visible to anyone who enters your workspace.

Notebook or Journal

Like sticky notes, writing down passwords in a personal journal or notebook is not a great idea. Although it can be hidden, there is no guarantee that someone won’t come across it. If your notebook falls into the wrong hands, nothing stops that person from reading it and finding your passwords.

Screenshots in the phone gallery

Sometimes, when a user registers somewhere and needs to quickly save their data, they take a screenshot. This is undoubtedly the fastest and easiest way to save information. However, it is also an insecure method because sensitive information is stored in plain view. Anyone with access to the gallery can access the data.

Email or Messaging Apps

As messaging apps evolve, many users save important information in chats with themselves. This can be fine for documents, files, or memes, but it’s a bad idea for passwords and sensitive information. If the messenger uses encryption, reinstalling the app can result in losing this information. On the other hand, if the messenger doesn’t use end-to-end encryption, your password ends up on the messenger’s servers.

Text Files

This is a very simple and convenient way to store information. However, it’s not reliable because a text document is not encrypted, and anyone who opens it can see or copy your password.

The post How To Securely Store Passwords appeared first on Gridinsoft Blog.

What Is a Password Stealer?

As its name suggests, password stealer is a type of malware that aims to steal sensitive data. Mainly, this is about credentials to email accounts, social networks, and online banking. But these days, quite a few password stealers incorporate more diverse functionality. They now target crypto wallets, cookies, browser cache and saved passwords, Discord session tokens, and more.

The primary distribution method of password stealers is phishing emails with malicious attachments. Sometimes, however, password stealers can also be distributed via malicious ads in search results. In a selection of cases, spear phishing was used to attack a specific person with the malware.

Technical Analysis

All stealers are generally very similar, so the properties that the current instance has to apply to the others, perhaps with minimal differences. This will be a rather simplified analysis aimed at understanding how password stealer works. I will get through the most common and important actions that this malware does. For the test sample, I’ve chosen Vidar Stealer – a classic password stealer written in C++. The attack commonly begins when the victim runs an infected file.

Defense Evasion

Like most malware, it has a few tricks that make it particularly difficult to detect on the system. When the malware comes under the guise of the installer of a legitimate program, it can contain a row of null bytes at the beginning, which pushes its size over 700 MB. This size allows it to avoid instant detection by antivirus solutions and online checkers like VirusTotal. Another trick aimed at evading detection is code obfuscation. The malware also checks system parameters to ensure it is not running in a virtualized environment. It checks values such as:

HKLM/System/Setup
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid

These keys contain information about the system and hardware, which allows you to create a digital fingerprint of the infected system in addition to identification.

Data Collection

Once the malware is convinced that it is not running in a sandbox and has established a foothold in the system, it moves on to its primary function – information gathering. password stealer collects the following information from browsers:

C:\Users\admin\AppData\Local\Temp\History\History.IE5\index.dat
C:\Users\admin\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
C:\Windows\system32\CRYPTBASE.dll
C:\Documents and Settings\\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
C:\Users\user\AppData\Local\Google\Chrome\User Data\

These folders contain information such as autofill, saved passwords, cookies, cache, and browser extensions. Next, stealer tries to collect crypto wallet data by checking the locations you can see below. This list includes only a few wallets, as the exact list is too long to mention.

C:\Users\user\AppData\Local\Blockstream\Green\wallets\
C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\

Data Exfiltration

The malware’s final operation step is stolen data exfiltration. To do this, password stealer communicates with C2 (Command and Control) to receive further instructions. By the way, there can be various options for communicating with C2. Attackers often still use classic C2 servers; sometimes, they use Telegram or Mastodon as intermediate servers. However, in our case, the malware uses Steam. Before sending the stolen data, stealer sends several requests, including:

GET https://steamcommunity.com/profiles/76561199548518734 200

This is a link to a Steam profile. However, the strange name profile’s name “sppmon http://195.201.131.165|” is the command for malware. This is actually the address of the final server that the stealer should connect to. The phrase “This user has also played as” suggests that the address in the name changes quite often.

When finished, stealer self-deletes itself and covers its tracks. Though, not all infostealers do this, preferring to stay in the system even after extracting all the data. But when they do, the shell command comes in handy:

"%ComSpec%" /c taskkill /im "%SAMPLENAME%" /f & erase "%SAMPLEPATH%" & exit

Difference Between Password Stealer and Spyware

Password stealers and spyware may look similar, but have some fundamental differences. The first difference lies in the principle of operation: stealer works quietly and quickly, often sticking to “steal and leave” tactics. Spyware, on the other hand, aims at a long and permanent presence in the system. Although some stealers can take screenshots and capture keyboard inputs in addition to collecting sensitive data, this is not the main functionality.

Spyware, on the other hand, can stay on an infected system for months and continuously collect data. This includes screenshots, capturing keystrokes, and camera and microphone recordings. This data is sent periodically or in real-time to the attacker’s server.

Safety Recommendations

Malware and password stealers in particular tend to become more and more sophisticated. Getting harder to detect, picking new spreading ways, collecting more and more data – all this makes them a menace to be aware about. Fortunately, the ways to prevent this from getting into your PC is not particularly hard.

• Be careful with email attachments. This method is still the leading method among successful malware infections. Do not open attachments or click on links if the email has a suspicious sender or is not the email you were intentionally expecting.
• Avoid cracked software. Pirated software is illegal in itself, but it carries serious risks. Attackers embed malicious code in “repacks”, as installing most hacked programs requires disabling security software.
• Use security software. A reliable antimalware solution is essential because it can prevent malware from running and installing in case of user error. In addition, it will generally provide comprehensive protection by significantly reducing infection vectors. In addition, advanced solutions such as GridinSoft Anti-Malware have an Internet Security module that blocks potentially malicious sites.

The post Password Stealer appeared first on Gridinsoft Blog.

According to the U.S. Federal Trade Commission, hundreds of millions of dollars are lost annually due to social media scams. Knowing the most common scams and taking the appropriate steps to avoid them is how you can prevent them on Facebook.

Most Common Facebook Scams Today

Fraudsters develop new ways and methods to make an attack and remain unseen. Such threats are often the users’ login credentials and financial data. Here is a list of the most common Facebook attacks on the social network.

Phishing Scams, Facebook Email Scams

Facebook Phishing emails are increasingly used in Facebook fraudulent attacks, and Facebook users are exposed to such attacks as well. Such letters will include a link and wording that tells you to go to Facebook. The link will take you to a website that looks like Facebook but is fake. Sometimes, websites will tell you that you’ve gotten your account hacked. Other times, they will ask you to verify your login information. There are many of the most dangerous types of phishing attacks that are carried out using various technologies.

One way that sites are trying to get you now is to email you a link to reset your Facebook account, saying that it has been shut down for security reasons. Cybercriminals want you to give them private information using fake websites or apps. The reason can be anything, but their goal is always the same. When you fall for a phishing scam, criminals have all the information they need to mess up your social media account.

Shopping Facebook Scams

Facebook is a platform where many companies and organizations work; they put their data and do business. Most organizations promote their products there and look for potential customers through various advertising posts, messages, and others. This is another one of the great examples of Facebook attacks to watch out for! Fraudsters, in this case, are no exception; they can also attract the audience to buy a particular product. As a result, the user can believe the banner and pay for the offered thing but never get it.

Bogus Job Facebook Scams

Announcing good online work is always tempting. But it should be understood that such offers can be fake and do not carry profound implications. So before agreeing to such an offer, ensure the legitimacy of the organization that makes such an announcement. Because if you take this job, the first thing you’ll be asked about is your address, your insurance number, a copy of the paperwork, and other important data. In this case, you risk compromising your privacy.

Charity Scams

Fraudsters always try to influence the user’s emotional state. The charity case is no exception. Scammers create fake charity profiles that post photos of outsiders who need immediate help and make money from donations. On this basis, be careful before you make a transaction; explore the organization that does this. Helping the sick or the elderly is good, but address the money to the ones who need it.

How to Avoid Facebook Scams

Below, we will guide you to protect yourself from Facebook fraud. With these tips, you can reduce the risk of fraudulent threats to you and your data.

1. Lock down your Facebook privacy settings

Make sure your privacy is well protected. For example, you can hide pictures and videos from third-party users who are not your friends. To do so, make the following changes in Settings:

1. Launch the Facebook app.
2. In the upper right corner of the screen, tap on the down arrow (on iPhone) or hamburger menu (on Android).
3. Select Settings & Privacy from the menu.
4. On iPhone, choose Privacy Checkup. On Android, tap Settings to open another page where Privacy Checkup is. After that, Facebook will walk you through the most common privacy settings and recommend each option.

2. Enable two-factor authentication

Two-factor authentication is a good way to log in to your account more securely. It supposes you should enter the one-time code you receive on your phone number, aside from your login and password, when logging in. You will receive this code as a text message or through the application. To do this, follow the instructions below:

1. Launch Facebook on your computer or app.
2. In the upper right corner of the screen, tap on the down arrow.
3. Select Settings & Privacy > Settings > Security & Login.
4. At the bottom of the page, find the Two-Factor Authentication and tap Edit.

3. Decline a friend request from anyone you don’t know

Please take it as a habit not to accept all requests as friends. You don’t need extra friends if you are not blogging or interested in publicity. Communicate only with those you know. It’s an excellent way to protect yourself from many phishing attempts.

4. Ignore messages asking for personal information or money

If you have received a letter asking for financial assistance from a stranger, it is better to ignore this. If this character is on your friend list, then better call him and find out if he needs it. Such requests via Facebook are more of a scam than a serious request for help.

5. Don’t click on suspicious links

Avoid clicking on links or attachments no matter what message you receive. Open them only if you know for sure that these are messages from the user you really know. If you do not know how to verify the legitimacy of the sender, then follow these instructions:

1. Launch Facebook on your computer or app.
2. In the upper right corner of the screen, tap on the down arrow.
3. Select Settings & Privacy > Settings > Security & Login.
4. At the bottom of the page, find Advanced and tap Recent Emails from Facebook.

6. Check your login history regularly

Keep an eye on where your account is logged in from. This will help you to detect and remove unwanted sessions. It may also be an indicator of compromised account security.

1. Launch Facebook on your computer or app.
2. In the upper right corner of the screen, tap on the down arrow.
3. Select Settings & Privacy > Settings > Security & Login.
4. At the bottom of the page, find Where You’re Logged In and review it for accuracy. Delete any suspicious logins.

7. Use a strong password

Using the same password for several accounts is undesirable. Therefore, create a strong and unique password that will not be easy to decrypt. To do this, use combinations with different letters and characters. The most specific passwords are easiest to crack with various password dictionaries and brute force tools.

8. Search regularly for accounts in your name

At that moment, too, you should remember and look for profiles with such a name on the network from time to time. Because fraudsters often use cloning accounts to appear like legitimate users. If you find such a counterpart, inform Facebook support about such a profile. To do this, tap on the three dots on a person’s profile and choose to Find Support or Report Profile. That is especially important when you are a public person, and someone may be interested in stealing your identity.

The post Top Facebook Scams 2024: How to Avoid Them appeared first on Gridinsoft Blog.

OAuth2 Vulnerability Allows for Persistent Session Hijacking

The attackers found a way to use specific components within the Chrome browser to hijack sessions without a risk of it being interrupted by password changes. They targeted Chrome’s token_service table, part of the WebData, to exfiltrate tokens and account IDs. This table contains essential information, such as the GAIA ID and the encrypted_token column. Next, the attackers decrypted these encrypted tokens using a key stored in Chrome’s Local State within the UserData directory.

This method is similar to how Chrome stores passwords, indicating that the attackers deeply understood Chrome’s data management system. The exploit’s success relied on the attackers’ ability to navigate and utilize Chrome’s intricate data structures, specifically those related to user authentication and token management.

MultiLogin Endpoint Is The Culprit

The MultiLogin endpoint is a crucial element of Google’s OAuth2 system. It synchronizes Google accounts across various services, ensuring a consistent user experience by aligning the browser account states with Google’s authentication cookies. However, attackers have found a way to exploit this endpoint’s functionality. By providing vectors of account IDs and auth-login tokens, attackers can maintain unauthorized access to Google services.

Although this is a regular operation for the endpoint, attackers have used it maliciously. The endpoint’s invisibility and exploitability make it an ideal target for exploitation. It is not widely documented or known, and its role in managing simultaneous sessions or user profile switches makes it a potent tool for attackers once they understand how to manipulate it.

The Discovery and Spread of the OAuth2 Exploit

Back in October 2023, one of the malware developers described a vulnerability in OAuth2 and the exploit to it on its Telegram channel. This exploit uniquely allowed the generation of persistent Google cookies by manipulating tokens. This capability ensured continuous access to Google services, bypassing standard security measures even after resetting the user’s password​​. Obviously, the exploit’s potential didn’t go unnoticed.

Lumma infostealer was the first to integrate this exploit in November 2023, employing advanced blackboxing techniques to protect the methodology. This incorporation marked the beginning of a trend, as the exploit quickly caught the attention of various malware groups. Following Lumma, malware entities like Rhadamanthys, Stealc, Meduza, Risepro, and WhiteSnake implemented the exploit. Each group brought nuances to the exploit’s application, indicating its versatility among cybercriminals​​.

Hidden Tactics

In addition, the attackers manipulated the token:GAIA ID pair, which is also essential in Google’s authentication process. This manipulation allowed them to regenerate Google service cookies and maintain unauthorized access to user accounts. Thus, Lumma, a key player in exploiting this vulnerability, encrypted the critical token:GAIA ID pair with proprietary private keys. This process, known as “blackboxing,” not only obscured the core mechanics of the exploit but also made it difficult for other malicious entities to replicate the method.

Since the attackers encrypted the communication between their C2 and the MultiLogin endpoint, it was challenging for network security systems to detect the exploit. Standard security protocols often overlook such encrypted traffic, mistaking it for legitimate data exchange.

Interim Measures for Protection

While Google is working on fixing the vulnerability, there are some immediate steps you can take to protect your account. First, it is recommended that you log out of all your browser profiles. This will invalidate your current session tokens. After logging out, change your password and log in again. The action will generate new session tokens. Such a step is essential because tokens and GAIA IDs may have been stolen, and generating new session tokens will prevent unauthorized access by rendering the old tokens useless.

The post OAuth2 Session Hijack Vulnerability: Details Uncovered appeared first on Gridinsoft Blog.

What happened to Okta?

At the end of October 2023, Okta released a notification on social media about the security breach. The named reason is the lack of session token validation, which made it possible for hackers to access the computers of tech support employees. From this point, cybercriminals were able to access files sent by other customers; these files commonly contain cookies, their session tokens and the like.

This is not the first time when Okta gets into trouble with hackers. In March 2022, hackers from Lapsus cybercrime group managed to hack into the laptop of their tech support engineer. This affected a small portion of Okta customers – only ~2.5%, still a large enough number as the company is a major identity management provider. Such recurring hacks, especially within one specific division of the company, strikes its image pretty hard, to say the least.

1Password Hacked Through the Okta Hack

Despite how bad the Okta hack sounds, it is not that bad for 1Password. At the moment, the company reports about ceasing any operations related to the accounts of their employees that used Okta services. Further investigation showed that it is nothing to worry about – no accounts were compromised whatsoever.

On September 29, we detected suspicious activity on our Okta instance that we use to manage our employee-facing apps. We immediately terminated the activity, investigated, and found no compromise of user data or other sensitive systems, either employee-facing or user-facing. — the report upon the situation.

Although things appear to be fine on the 1Password side, it may not be over yet. New details of the hack appear each day, even though all the key events happened almost a month ago, on September 29.

Should you be worried?

In all this situation, the best part of it is that companies do not hesitate to notice exposed customers. Actually, no 1Password user data was touched, though it is different for Okta. They were – and continue – sending emails to users whose credentials are potentially in danger with recommendation upon further actions. Hence, keep track of emails from Okta, and this will be it for keeping up to date with the situation.

The post 1Password Hacked Following the Okta Hack appeared first on Gridinsoft Blog.

The NordPass password manager team has prepared annual statistics by analysing the most commonly used and weakest passwords of 2022.

Let me remind you that we also wrote that Password meter services put Internet users at risk.

Years go by and some things don’t change. After reviewing more than 3 TB of data provided by independent security experts, NordPass compiled a list of the 200 most common passwords and found that “password” is still the most popular of them.

Next in this anti-rating are “123456”, “123456789”, “guest”, “qwerty” and many other bad passwords that can be simply guessed and picked up by hand without resorting to any special tools. To crack such passwords, according to experts, it takes from <1 to 11 seconds.

The experts also studied how various world trends influence the inventing of passwords. For example, the password “Oscar” appears especially often when the movie awards are coming up (62,983 times in total). Additionally, passwords such as “Batman” (2,562,776 times detected), “Euphoria” (53,993 times) and “Encanto” (10,808 times) associated with the films and series of the same name have seen surges in popularity.

Since the imagination of users is not limited to “123456” and “password”, below you can see lists of the most common passwords by category, including movies, games, sports, cars, food, and even obscene words.

Let me remind you that in 2020 the most popular password options were: “123456”, “123456789”, “picture1”, “password” and “12345678”.

In 2019, the “onedirection” password ranked 184th on the list. This year such password disappeared from the TOP. Does this mean the band is losing popularity as its members pursue solo careers, or are their fans becoming more cyber-conscious?

When choosing a password, the researchers remind users to avoid obvious patterns or repetitions, such as letters or numbers next to each other on a keyboard. Adding a capital letter, symbols, and numbers can also make your password more secure. Finally, never use personal information such as your date of birth or name as a password.

Also note that Windows 11 22H2 Warns That It’s Not Safe to Store Passwords in Notepad.

The post “Password” Topped the List of the Most Common Passwords in 2022 appeared first on Gridinsoft Blog.

In the cybersecurity world, everyone knows that passwords are real. It’s only in the movies hackers can effortlessly detour or hack passwords. A strong password provides decent data protection.

Since an average internet user nowadays has many accounts on different online services, remembering passwords becomes a serious nuisance. Using services other than social media or email becomes inseparable from a boring “forgot password” procedure.

To stop these work process disruptions and at the same time improve data security, people invented password managers. Are they secure, and should you use them? That’s what this post is about.

Is it Safe to use Password Managers?

The programs in question store passwords from different accounts and automatically fill them into the respective websites’ log-in forms. They also generate strong passwords for each account, saving the user the trouble of doing it. Thus, clients keep all their extremely strong passwords in one box and benefit from forms auto-filling. That does not sound secure at all, you might say, and you would be surely right. If not for certain security measures in password managers, the disputed services would rather jeopardize passwords than manage them wisely. Having all keys collected together without proper protection would make them easy prey.

However, there are high-end programs among password managers that feature security mechanisms making digital fortresses out of them. That doesn’t mean that all safety issues are solved, that is not so (we’ll talk about that further,) but in most cases, a password manager can be helpful and handy.

Security Features

• The first thing that must be said is that password managers use the so-called zero-knowledge architecture. That means no person except you know your passwords stored in the password manager’s vault. The manager doesn’t “know” them either because all the passwords are encrypted and protected by the master password, which is not stored in the vault. You know it, and it belongs to you.
• By the way, the vault is cloud storage. Any connection between your PC and the cloud is encrypted. It is called end-to-end encryption. We have described how such encryption works in our post on SSL certificates. The principle for establishing secure connections is the same – a combination of asymmetric and symmetric encryption. Briefly speaking, should hackers even get the data stored on password manager’s cloud servers, they won’t be able to do anything with it.



• Surely, password managers will audit your credentials, change them regularly, warn you about any weaknesses in your password-login combinations, and so on.
• Logging into the manager program can be accompanied by two-factor authentication to make it as secure as possible. 2FA means you will confirm your identity via another device as you log in and enter your master password.
• Although data breaches are unlikely and pointless since there is end-to-end encryption, some password manager manufacturers monitor the Internet to detect any leakages or breaches if they happen, to inform users about them ASAP.

If you make up your mind to purchase a password manager, make sure the program you have chosen supports the features mentioned above.

Can Password Manager Still be Hacked?

Master Password – the Key to the Kingdom

Theoretically, a password manager hack is possible, although extremely unlikely. Moreover, the target of such an attack will definitely not be the cipher used in the vault itself. Attackers will need your master password, the code that will open the chest with the rest of your keys from different accounts. Most likely, hackers will seek a vulnerability in your habits and use social engineering. By the way, they may try to get your password out of you, posing as the developers of your password manager.

Making Your Master Password Strong

Therefore, we will still have to briefly say here that for a password to be strong, it must be composed of numbers, letters of both cases, and special characters. And, of course, it must be a long sequence of characters (at least twelve.) In addition, the password should not be based on some word with meaning because criminals often go for spear attacks. Those are personalized attacks; when they know something about the victim. Accordingly, neither names nor anyone’s dates of birth should appear in the password. Understandably, no one shouldF be given the key from the password manager. By the way, consider reading the guide to creating strong passwords on our blog.

What About Malware

But that’s not all, because we should not forget about malicious programs. If we just assumed that hackers might be trying to crack your password using brute force, then we need to know that they can go the easier way. They can infect your device with spyware! Moreover, we don’t mean spyware that collects some data in the background while you are browsing the network. No, now we are talking about the most dangerous programs, which are sometimes also classified as spyware, namely keyloggers and screen loggers. The first ones capture keystrokes, while the second ones send everything that happens on your screen somewhere to the attackers’ server. If you use a virtual keyboard, the keylogger is not dangerous for you, but there is still no way against the screen logger.

Both these programs can be hidden from human eyes with the help of a rootkit – another powerful hacker tool. Such programs on your computer would indicate that it has been at risk all this time.

Security Solutions

However, to prevent malware from penetrating your device, and to remove it, should it infect your machine, there are antiviruses, such as GridinSoft Anti-Malware. It is a great program that has three types of protection. On-run protection, deep scanning, and browsing protection are also very important. The first function destroys the infection on approach. The second one, scan, will help you find well-hidden malware. The last feature mentioned is blocking and warning about malicious sites.

Unquestionable Benefits of Password Managers

Although we can never rule out the above-mentioned threats, they are unlikely to happen. If we discard them, we will have to admit that password managers possess some unquestionable benefits for the user. At least in comparison with the password policy of an average Internet user.

1. Increased security! Undoubtedly, the machine generates strong passwords better than humans, and the program makes them unrelated to any meaning. Also, manager software stores your credentials flawlessly, keeping them protected with the highest level of security. A 256-bit AES encryption is no joke; we can count it unbreakable, at least for today.
2. Password managers matchless ease browsing and Internet activities. On the one hand, your data becomes more protected. On the other hand, all this password-related fuss leaves you with a boring dream. You don’t need to invent passwords. Note them somewhere, just in case, forget them later, and reset them to access your account.
3. Password managers are an effective countermeasure against phishing and, more specifically, website spoofing. A well-made fake website can catch even an experienced user off guard. Imagine you run onto a typo-squatting webpage that looks just like a website you intended to visit. You haven’t noticed your typo, and as the site fully loads, you see the familiar appearance of the sign-in form. There is a high chance that the user here would notice no pitfall, let alone if tired, and input the login and the password right into the password-stealing form prepared by malefactors. However, a problem for a human is not a problem for a machine at all. You will notice if your password manager suddenly refuses to fill out the credentials form automatically. And it won’t, of course, if the website address is different, even if it is a one-character difference.

The post Is It Safe to Use a Password Manager in 2022? appeared first on Gridinsoft Blog.

In the beginning, you probably already understood from the name what these attacks are and what they are aimed at. It is resistance against someone or something. Password attacks that are aimed at damaging accounts. They are programmed to cheat the authentication process to get into the account. After that, the attackers who control these attacks spread their malicious software or steal confidential data from victims’ accounts.

Types of Password Attacks

In this article, we will look at several types of password attacks, their working principle, and their main purpose. Also, consider methods of warning against them.

Dictionary Password Attacks

This is a crude kind of attack through which an attacker works. Because he’s here to pick the most common passwords and try them out for multiple accounts. Also, take into account the dictionaries of the most common passwords and use them. This list of passwords can include the names of your relatives, the names of the dogs, the number, and the year of your birth. What can I do to warn myself against this?

Brute-Force Password Attacks

Attackers use many combinations of passwords and try to use them when entering victims’ accounts. This method is slightly outdated because it is time-consuming and long, but it is standard and one of the most common. There are several types of this attack. Consider the below:

Phishing Attacks

Phishing¹ is aimed at stealing sensitive data through fraud. Through emails, the attacker attempts to compromise the user’s ability to give his data to him. Intruders often use manipulation, extortion, deception, pressure on the user, and other insidious ways to get the user to hand over his bank accounts, account passwords, credit cards, and other confidential data. Examples of phishing attacks you can see below:

Man-in-the-Middle Attack

In this type, the attacker is a third party. It decrypts passwords and messages that are transmitted between users. The attacker intercepts these messages. In this case, he can be called an intermediary. To do this, a hacker uses unprotected communication channels. How to avoid man-in-the-middle attack? How not to give all your information to the attacker?

Password Spraying Attack

This attack focuses on password theft. The process is this: the attacker selects several passwords and sprays on many user accounts. These passwords are taken with password dictionaries. Also, they can be the most common combinations such as password1, qwerty, 1111, and other standard passwords. The attackers think of every move and try to bypass the blocking system so that after some attempts, the account will not be blocked. Password spraying – quite careless, a rough form of attack. After several attempts to log in, the site begins to block the entrance.

Keylogger

The Attacker tries to install monitoring tools on the user’s computer and makes a secret key recording. The information is recorded via a keylogger and then passed to the attacker. Generally, the keylogger is used with good intentions to monitor employees and improve UX, but even here the attackers have learned to turn it for their evil intentions.

Traffic Interception

This type of attack involves intercepting network traffic for data collection and monitoring. The most common way to do this is with connections that do not use encryption. Most often, these can be Wi-Fi connections. Therefore, learn how to use public Wi-Fi safely: risks to watch out for. This attack comes under SSL – traffic that the attacker intercepts through an attempt to connect to a secure website.

How to Prevent Password Attacks

Our data is a part of our life, everyone, and we would not like any hackers to use it against us for their own good and desire for financial gain. Below we will give some tips on how to avoid or prevent an attack by an intruder:

The post TOP 7 Types of Password Attacks appeared first on Gridinsoft Blog.

The attacker wants to hack accounts. He selects the most common passwords and their combinations, for example, 1111, password, qwerty, and other unreliable passwords. These password combinations are sprayed into the account database, and those accounts whose users have not made reliable protection on their accounts fall under this attack. In general, it can be called a rand. Because the attacker does not know exactly who has an unreliable password, he tries to attack, and in one such attack, will hack some part of accounts.

How Does Password Spraying Attack Work?

The password spraying attack can be divided into three stages, see below:

Password Spraying VS Credential Stuffing

These two attack methods are similar in that both try to affect accounts somehow and capture them. In the first case – this is the spraying of passwords. In the second case – it is the throwing of credentials.

Credential stuffing is a kind of barbaric attack that is based on automated tools. These tools check the usernames and passwords of most of the accounts that are stolen until some account works. In the case of password attacks, the focus is on finding accounts and selecting different combinations of passwords without using any tools.

Signs of Password Spraying

You may have been hurt or only at the risk of an attack by a cybercriminal. Then below, we will provide you with a few points through which you will learn them:

1. Increasing account blocking.
2. Failed and unknown login attempts.
3. Increasing Login attempts.

After these signs, you must understand that your account is at risk. Do not neglect this information and read below how to recover yourself from such an attack.

What to Do After Password Spraying Attacks

If you notice something wrong with your account, then immediately use the following steps:

1. Change password. The first step is to change the password. Use a more robust and complex password. Make it not easy to crack. Do not risk yourself in this way.
2. Contact Cyber Security. Contact your organization’s cybersecurity team. If the willow tree works for the company, you should contact your company’s safety department. You will help them deal with the attack; perhaps not only you have experienced it, inform someone so that no one will get hurt in the future.
3. Find out why and find the culprit. Find out why yourself or with the help of security. Next, try to remove the cause of the hack, enter a stronger password, and use two-factor authentication.

How to Prevent Password Spraying Attacks

The post Password Spraying Attack Overview appeared first on Gridinsoft Blog.