Your password manager just had encrypted vaults stolen. That’s not a near-miss.

Your password manager just had encrypted vaults stolen. That’s not a near-miss. Dashlane disclosed this week that attackers successfully downloaded encrypted password vaults belonging to fewer than 20 users via a brute-force attack. Dashlane notes the vaults remain encrypted and there’s no evidence of successful decryption. Most organizations reading this will breathe a sigh of…

Read More

The security tool your developer just installed may have already stolen your cloud keys.

The security tool your developer just installed may have already stolen your cloud keys. Red Hat’s official npm namespace was compromised on June 1. Thirty-two packages under @redhat-cloud-services — collectively downloaded ~80,000 times per week — contained a preinstall script that ran before a single line of application code executed. By the time the package…

Read More