it’s wild how persistent old security advice is https://www.reddit.com/r/hacking/comments/zz1ugn/what_precautions_should_i_take_to_not_get_hacked/
I do NOT recommend Keeper for password management. Their posture towards security researchers has been anathema to accepted industry standards of vulnerability disclosure, to the point of litigation threats to journalists & security experts reporting on their products' bugs.
Actually cannot believe this. After 13 years, Sony/BMG have decided to take down Rick Astley's "Never gunna give you up" due to a dispute with Youtube over ad royalties.
It's completely blocked globally. Actual end of an era.
they instructed me to use their PGP key, and then they seemed unable to decrypt my message. they then asked me to submit to bugcrowd months afterwards and paid me a very low bounty.
this exact same issue happened when I reported a vulnerability in LastPass in 2016! https://furry.engineer/@soatok/109560736140669727
if you run into anyone trying to discount the severity of the lastpass breach by saying the master keys are impossible to crack, ask them how lastpass' key derivation works, what a credential stuffing attack is, and how well PBKDF2 scales on GPUs.
given the details, it looks like anyone whose data was in the breach and who also reused their master password elsewhere is in imminent danger of having all their passwords compromised, as is anyone who used a relatively common password.
I’d add to this: or where the person in charge of making the decision is not actually making the decision.
Sophos has observed more IcedID infections from #Malvertising
🔎 Google search for "webex download"
↪️ aerrkaler[.]online (redirect)
⬇️ Download of malware from Firebase (.zip containing .iso)
💥 rundll32.exe" \donoil.dat,init"
#IcedID C2: trbiriumpa[.]com
Unredacter: Shows you why y should never ever ever use pixelation as a redaction technique ..
Head of Security at Asana
Everyone is welcome as long as you follow our code of conduct! Thank you. Mastodon.cloud is maintained by Sujitech, LLC.