"Popular Password Managers Affected by Clickjacking - Popular password manager plugins for web browsers have been found susceptible to clickjacking security vulnerabilities that could be exploited to steal account credentials, two-factor authentication (2FA) codes, and credit card details under certain conditions. The technique has been dubbed Document Object Model (DOM)-based extension clickjacking by independent security researcher Marek Tóth, who presented the findings at the DEF CON 33 security conference earlier this month."
"Russian Hackers Go After Old Cisco Flaw - Hackers linked to Russia are exploiting a seven-year-old vulnerability in unpatched end-of-life Cisco networking devices (CVE-2018-0171) to target enterprise and critical infrastructure networks in the U.S. and abroad. Over the past year, the threat actor, which Cisco is tracking as Static Tundra, has collected configuration files from thousands of networking devices used by US organizations in critical infrastructure sectors."
Cybersecurity moves at the pace of global politics, with single breaches cascading across supply chains and turning software flaws into strategic leverage. Defense requires strategic thinking beyond firewalls and patches, connecting cyber risk to business, trust, and power. Popular browser password manager plugins were found susceptible to DOM-based extension clickjacking that could steal credentials, 2FA codes, and credit card details; vendors including Bitwarden, Dashlane, Enpass, KeePassXC-Browser, Keeper, LastPass, NordPass, ProtonPass, and RoboForm issued fixes. Hackers linked to Russia exploited a seven-year-old Cisco vulnerability (CVE-2018-0171), collected configuration files from thousands of devices, and altered settings to gain unauthorized network access and explore protocols and applications.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]