98
Critical 1Password flaws may allow hackers to snatch your passwords (CVE-2024-42219, CVE-2024-42218)
(www.helpnetsecurity.com)
this post was submitted on 09 Aug 2024
98 points (99.0% liked)
Cybersecurity
5410 readers
233 users here now
c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
- Be respectful. Everyone should feel welcome here.
- No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
- No Ads / Spamming.
- No pornography.
Community Rules
- Idk, keep it semi-professional?
- Nothing illegal. We're all ethical here.
- Rules will be added/redefined as necessary.
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub
Notable mention to !cybersecuritymemes@lemmy.world
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
A good reminder to always set your password manager to auto-lock (with PIN for convenience) after 3-5 minutes. The PIN makes it easy to re-log, while not being bruteforceable (AFAIK after few failed attempts it reverts to password), and if someone would get to your PC, either physically or remotely, they won't be able to get all your passwords.
One of the best jackpots I've ever found during Red Teaming engagements was when I RDPd to a server through pass-the-hash, only to find an unlocked password manager with passwords for most of the other servers, service and admin accounts.