Well #PasswordManagers were not as secure as we all thought.
All Password Managers that use a browser add-on/plugin for auto-fill functionality are susceptible to #ClickJacking security vulnerabilities that could be exploited to steal account credentials.
It works on all of them:
#LastPass
#Bitwarden
#iCloudPasswords
#Enpass
#1Password
#NordPass
#ProtonPass
#Keeper
#Dashlane
& yes even the one I use #KeePassXC
Some have pushed out updates.

More info: https://marektoth.com/blog/dom-based-extension-clickjacking/

#CyberSecurityNews

Passwortmanager sind angreifbar. Das fand Marek Tóth heraus und berichtete darüber auf der #DefCon33:
https://marektoth.com/blog/dom-based-extension-clickjacking/
Die von Tóth aufgedeckten Schwachstellen ermöglichen es Hackern, sensible Daten aus Passwort-Managern zu stehlen, darunter Kreditkartendaten, Namen, Adressen und Telefonnummern, wenn ein Opfer eine bösartige Website besucht. Darüber hinaus können Hacker, wenn eine anfällige Website, auf der Ihre Passwort-Manager-Anmeldedaten gespeichert sind, eine Cross-Site-Scripting-Schwachstelle (XSS) oder eine Subdomain-Übernahme aufweist, diese ausnutzen, um Anmeldedaten (Benutzernamen und Passwörter), 2FA-Codes und Passkeys zu stehlen.
Nach Updates gelten inzwischen folgende Passwortmanager als sicher: #Bitwarden #Dashlane, #Keeper, #NordPass, #ProtonPass & #RoboForm.

#infosec #passwortmanager #2FA#security #privacy #BeDiS

#Zeroday #Clickjacking #exploit impacts several #passwordmanagers

https://www.ghacks.net/2025/08/21/zero-day-clickjacking-exploit-impacts-several-password-managers/?utm_source=mas.to&utm_medium=social&utm_campaign=&utm_term=&utm_content=&utm_referrer=https%3A%2F%2Fmas.to%2F%40KNTRO&utm_id=&utm_creative=&utm_channel=mastodon_organic&utm_platform=desktop&utm_location=argentina&utm_language=es-ar&utm_variant=

#Zero_Day #Password #Passwords #PasswordManager #0day #0_day #MarekTóth #Tóth #1Password #Bitwarden #Dashlane #Enpass #iCloudPasswords #Keeper #LastPass #LogMeOnce #NordPass #ProtonPass #RoboForm #Cybersecurity #Socket #KeePass

NordPass: Bảo Mật Mạnh Mẽ Hơn, Trải Nghiệm Mượt Mà Hơn! #NordPass #MậtKhẩu #BảoMật #Cybersecurity #CôngNghệ

NordPass: Bảo Mật Mạnh Mẽ Hơn, Trải Nghiệm Mượt Mà Hơn! #NordPass #MậtKhẩu #BảoMật #Cybersecurity #CôngNghệ NordPass, dịch vụ quản lý mật khẩu nổi tiếng toàn cầu, vừa công bố một bản cập nhật đáng kể, mở rộng đáng kể chức năng và cải thiện trải nghiệm người dùng. Bản cập nhật này tập trung vào việc tăng cường bảo mật, tối ưu hóa hiệu suất và bổ sung nhiều tính…

https://doogee.io.vn/274432/nordpass-bao-mat-manh-me-hon-trai-nghiem-muot-ma-hon-nordpass-matkhau-baomat-cybersecurity-congnghe/

#NordPass lets you store #passports and other #IDs now - but is this #safe?

https://www.zdnet.com/article/nordpass-lets-you-store-passports-and-other-ids-now-but-is-this-safe/
https://nordpass.com/blog/introducing-nordpass-documents/

A new #NordPass study shows car makers and dealerships still use weak passwords like “123456” and things aren't much better in industries like healthcare, retail, and tech.

Read: https://hackread.com/smart-cars-dumb-passwords-auto-industry-weak-passwords/

#CyberSecurity #DataBreach #AutoIndustry #Password

NordPass has published their 2024 most common passwords list.

The list identifies the top 200 most common passwords from 44 countries.
Filter list by individual country or all countries.

Corporate passwords list.
Individual passwords list.

View password.
View time to crack password.
View amount of times password was used.

Website: https://nordpass.com/most-common-passwords-list/

#NordPass #Passwords #InfoSec #Passkeys #CyberSecurity #Privacy #PasswordManager #Password #Passkey #Safety #PasswordGenerator #Security

#NordPass password manager is on sale! Get 56% off premium for safe, convenient password management, autofill, and breach detection.

https://gadgetbond.com/nordpass-password-manager-deal/