Password Auditing Tool L0phtCrack Released as Open Source
First released in 1997, L0phtCrack can be used to test password strength and recover lost Windows passwords via dictionary, brute-force, and other types of attacks. L0phtCrack was originally developed by Peiter Zatko, also known as Mudge, of the L0pht hacker think tank. L0pth then merged with @stake, which was acquired by Symantec in 2004. It…
Yubico Enables Biometric Logins With New YubiKey Bio Series
Featuring support for the FIDO2/WebAuthn and U2F protocols, YubiKey Bio Series leverages fingerprint recognition to enable users to securely log in to their accounts using a second factor or without passwords at all. The new security keys support the biometric enrollment and management features that have been implemented in modern platforms and operating systems. According…
CISA Opens IPv6 Guidance to Public Feedback
Named IPv6 Considerations for TIC 3.0, the document was issued in line with Office of Management and Budget (OMB) Memorandum 21-07, which mandates CISA to enhance the Trusted Internet Connections (TIC) program to ensure Internet Protocol version 6 (IPv6) is implemented within federal IT systems. The new IPv6 guidance is meant to provide information on…
Identity Solutions Provider Saviynt Raises $130 Million
Saviynt plans to invest the funds in research and development and personnel, to better meet demand for its cloud-based identity solution. Increasingly aware of risks associated with identity-related security breaches, organizations worldwide are shifting toward a Zero Trust approach in which identity management is a central piece. Alongside identity governance (IGA), the company’s Enterprise Identity…
Zoom Introduces End-to-End Encrypted Phone Calls
Starting last year, the video calling platform has been offering E2EE in Zoom Meetings, and it is now ready to make it available for one-on-one phone conversations made through the Zoom client as well. Once the new feature is available, users will see a “More” option during phone calls, allowing them to turn on encryption,…
Facebook Announces Encrypted WhatsApp Backups
While a user can easily turn on WhatsApp on any new device, given that accounts are phone number-based, conversation history isn’t available unless a backup was created on the previous device. Users can set time intervals for the creation of local backups and can also choose to store those in the cloud, for fast access….
GitHub Patches Security Flaws in Core Node.js Dependencies
“These vulnerabilities may result in arbitrary code execution due to file overwrite and creation when tar is used to extract untrusted tar files or when the npm CLI is used to install untrusted npm packages under certain file system conditions,” GitHub said in an advisory. A code npm dependency, tar is used to extract and…
Nokia-Owned SAC Wireless Discloses Data Breach
In a notification letter filed with the Maine Attorney General’s Officer, the company said personal information of roughly 6500 individuals was compromised during a ransomware attack that was identified in mid-June. An investigation launched into the incident, the company says, has revealed that the attackers first compromised SAC Wireless’ systems in April 13. The threat…
Firefox 90 Drops Support for FTP Protocol
Built on a client-server model architecture and in use for roughly five decades, FTP allows for the easy transfer of files and folders between computers. However, because data is transmitted unencrypted, the protocol has long been considered insecure. Secure variants do exist, including one that leverages SSL/TLS (FTPS), or the SSH File Transfer Protocol (SFTP)….
Adobe: Critical Flaws in Reader, Acrobat, Illustrator
The Mountain View, Calif.-based Adobe urged Windows and macOS users to treat the PDF Reader patch with the utmost priority, because the flaws expose machines to remote code execution and privilege escalation attacks. The Acrobat and Reader update patches at least 19 documented vulnerabilities, all carrying the “critical” or “important” security ratings. ”Successful exploitation could…
