Security Alerts & News
by Tymoteusz A. Góral

History
#2052 Password-manager apps for Android (security analysis)
There are different policies for the generation of secure passwords. However, one of the biggest challenges is to memorize all these complex passwords. Password manager applications are a promising way of storing all sensitive passwords cryptographically secure. Accessing these passwords is only possible if the user enters a secret master password. At first sight, the requirements for a password manager application seem simple: Storing the passwords of a user centralized in a secure and confidential way. However, how is the reality on mobile, password manger applications, especially on Android? Applications vendors advertise their password manager applications as “bank-level” or “military-grade” secure. However, can users be sure that their secrets are actually stored securely? Despite the vendors’ claims, is it nevertheless possible to obtain access to the stored credentials?

In order to answer these questions, we performed a security analysis on the most popular Android password manager applications from the Google Play Store based on download count. The overall results were extremely worrying and revealed that password manager applications, despite their claims, do not provide enough protection mechanisms for the stored passwords and credentials. Instead, they abuse the users` confidence and expose them to high risks.
Read more
#2064 Web cache deception attack
#2063 Dridex’s cold war: enter AtomBombing
#2062 Decrypting after a Findzip ransomware infection
#2061 Filecode ransomware attacks your Mac – how to recover for free
#2060 Google security researcher finds hole in ESET's Mac antivirus
#2059 AWS goes down, and so do millions of websites, apps, and other services
#2058 AI learns to write its own code by stealing from other programs
#2057 Ransomware for dummies: Anyone can do it
#2056 Pretzel: Email encryption and provider-supplied functions are compatible (PDF)
#2055 Google Play apps infected with malicious iFrames
#2054 Is E2EMail a new beginning or the end for Google’s End-to-End?
#2053 Expanding protection for Chrome users on macOS
#2052 Password-manager apps for Android (security analysis)
#2051 Crypt0L0cker ransomware is back with campaigns targeting Europe
#2050 Yahoo says 32m user accounts were accessed via cookie forging attack
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12