Naked Security

S3 Ep137: 16th century crypto skullduggery

Lots to learn, clearly explained in plain English... listen now! (Full transcript inside.)

Naked Security

Serious Security: That KeePass “master password crack”, and what we can learn from it

Here, in an admittedly discursive nutshell, is the fascinating story of CVE-2023-32784. (Short version: Don't panic.)

The Hacker News

KeePass Exploit Allows Attackers to Recover Master Passwords from Memory

A proof-of-concept (PoC) has been made available for a security flaw impacting the KeePass password manager that could be exploited to recover a victim's master password in cleartext under specific circumstances. The issue, tracked as CVE-2023-32784, impacts KeePass versions 2.x for Windows, Linux, and macOS, and is expected to be patched in version 2.54, which is likely to be released early

Naked Security

S3 Ep121: Can you get hacked and then prosecuted for it? [Audio + Text]

Latest epsiode. Listen now!

Naked Security

Password-stealing “vulnerability” reported in KeePass – bug or feature?

Is it a vulnerability if someone with control over your account can mess with files that your account is allowed to access anyway?

The Hacker News

Hackers Using Rogue Versions of KeePass and SolarWinds Software to Distribute RomCom RAT

The operators of RomCom RAT malware are continuing to evolve their campaigns by distributing rogue versions of software such as SolarWinds Network Performance Monitor, KeePass password manager, and PDF Reader Pro via fake copycat websites. Targets of the operation consist of victims in Ukraine and select English-speaking countries like the U.K. "Given the geography of the targets and the current