Password managers from Keeper, Dashlane, LastPass, and 1Password found to be vulnerable, study finds.
Source: Password managers can be tricked into believing that malicious Android apps are legitimate | ZDNet
A security researcher has claimed a new vulnerability in the latest version of macOS — just hours before the software is due to be released. Patrick Wardle, chief researcher officer at Digita Security, tweeted a video Monday of an apparent privacy feature bypass that’s designed to prevent apps from improperly accessing a user’s personal data. […]
Source: Security researcher claims macOS Mojave privacy bug on launch day
Microsoft automatically installs six bloatware apps on every Windows 10 PC, even after a clean install. This needs to stop.
Source: Hey, Microsoft, stop installing third-party apps on clean Windows 10 installs!
A security researcher discovered private data lurking on 60 Trello boards belonging to the United Nations. Sensitive information was also found in public Google documents.
Source: United Nations Accidentally Exposed Passwords and Sensitive Information to the Whole Internet
C# has received some recent attention in the security community, and the Microsoft.Workflow.Compiler.exe security issue recently identified by Matt Graber at SpecterOps prompted us to take a closer look at the potential for using this technique in real-world attacks. Firstly, we will look at how PowerShell fits into the ‘fileless’ attack ecosystem and talk about why attackers may find C# more attractive than PowerShell. Finally, we will look at why the newly found issue in Microsoft.Workflow.Compiler.exe may be useful but – in its current form – cannot be considered a truly ‘fileless’ technique.