Australian Firm Behind Passwordstate Compromised in Supply Chain Attack
Australian Firm Behind Passwordstate Compromised in Supply Chain Attack
AirDrop flaws can expose private information, Emotet was automatically wiped from infected computers, Data from 20 million BigBasket users compromised in a breach, DoD releases 175M IP addresses, more
Check out our special edition from yesterday on the death of hacking pioneer Dan Kaminsky at 42.
Click Studios, the Australian software firm behind password manager application Passwordstate, notified its 29,000 customers that an unknown threat actor compromised the update mechanism of Passwordstate.
According to press reports, the malware-laced update was live for 28 hours between April 20, 20:33 UTC and April 22, 00:30 UTC. Danish security firm CSIS said the app’s password cache was stolen. Click Studios told customers to change all the passwords they stored inside compromised Passwordstate password managers as soon as possible. (Catalin Cimpanu / The Record)
Related: Reddit - cybersecurity, Gizmodo, E Hacking News, Bleeping Computer, DataBreaches.net, SecureReading, Cyber Kendra, Ars Technica, Cyberscoop, TechCrunch, Bleeping Computer, ZDNet, IT Wire, Dark Reading, The Record, CSIS Group, Techradar, SecurityWeek, PCMag.com, SlashGear, Security Affairs, The Hacker News
Keep reading with a 7-day free trial
Subscribe to Metacurity to keep reading this post and get 7 days of free access to the full post archives.