Blog

Password managers from Keeper, Dashlane, LastPass, and 1Password found to be vulnerable, study finds. Source: Password managers can be tricked into believing that malicious Android apps are legitimate | ZDNet

A security researcher has claimed a new vulnerability in the latest version of macOS — just hours before the software is due to be released. Patrick Wardle, chief researcher officer at Digita Security, tweeted a video Monday of an apparent privacy feature bypass that’s designed to prevent apps from improperly accessing a user’s personal data. […] Source: Security researcher claims macOS Mojave privacy bug on launch day

Microsoft automatically installs six bloatware apps on every Windows 10 PC, even after a clean install. This needs to stop. Source: Hey, Microsoft, stop installing third-party apps on clean Windows 10 installs!

A security researcher discovered private data lurking on 60 Trello boards belonging to the United Nations. Sensitive information was also found in public Google documents. Source: United Nations Accidentally Exposed Passwords and Sensitive Information to the Whole Internet

C# has received some recent attention in the security community, and the Microsoft.Workflow.Compiler.exe security issue recently identified by Matt Graber at SpecterOps prompted us to take a closer look at the potential for using this technique in real-world attacks. Firstly, we will look at how PowerShell fits into the ‘fileless’ attack ecosystem and talk about why attackers may find C# more attractive than PowerShell. Finally, we will look at why the newly found issue in