Alternatively, you can switch to Bitwarden. Bitwarden is a secure, open-source password manager that offers cross-device sync and unlimited password entries for free.

Bitwarden’s Premium plan only costs $10/year and gets you access to its two-factor authentication feature (including hardware keys support), emergency access, and 1GB encrypted storage. Bitwarden is available for every platform you can imagine. You can use its desktop app, browser extensions, mobile apps, web client, and even command-line tools.

Moving from LastPass to Bitwarden is actually quite easy. All you have to do is to generate a CSV file from your LastPass account that you can then import directly into Bitwarden.

Source:
https://www.howtogeek.com/714518/how-to-transfer-your-lastpass-passwords-to-bitwarden/

Over the weekend, security researcher M. Shahpasandi told BleepingComputer that the Ziggy Ransomware admin announced on Telegram that they were shutting down their operation and would be releasing all of the decryption keys.

In an interview with BleepingComputer, the ransomware admin said they created the ransomware to generate money as they live in a “third-world country.”

After feeling guilty about their actions and concerns over recent law enforcement operations against Emotet and Netwalker ransomware, the admin decided to shut down and release all of the keys.

Today, the Ziggy ransomware admin posted a SQL file containing 922 decryption keys for encrypted victims. For each victim, the SQL file lists three keys needed to decrypt their encrypted files.

Source:
https://www.bleepingcomputer.com/news/security/ziggy-ransomware-shuts-down-and-releases-victims-decryption-keys/

Samuel Morse and Alfred Vail invented morse code as a way of transmitting messages across telegraph wire. When using Morse code, each letter and number is encoded as a series of dots (short sound) and dashes (long sound).

Starting last week, a threat actor began utilizing Morse code to hide malicious URLs in their phishing form to bypass secure mail gateways and mail filters.

BleepingComputer could not find any references to Morse code being used in phishing attacks in the past, making this a novel obfuscation technique.

Source:
https://www.bleepingcomputer.com/news/security/new-phishing-attack-uses-morse-code-to-hide-malicious-urls/

In this blog, we explore seven of the most common system and Active Directory misconfigurations, how adversaries take advantage of them, and how IT and security teams can address them to strengthen their organization’s overall cybersecurity posture.

Source:
https://www.crowdstrike.com/blog/seven-common-microsoft-ad-misconfigurations-that-adversaries-abuse/

The bug, which some have started calling CurveBall, impacts CryptoAPI (Crypt32.dll), the component that handles cryptographic operations in the Windows OS.

According to a high-level technical analysis of the bug from cyber-security researcher Tal Be’ery, “the root cause of this vulnerability is a flawed implementation of the Elliptic Curve Cryptography (ECC) within Microsoft’s code.”

According to both the NSA, the DHS, and Microsoft, when exploited, this bug (tracked as CVE-2020-0601) can allow an attacker to:

• launch MitM (man-in-the-middle) attacks and intercept and fake HTTPS connections
• fake signatures for files and emails
• fake signed-executable code launched inside Windows

Source:
https://www.zdnet.com/article/proof-of-concept-exploits-published-for-the-microsoft-nsa-crypto-bug/

Google reports that its quantum computer, dubbed Sycamore, solved a mathematical calculation in 200 seconds that would take a supercomputer 10,000 years. IBM, a quantum competitor, asserted that Google’s claim of supremacy is overblown, and that the world’s most powerful classical computer, the Summit OLCF-4 at Oak Ridge National Laboratory, could have done the same calculation in 2.5 days—roughly a thousandfold difference rather than 1.5 trillionfold. Still, quantum computers are no longer science fiction.

To process information, digital computers use bits, essentially switches that can be either off or on, corresponding with the binary digits, 0 and 1. Quantum computers employ “qubits,” which use the probabilistic nature of quantum physics to represent any combination of 0 and 1 simultaneously, enabling them to encode more complicated data.

Their computing power grows exponentially as the number of qubits expands. Sycamore’s 54-qubit chip allowed it to outcompute the best supercomputer. A 2,000- to 4,000-qubit quantum computer would render most public-key encryption architectures—used for applications from banking and credit cards to the power grid—obsolete. They rely on numbers too big for conventional computers to factorize, but which a quantum computer could.

Building quantum computers is a very heavy lift. They require hugely expensive infrastructure to stabilize the qubits at temperatures near absolute zero. They also generate high error rates, or “quantum noise,” for which researchers have to compensate. Developers are probably years away from the large-scale code-breaking quantum computer everyone worries about—although once scientists and engineers start using quantum computers to build the next generation of quantum computers (since modeling complex systems like themselves is one of their strengths) the timeline could quickly shorten.

Source:
https://www.wsj.com/articles/the-quantum-computing-threat-to-american-security-11573411715

For those who are unfamiliar with Windows Power Toys, they were small freeware utilities that were created by Windows developers as side projects related to something that they were interested about. They were not supported by Microsoft and were use-at-your-own-risk type of tools.

For Windows users, especially power users, they allowed you to play with Windows internals by tweaking undocumented features, play with fun tools, or to provide functionality that made it easier to get things done.

Some of the more popular Power Toys were Tweak UI that allowed you to enable undocumented features in the Windows Shell and user interface, a virtual desktop manager, and “Open Command Window Here”, which allowed you to open a command prompt within whatever folder you right-clicked on.

While some of these features are now built into Windows, in the past they were not and users enjoyed them as many provided an insight into the Windows internals that mostly Microsoft developers really knew about.

Source:
https://www.bleepingcomputer.com/news/microsoft/microsoft-is-relaunching-power-toys-for-windows-10-users/

Cylance is another startup that has been making big strides in the cybersecurity realm. The company recently closed a $120 million funding round, taking its total raised to around $300 million since its inception eight years ago. This also positions it well to grow its enterprise client base ahead of a rumored IPO in the not-too-distant future.

But before all that, Cylance has other plans to bolster its growth. Today, the company announced that it’s broadening its horizons to include the lucrative consumer cybersecurity market.

Source:
https://venturebeat.com/2018/07/12/cylance-expands-its-ai-powered-antivirus-software-to-the-consumer-market/

If yes, then pop-up advertisements in the previous CCleaner software version was not the last thing you have to deal with.

Avast has released a new version of CCleaner 5.45 that not only always runs in the background, but also collects information about your system without giving you a way to turn the feature off.

CCleaner is a popular application, available in both free and premium versions, with over 2 billion downloads that allow users to clean up their Windows, Mac, and mobile devices to optimize and enhance performance.

Last year, CCleaner made headlines when it suffered a massive supply-chain malware attack of all times, wherein hackers compromised its servers for over a month and replaced the original version of the software with the malicious one, infecting over 2.3 million users worldwide.

Source:
https://thehackernews.com/2018/08/ccleaner-software-download.html

What will it do for your browsing experience? It prevents pop-ups, browser hijackers, and browser lockers from harassing you and interrupting your surfing. It also blocks clickbait links and fake news content, stops in-browser cryptocurrency miners, and gives other malicious content the boot. All this while relying on threat behavior patterns rather than on researchers who have to track down, identify the malware, and add it to a database of known threats. (We still need those researchers to make our products better. This is just a different, faster method.)

Speaking of behavior patterns, our browser extension is the first that heuristically identifies and blocks tech support scams‘ browser-locker pages, which scare users into calling fake tech support scammers. So it protects you from unwanted social engineering tactics as well.

Source:
https://blog.malwarebytes.com/malwarebytes-news/betas/2018/07/introducing-malwarebytes-browser-extension/