Recent searches

No recent searches

Search options

Only available when logged in.
toad.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mastodon server operated by David Troy, a tech pioneer and investigative journalist addressing threats to democracy. Thoughtful participation and discussion welcome.

Administered by:

Server stats:

269
active users

toad.social: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.1

#keepass

0 posts0 participants0 posts today
*
𝕂𝚞𝚋𝚒𝚔ℙ𝚒𝚡𝚎𝚕

»KI umgeht Schutzmaßnahmen – ChatGPT Agent umgeht Botschutz mit einem Klick:
"Dieser Schritt ist notwendig, um zu prüfen, dass ich kein Bot bin", schreibt ChatGPT in einem Fall.«

Ich behaupte, das war vorhersehbar aber eine Lösung ausser 2FA TOTP oder Keepass habe ich nun auch nicht. Einige der Bot-Schützer sind ja schon länger veraltet und deswegen von Bots umgehbar.

🤖 golem.de/news/ki-umgeht-schutz

www.golem.deKI umgeht Schutzmaßnahmen: ChatGPT Agent umgeht Botschutz mit einem Klick - Golem.de"Dieser Schritt ist notwendig, um zu prüfen, dass ich kein Bot bin", schreibt ChatGPT in einem Fall.
#ki#bot#keepass
Continued thread
Seth G.

@cryptomator Credential management was a particularly fun one to figure out: the best way to secure those.

I am using Proton Pass, since they have cloud-synced #passkey support, but their export only supports .json. To make it easy, I import the .json into @keepassxc to make a #KeePass vault, so even if the service goes down, I can still open my creds on desktop or #KeePassDX. KeePass vaults are also widely-supported for import into other cloud credential managers.

#passkeys
Replied in thread
Erik van Straten

@AngelaScholder : so do I on my Windows PC.

On my Android phone I'm using KeePassDX and on my iPhone KeePassium.

Unfortunately Google recently broke part of Autofill in Android. I had to enable "MagicKeyboard" to make things work again.

When logging in to security.nl, I now have to tap the globe-icon at the bottom right of the screen to change "keyboards".

Then the regular keyboard is replaced by the more or less "Magic Keyboard" dummy keyboard, which pops up the green KeePassDX prompt as shown below (the red text was added to the screenshot by me).

Autofill means that I don't have to use the clipboard and more importantly, that I'm less likely to try to log on to a fake website.

@oliversampson @kaye

#Autofill#Android#KeePassDX
jfmblinux :jeditux:

🇫🇷
Depuis quelque temps @keepassxc demande d'approuver les nouvelles autorisations.

(#Keepass-Browser a été mise à jour. Vous devez approuver les nouvelles autorisations avant que la version mise à jour ne soit installée. Sélectionner « Annuler » conservera la version actuelle de l'extension. Cette extension aura l'autorisation de :

Consulter et modifier les paramètres de vie privée.)

En savoir plus :
support.mozilla.org/fr/kb/mess

SÉRIEUX : Consulter et modifier les paramètres de vie privée 🤔
Je commence à avoir des doutes 🙄

🇬🇧
For some time since @keepassxc has been asking to approve the new authorizations.

(#Keepass-Browser has been updated. You must approve the new authorizations before the update version is installed. Select "Cancel" will keep the current version of the extension. This extension will have the authorization of:

Consult and modify privacy settings.)

Find out more:
support.mozilla.org/en-US/kb/p

SERIOUS: consult and modify the parameters of privacy 🤔
I'm starting to have doubts 🙄

#KeepassXC#KeepassXCBrowser#Privacy
Victoria Stuart 🇨🇦 🏳️‍⚧️

Billions of login credentials may have leaked. Here's how you can protect your accounts
cbc.ca/news/business/login-cre
Cybersecurity experts suggest using passwordless login methods like passkeys

KeePassX | KeePassXC, people
en.wikipedia.org/wiki/KeePassXC

CBCBillions of login credentials may have leaked. Here's how you can protect your accounts | CBC NewsA recent report by Cybernews claimed that 16 billion login credentials were exposed and compiled into datasets online, giving cybercriminals access to accounts for online platforms like Google, Apple and Facebook. While much is still unconfirmed about the leak, experts have some tips on how to keep your accounts protected.
#KeePass#cybersecurity#passwords
Continued thread
*
VulcanTourist

Using passwords that are not only NOT memorable but also entirely unique to each site and service is the most useful thing you can do to protect yourself.

The primary value of breaches to evildoers is the ability to use the same breached password at another desirable site or service to gain access, and repeating that in a Domino Effect. Hackers can go after the "low-hanging fruit" with lax security practices to obtain caches of passwords that may gain them access to sites that have strong security, effectively rendering that security meaningless when lazy fools reuse passwords.

I'm eager for the day when passwords are fully obsolete, but that day won't arrive very soon and so using a secure password manager - #KeePass, for instance - and making every password both unique and unintelligible is crucial.

*
OchMensch

Es wird vor gefälschten Downloads des Passwortmanagers KeePass gewarnt, die Malware enthalten können und über Werbeanzeigen angeboten werden, auch in Suchmaschinen.

Genereller Tipp: Software ausschließlich nur direkt vom Anbieter herunterladen und achet dabei auf Schreibfehler in der URL.

Im Falle von KeePass wäre das: keepass.info/

keepass.infoKeePass Password SafeKeePass is a free open source password manager. Passwords can be stored in an encrypted database, which can be unlocked with one master key.
#Malware#Trojaner#Schadsoftware
ResearchBuzz: Firehose

PC World: Hackers are spreading fake password manager ransomware via Bing ads. “Using an old trick, hackers have set up new sites with ‘squatter’ URLs that look close enough to the genuine KeePass site at KeePass.info. On the fake sites, the interface mimics the genuine one to near perfection, offering downloads of the password manager. But according to an investigation by WithSecure, the […]

https://rbfirehose.com/2025/05/25/pc-world-hackers-are-spreading-fake-password-manager-ransomware-via-bing-ads/

#bing#keepass#malware
:mastodon: decio

Une campagne de malware très avancée a détourné KeePass, un gestionnaire de mots de passe open source populaire.
⬇️
Des cybercriminels ont modifié le code source de KeePass, l’ont recompilé avec un certificat numérique valide et diffusé via de la pub malveillante (malvertising) sur des moteurs de recherche. (merci-pas-merci Google)

Résultat : une version piégée de KeePass était distribuée à des victimes pensant télécharger l’original. Cette fausse version :

Exfiltrait les bases de données KeePass avec les mots de passe en clair

Déployait un malware furtif (Cobalt Strike) servant à prendre le contrôle de l’ordi et propager une attaque (type ransomware).

Le malware se cachait sous des fichiers normaux, utilisait le nom “KeeLoader” et évitait d’être détecté par les antivirus. Il restait discret jusqu’à l’ouverture d’un fichier de mot de passe.

4️⃣ Technique d’infection :

  • Faux site KeePass (ex: keeppaswrd.com)

  • Téléchargement infecté

  • Déploiement du malware + vol des mots de passe

  • Prise de contrôle du réseau (RDP, SSH, etc.)

  • Chiffrement des données (ransomware)

Des indices montrent des liens avec des groupes comme Black Basta et l’utilisation de services criminels "as-a-service" (certificats, infra, etc.).

N’abandonnons pas les gestionnaires de mots de passe…
Mais téléchargeons-les uniquement depuis les sites officiels

"KeePass trojanised in advanced malware campaign

In 2025, WithSecure discovered a trojanised, and signed version of the open-source password manager KeePass, used to deliver malware and exfiltrate credentials. Named KeeLoader, this modified installer was signed with trusted certificates and distributed via malvertising and typo-squat domains to victims across Europe."
👇
labs.withsecure.com/publicatio
👇📄
labs.withsecure.com/content/da

labs.withsecure.comKeePass trojanised in advanced malware campaignIn 2025, WithSecure discovered a trojanised, and signed version of KeePass, used to deliver malware and exfiltrate credentials. Their investigation revealed evidence of active development of the malicious KeePass, and uncovered more malvertising campaigns and domains, significantly contributiting to the criminal ecosystem. Download the full research paper, which offers technical analysis, indicators of compromise, and actionable defense guidance.
#CyberVeille#KeePass#BlackBasta
TrendingLive feeds
About