Snap packages make it easy to install productivity apps on Linux, and the author recommends five Snap apps to boost productivity: Bitwarden for password management, Slack for communication/collaboration, ChatGPT-Desktop for AI research, Trello Desktop for project management, and poe-writer for distraction-free writing. The author provides installation commands for each app and encourages users to give them a try for increased productivity on the Linux desktop.
Bitwarden, a popular password manager, is introducing support for passkeys in its browser extensions. Passkeys offer a more secure and convenient alternative to traditional passwords, utilizing device authentication methods such as face recognition or fingerprint scanning. This feature is being rolled out gradually, following similar support from Apple, Google, and other password managers. Passkeys are generated using WebAuthn technology, with one key stored by the website and a private key stored on the user's device. While passkeys are not yet widely supported, more websites are adopting them as a login option. Bitwarden currently supports passkeys in browser extensions but plans to add support in its mobile app in the future.
Fake Bitwarden websites are distributing installers that contain a new password-stealing malware called ZenRAT. The malware targets Windows users and collects browser data, credentials, and information about the infected host. The fake websites imitate the legitimate Bitwarden site and use typosquatting to deceive victims. Researchers at Proofpoint discovered ZenRAT and found that it is designed to be modular, with the potential for expanded capabilities. The malware is delivered through phishing campaigns and redirects users to a cloned page of an article about Bitwarden if they are not using Windows. The Bitwarden password manager has gained popularity, making it an attractive target for cybercriminals.
A new strain of malware called ZenRAT is targeting Windows users through fake installation packages of the Bitwarden password manager. The malware is a modular remote access trojan (RAT) with information stealing capabilities. It is distributed via fake websites posing as Bitwarden and redirects non-Windows users to benign pages. The payload contains a trojanized version of the Bitwarden installation package. ZenRAT gathers host details and transmits them to a command-and-control server operated by the threat actors. Users are advised to download software from trusted sources and verify website authenticity.
1Password has launched Passage, a developer resource to add passkey support to apps and websites with just a few lines of code. Passage includes two different tools: Passkey Complete and Passkey Flex. Passkey Complete completely replaces the existing authentication flow or builds from scratch with a robust solution for passwordless authentication and customer identity management. Passkey Flex upgrades the existing authentication flow so users have the flexibility to sign in with passkeys or their traditional username and password. Pricing is based on the website/app's needs.
Bitwarden, a popular password manager, can be deployed on-premises with Docker for added security. The process is easy and requires a running instance of an operating system that supports Docker, a user with sudo privileges, and an SMTP server. The installation process involves running a script and configuring environment variables for the SMTP server. It is crucial to use an SSL certificate for Bitwarden to function properly. Once installed, users can create accounts and enjoy added privacy for their sensitive data.
Bitwarden's password manager browser extension has a security vulnerability that has not been addressed for five years. The vulnerability allows hackers to steal a user's username and password for a website using an embedded iframe. Bitwarden is the only password manager that has not addressed the flaw, which is a weakness for all password managers. Bitwarden has now announced that it will take measures to mitigate the vulnerability, including implementing process breaks and warnings like other password managers.
