2018, Password Management and Passwords

Banks, Arbitrary Password Restrictions and Why They Don't Matter

Troy Hunt

SEPTEMBER 17, 2019

Allow me to be controversial for a moment: arbitrary password restrictions on banks such as short max lengths and disallowed characters don't matter. troyhunt pic.twitter.com/9FMSdvVRiL — Hagen (@hagendittmer) June 3, 2018. link] @troyhunt — Daniel Parker (@CodyMcCodeFace) June 21, 2018. 6 characters.

Banking

Banking Passwords Accountability Authentication

Why (almost) everything we told you about passwords was wrong

Malwarebytes

OCTOBER 3, 2022

I have an embarrassing confession to make: I reuse passwords. I am not a heavy re-user, nothing crazy, I use a password manager to handle most of my credentials but I still reuse the odd password from time to time. It seems obvious and important therefore to tell users not to reuse passwords.

Passwords

Passwords Password Management Accountability Internet

When Accounts are "Hacked" Due to Poor Passwords, Victims Must Share the Blame

Troy Hunt

NOVEMBER 7, 2018

The first one was about HSBC disclosing a "security incident" which, upon closer inspection, boiled down to this: The security incident that HSBC described in its letter seems to fit the characteristics of brute-force password-guessing attempts, also known as a credentials stuffing attack. link] — Troy Hunt (@troyhunt) November 6, 2018.

Passwords

Passwords Accountability Hacking Education

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

LastPass updates security notice with information about a recent incident

Malwarebytes

JANUARY 3, 2023

The password management company LastPasss notified customers in late December about a recent security incident. LastPass states that users that followed their best password practices have nothing to worry about. It is recommended that you never reuse your master password on other websites. Unencrypted data.

Password Management

Password Management Passwords Encryption Accountability

Discord.io confirms theft of 760,000 members' data

Malwarebytes

AUGUST 16, 2023

username and your Discord ID, your email-address, your billing address, and a salted and hashed password if you signed up in 2018 or earlier. (In In 2018 discord.io Affected Discord users should change their passwords and enable multi-factor authentication (MFA). Change your password. Watch out for fake vendors.

Data breaches

Data breaches Authentication Passwords Phishing

LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

Krebs on Security

SEPTEMBER 22, 2023

The password manager service LastPass is now forcing some of its users to pick longer master passwords. But critics say the move is little more than a public relations stunt that will do nothing to help countless early adopters whose password vaults were exposed in a 2022 breach at LastPass.

Passwords

Passwords Encryption Password Management Cryptocurrency

The Effectiveness of Publicly Shaming Bad Security

Troy Hunt

SEPTEMBER 11, 2018

that no, you didn't just need a username and birth date to reset the account password. link] — Troy Hunt (@troyhunt) April 18, 2018. Third party password managers are precisely what we need to address the scourge of account takeover attacks driven by sloppy password management on behalf of individuals.

Media

Media Accountability Passwords Mobile

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

The Last Watchdog

JANUARY 28, 2019

Worldwide spending on information security products and services rose to $114 billion in 2018, up from $102 billion in 2017, an increase of 12.4 Use a password manager. It’s clear that we will continue to be reliant on usernames and passwords to access online services for some time to come. Everyone should be using one.

Passwords

Passwords Password Management Antivirus Internet

How to Stop Phishing Attacks in Their Tracks

SiteLock

AUGUST 27, 2021

Microsoft’s “ Security Intelligence Report, Volume 24 ” shows a 250% increase in the number of phishing emails and attacks since 2018. Pick a Strong Password Manager. Employees inevitably rely on a few identical or similar passwords for multiple accounts. Make Use of Multifactor Authentication.

Phishing

Phishing Passwords Education Password Management

Why & Where You Should You Plant Your Flag

Krebs on Security

AUGUST 12, 2020

As KrebsOnSecurity observed back in 2018 , many people — particularly older folks — proudly declare they avoid using the Web to manage various accounts tied to their personal and financial data — including everything from utilities and mobile phones to retirement benefits and online banking services. In 2018, the U.S.

Accountability

Accountability Mobile Banking Passwords

773M Password ‘Megabreach’ is Years Old

Krebs on Security

JANUARY 17, 2019

My inbox and Twitter messages positively lit up today with people forwarding stories from Wired and other publications about a supposedly new trove of nearly 773 million unique email addresses and 21 million unique passwords that were posted to a hacking forum. As we can see above, Collection #1 offered by this seller is indeed 87GB in size.

Passwords

Passwords Accountability Hacking Password Management

CryptoCore hacker group stole over $200M from cryptocurrency exchanges

Security Affairs

JUNE 24, 2020

The CryptoCore group, aks Crypto-gang, “Dangerous Password”, and “Leery Turtle” has been active since 2018. The spear-phishing messages attempt to trick the victims into installing malware on their computer that allows attacker to steal or obtain access to a password manager account. Pierluigi Paganini.

Cryptocurrency

Cryptocurrency Phishing Accountability Passwords

Blur data leak potentially exposed data of 2.4 Million users

Security Affairs

JANUARY 6, 2019

Blur is a popular password manager developed by the online privacy firm Abine, it also implements private browsing features and masked email. Leaked data included email addresses, password hashes ( bcrypt hashes with a unique salt for each user), IP addresses and, in some cases, first and last names and password hints.

Passwords

Passwords Password Management Advertising Accountability

MY TAKE: Why companies should care about 2.2 billion stolen credentials circulating in easy reach

The Last Watchdog

FEBRUARY 1, 2019

billion stolen usernames, passwords and other personal data. Related: Massive Marriott breach closes out 2018. This is where criminals deploy botnets to automate the injection of surreptitiously obtained usernames and password pairs until they gain fraudulent access to a targeted account. ” Third-party risks.

Small Business

Small Business Passwords Authentication Accountability

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

Krebs on Security

MARCH 31, 2020

A massive cyber espionage campaign targeting a slew of domains for government agencies across the Middle East region between 2018 and 2019 was preceded by a series of targeted attacks on domain registrars and Internet infrastructure firms that served those countries. Nation-state level attackers also are taking a similar approach.

Phishing

Phishing DNS Social Engineering Accountability

NEW TECH: Devolutions’ ‘PAM’ solution helps SMBs deal with rising authentication risks

The Last Watchdog

MARCH 10, 2020

A 2018 Cisco Cybersecurity Special Report found that 54 % of all cyber attacks cost the target company more than $0.5 Devolutions is a Montreal, Canada-based company that provides remote connection in addition to password and privileged access management (PAM) solutions to SMBs. million — damages that would crush most SMBs.

Authentication

Authentication Risk Digital transformation Passwords

Reddit locked Down accounts due to alleged security breach

Security Affairs

JANUARY 10, 2019

Reddit seems to exclude a security breach of its systems, it pointed out that the root cause of the accounts lockdown is caused by the use of simple passwords on its website and from the reuse of those passwords on multiple services. I’m leaning toward the former.” ” wrote a Reddit user. ” explained the admin.

Accountability

Accountability Data breaches Passwords Advertising

Discord scammers lure victims with promise of free Nitro subscriptions

Malwarebytes

OCTOBER 8, 2021

This week it’ll be a bot promoting a “red hot” offer from 2018. Discord offers some tips on how to keep your account safe : Use a strong password, and one that is unique to your Discord account. You’ll also frequently see bots pushing offers for things which simply don’t exist anymore. How to protect your Discord account.

Scams

Scams Phishing Accountability Passwords

Security Affairs newsletter Round 312

Security Affairs

MAY 2, 2021

Every week the best security articles from Security Affairs free for you in your email box. Every week the best security articles from Security Affairs free for you in your email box.

Password Management

Password Management DNS Ransomware Malware

Beyond Awareness: How to Cultivate the Human Side of Security

CyberSecurity Insiders

MAY 16, 2022

While exploring phishing examples and best tools to manage passwords, offer to dive into how tools actually work. Think about password management. The average person, in their personal and professional life, may be managing as many as 200 application accounts, each with a password. About Amanda Fennell.

CSO

CSO Passwords Password Management Accountability

Immigration organisations targeted by APT group Evilnum

Malwarebytes

JUNE 30, 2022

Evilnum, on the APT scene since 2018 at the earliest and perhaps most well known for targeting the financial sector , appears to have switched gears. Consider using a password manager for organization-specific passwords. In times of conflict.

Password Management

Password Management Passwords Encryption Authentication

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Krebs on Security

SEPTEMBER 5, 2023

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. “If you have my seed phrase, you can copy and paste that into your wallet, and then you can see all my accounts. . But on Nov.

Cryptocurrency

Cryptocurrency Passwords Encryption Accountability

Reddit discloses a data breach, a hacker accessed user data

Security Affairs

AUGUST 1, 2018

The hacker accessed user data, email addresses, and a 2007 backup database containing hashed passwords managed by the platform. “A hacker broke into a few of Reddit’s systems and managed to access some user data, including some current email addresses and a 2007 database backup containing old salted and hashed passwords. .

Data breaches

Data breaches Backups Passwords Authentication

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Krebs on Security

FEBRUARY 18, 2019

government — along with a number of leading security companies — recently warned about a series of highly complex and widespread attacks that allowed suspected Iranian hackers to siphon huge volumes of email passwords and other sensitive data from multiple governments and private companies. The first domain was “ ns0.idm.net.lb

DNS

DNS Internet Internet Government

How to secure a Mac for your kids

Malwarebytes

AUGUST 24, 2022

In 2018 I decided to give my kids an old Apple laptop to share, and I documented the steps I took to secure it. Install a password manager. A password manager is software for creating and remember strong passwords. Good ones also provide a safe way for users to share passwords with other people.

Passwords

Passwords Accountability Software Password Management

350 million decrypted email addresses left exposed on an unsecured server

Security Affairs

AUGUST 27, 2020

The timeline of uploads might indicate that these emails have been either stolen or acquired on the black market back in October 2018 , and then gradually decrypted by the owner of the bucket. If your email happens to be among those leaked, we strongly recommend that you immediately change your email password. Who had access?

Social Engineering

Social Engineering Passwords Marketing Phishing

Akamai Report: Credential stuffing attacks are a growing threat

Security Affairs

SEPTEMBER 25, 2018

This kind of attacks is very efficient due to the bad habit of users of reusing the same password over multiple services. Billion malicious login attempts from bots in May and June, an overall number of 30 billion malicious logins were observed between November 2017 and June 2018, an average of 3.75 The experts detected 8.3

Passwords

Passwords Data breaches Advertising Password Management

RSA 2022 Musings: The Past and The Future of Security

Anton on Security

JUNE 10, 2022

A password manager claimed “zero trust for passwords” while a SIEM/UEBA vendor promised to reveal all zero trust secrets (I bet they use VPN internally…). A firewall management vendor claimed to “simplify zero trust.” So still no money in it? But this is perhaps changing in the next few years. RSA 2017: What’s The Theme?

VPN

VPN Marketing Firewall Passwords

What Is REvil Ransomware?

SiteLock

SEPTEMBER 29, 2021

Researchers and security firms have linked REvil as a strain of GandCrab, another RaaS group that was wildly popular in 2018. Use unique passwords to protect each of your sensitive data and accounts, while also enabling two-factor authorization. Use a password manager to generate and track your passwords.

Ransomware

Ransomware Computers and Electronics Backups Passwords

Facebook’s Massive Data Breach Is Already Impacting You

Approachable Cyber Threats

APRIL 9, 2021

While most data breaches that you hear about in the news are related to passwords or credit card information being stolen by a hacker, a data breach can also include your personal information, health information, or proprietary information from your organization. “What is a data breach?”

Data breaches

Data breaches Passwords Identity Theft Password Management

Inside the Cit0Day Breach Collection

Troy Hunt

NOVEMBER 19, 2020

txt" had a small number of email address and password hex pairs. I mean can we trust that both the email addresses and passwords from these alleged breaches represent actual accounts on those services? txt" and true to its name, it appears from the forgotten password email that they were never even hashed in the first place.

Passwords

Passwords Password Management Accountability Risk

Kaspersky addressed multiple issues in online protection solutions

Security Affairs

NOVEMBER 26, 2019

The vulnerabilities were found by the security researcher Wladimir Palant that reported them to Kaspersky in December 2018. “In December 2018 I could prove that websites can hijack the communication between Kaspersky browser scripts and their main application in all possible configurations. ” continues the analysis.

Antivirus

Antivirus Advertising Password Management Passwords

The CPRA compliance checklist every business should follow in 2023

CyberSecurity Insiders

MAY 2, 2023

It amends the 2018 California Consumer Privacy Act (CCPA) introduced in response to rising consumer data privacy concerns. The CPRA builds on the six original consumer rights introduced by the CCPA in 2018. Ensure employees use modern tools such as password managers to protect their online accounts.

Data collection

Data collection Data breaches Password Management Data privacy

The Hidden Cost of Ransomware: Wholesale Password Theft

Krebs on Security

JANUARY 6, 2020

Organizations in the throes of cleaning up after a ransomware outbreak typically will change passwords for all user accounts that have access to any email systems, servers and desktop workstations within their network. ” WHOLESALE PASSWORD THEFT. If we’d had more time to prepare, it would have gone better.

Passwords

Passwords Ransomware Password Management Malware

Announcing the launch of the Android Partner Vulnerability Initiative

Google Security

OCTOBER 2, 2020

Improving Android OEM device security The APVI covers Google-discovered issues that could potentially affect the security posture of an Android device or its user and is aligned to ISO/IEC 29147:2018 Information technology -- Security techniques -- Vulnerability disclosure recommendations.

Password Management

Password Management Passwords Backups Engineering

Beyond Passwords: 2FA, U2F and Google Advanced Protection

Troy Hunt

NOVEMBER 14, 2018

Last week I wrote a couple of different pieces on passwords, firstly about why we're going to be stuck with them for a long time yet and then secondly, about how we all bear some responsibility for making good password choices. This week, I wanted to focus on going beyond passwords and talk about 2FA.

Passwords

Passwords Authentication Accountability Mobile

ROUNDTABLE: Why T-Mobile’s latest huge data breach could fuel attacks directed at mobile devices

The Last Watchdog

AUGUST 19, 2021

For T-Mobile, this is the sixth major breach since 2018. Look for unusual activity on your phone and requests for password resets you’re not expecting. Chris Clements, VP of Solutions Architecture, Cerberus Sentinel. It’s incumbent upon us as consumers of technologies services to adopt a defense-in-depth posture.

Mobile

Mobile Data breaches Authentication Accountability

Ferocious Kitten: 6 years of covert surveillance in Iran

SecureList

JUNE 16, 2021

From 2015 to February 2018, the malware was compiled with Visual Studio 2013 and 2015, whereas in February 2018, the developers moved to Visual Studio 2017 and embedded the malware’s logic within Microsoft Foundation Class (MFC) classes. argument: path to file to upload. – List files and repositories.

Surveillance

Surveillance Malware Password Management Passwords

RSA 2022 Musings: The Past and The Future of Security

Security Boulevard

JUNE 10, 2022

A password manager claimed “zero trust for passwords” while a SIEM/UEBA vendor promised to reveal all zero trust secrets (I bet they use VPN internally…). A firewall management vendor claimed to “simplify zero trust.” RSA 2018: Not As Messy As Before? So still no money in it? Related posts: RSA 2020 Reflection.

VPN

VPN Marketing Firewall Passwords

Top 5 Strategies for Vulnerability Mitigation

Centraleyes

DECEMBER 6, 2023

According to Purplesec, ransomware attacks have increased by 350% since 2018, zero-day attacks were up by 55% in 2021, and out of the 30 million SMBs in the USA, over 66% have had at least 1 cyber incident between 2018-2020. Vulnerability management is a critical element of information security.

Risk

Risk Cyber Risk Software Information Security

Spotlight: CTIA’s IoT Cybersecurity Certification is a Big Deal. Here’s why.

The Security Ledger

MARCH 13, 2019

» Related Stories Podcast Episode 129: Repair Eye on the CES Guy and Sensor Insecurity EU calls for End to Default Passwords on Internet of Things Podcast Episode 134: The Deep Fake Threat to Authentication and analyzing the PEAR Compromise. Here’s why. appeared first on. Read the whole entry. » Sameer Dixit is the Sr.

IoT

IoT Cybersecurity Internet Internet

Have I Been Pwned is Now Partnering With 1Password

Troy Hunt

MARCH 29, 2018

The penny first dropped for me just over 7 years ago to the day: The only secure password is the one you can't remember. In an era well before the birth of Have I Been Pwned (HIBP), I was doing a bunch of password analysis on data breaches and wouldn't you know it - people are terrible at creating passwords! Everywhere.

Password Management

Password Management Passwords Data breaches Retail

SolarWinds blaming intern for leaked password is symptom of ‘security failures’

SC Magazine

MARCH 2, 2021

House Oversight and Homeland Security committees last week, SolarWinds’s former and current CEOs blamed an intern for creating a weak FTP server password and leaking it on GitHub – an act which may or may not have contributed to a supply chain hack that impacted users of the tech firm’s Orion IT performance monitoring platform.

Passwords

Passwords Password Management CISO InfoSec

MY TAKE: COVID-19’s silver lining could turn out to be more rapid, wide adoption of cyber hygiene

The Last Watchdog

MAY 11, 2020

Rules with teeth This fast-tracking of Middle East cybersecurity regulations unfolded as the European Union was putting the finishing touches on its tough new data privacy and data handling rules, with enforcement teeth , set forth in GDPR, which took effect in May 2018. That basic advice continues to hold very true today, even more so.

Computers and Electronics

Computers and Electronics Data privacy Encryption Media

Banks, Arbitrary Password Restrictions and Why They Don't Matter

Why (almost) everything we told you about passwords was wrong

Webinars

Trending Sources

When Accounts are "Hacked" Due to Poor Passwords, Victims Must Share the Blame

Webinars

LastPass updates security notice with information about a recent incident

Discord.io confirms theft of 760,000 members' data

LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

The Effectiveness of Publicly Shaming Bad Security

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

How to Stop Phishing Attacks in Their Tracks

Why & Where You Should You Plant Your Flag

773M Password ‘Megabreach’ is Years Old

CryptoCore hacker group stole over $200M from cryptocurrency exchanges

Blur data leak potentially exposed data of 2.4 Million users

MY TAKE: Why companies should care about 2.2 billion stolen credentials circulating in easy reach

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

NEW TECH: Devolutions’ ‘PAM’ solution helps SMBs deal with rising authentication risks

Reddit locked Down accounts due to alleged security breach

Discord scammers lure victims with promise of free Nitro subscriptions

Security Affairs newsletter Round 312

Beyond Awareness: How to Cultivate the Human Side of Security

Immigration organisations targeted by APT group Evilnum

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Reddit discloses a data breach, a hacker accessed user data

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

How to secure a Mac for your kids

350 million decrypted email addresses left exposed on an unsecured server

Akamai Report: Credential stuffing attacks are a growing threat

RSA 2022 Musings: The Past and The Future of Security

What Is REvil Ransomware?

Facebook’s Massive Data Breach Is Already Impacting You

Inside the Cit0Day Breach Collection

Kaspersky addressed multiple issues in online protection solutions

The CPRA compliance checklist every business should follow in 2023

The Hidden Cost of Ransomware: Wholesale Password Theft

Announcing the launch of the Android Partner Vulnerability Initiative

Beyond Passwords: 2FA, U2F and Google Advanced Protection

ROUNDTABLE: Why T-Mobile’s latest huge data breach could fuel attacks directed at mobile devices

Ferocious Kitten: 6 years of covert surveillance in Iran

RSA 2022 Musings: The Past and The Future of Security

Top 5 Strategies for Vulnerability Mitigation

Spotlight: CTIA’s IoT Cybersecurity Certification is a Big Deal. Here’s why.

Have I Been Pwned is Now Partnering With 1Password

SolarWinds blaming intern for leaked password is symptom of ‘security failures’

MY TAKE: COVID-19’s silver lining could turn out to be more rapid, wide adoption of cyber hygiene

Stay Connected