Krebs on Security

SEPTEMBER 5, 2023

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. As it happens, Plex announced its own data breach one day before LastPass disclosed its initial August intrusion.

Cryptocurrency 351

Cryptocurrency Passwords Encryption Accountability 351

Duo's Security Blog

MAY 23, 2023

Talks of passkeys, passphrases, and even password less all point in one direction: eroding faith in the previously trusty password tucked under your keyboard. Passwords are a weak point in modern-day secure authentication practices, with Verizon highlighting that almost 50% of breaches start with compromised credentials.

Authentication 113

Authentication Passwords Data breaches Phishing 113

The Last Watchdog

NOVEMBER 22, 2021

With so much critical data now stored in the cloud, how can people protect their accounts? Until biometrics or a quantum solution change our everyday approach to encryption, passwords remain our first line of defense against data breaches, hackers, and thieves. 4) Use a password manager.

Passwords 244

Passwords Password Management Accountability Data breaches 244

Malwarebytes

DECEMBER 4, 2023

When the breach was first announced, 23andMe urged its users to ensure they have strong passwords, to avoid reusing passwords from other sites, and to enable multi-factor authentication (MFA). Telling users to choose strong passwords and not to reuse them is great advice that just isn’t working.

Passwords 119

Passwords Identity Theft Accountability Data breaches 119

Krebs on Security

SEPTEMBER 22, 2023

The password manager service LastPass is now forcing some of its users to pick longer master passwords. But critics say the move is little more than a public relations stunt that will do nothing to help countless early adopters whose password vaults were exposed in a 2022 breach at LastPass. .” ”

Passwords 272

Passwords Encryption Password Management Cryptocurrency 272

Duo's Security Blog

DECEMBER 12, 2023

Certain risks may expose critical infrastructure to cyberattacks, enabling malicious actors to gain unauthorized access to critical business information and potentially causing large-scale data breaches. In fact, IBM's 2023 Cost of a Data Breach Report found that 82% of data breaches involved data stored in the cloud.

Data breaches 82

Data breaches Authentication Passwords Risk 82

Duo's Security Blog

JUNE 12, 2023

Before we can discuss passkeys, we need to lay some groundwork and discuss authentication, Passwordless and WebAuthn. What is authentication? Authentication is the process of verifying your online identity. We started with usernames and passwords – something you know. What is passwordless? It is MFA Phishing Resistant.

Authentication 116

Authentication Passwords Password Management Phishing 116

Troy Hunt

SEPTEMBER 8, 2022

Great to see a book deliver this authenticity - we're all only human after all! Troy Hunt takes us on his life journey, ups and downs, explaining how haveIbeenpwned came to be, raising awareness of the world’s poor password and online security habits. This book has it all.

InfoSec 358

InfoSec Password Management Passwords IoT 358

Webroot

MAY 3, 2022

If your passwords follow the standard guidelines offered by most sites that require a single capital letter, at least 6 charters, numbers and one special character, hackers can easily make a series of attempts to try and gain access. Without proper password integrity, personal information and business data may be at risk.

Passwords 117

Passwords Identity Theft Password Management Antivirus 117

Malwarebytes

DECEMBER 21, 2021

On his blog , Troy Hunt has announced a major milestone in the ‘Have I Been Pwned?’ This enormous injection of used passwords has puffed up the world’s largest publicly available password database by 38%, according to Hunt. If it says a password you use has breached, you know to never use it again.

Passwords 139

Passwords Password Management Authentication Data breaches 139

Troy Hunt

JULY 9, 2018

One of the most alarming trends I've seen in the world of data breaches since starting Have I Been Pwned (HIBP) back in 2013 is the rapid rise of credential stuffing attacks. Go and get a password manager (I use 1Password ), generate random strings for passwords, job done. (Of The Pemiblanc list contained 6.8

Password Management 195

Password Management Passwords Data breaches Accountability 195

Webroot

FEBRUARY 15, 2024

But it’s just as important you don’t use the same password for multiple accounts. If you’ve been compromised in a data breach, hackers can use your stolen email and password to try and enter thousands of other sites—and if you keep using the same credentials, they’ll be successful.

Identity Theft 73

Identity Theft Banking Scams Passwords 73

Identity IQ

JULY 17, 2023

Cybercriminals are constantly evolving their tactics to get unauthorized access to sensitive data, and having your credentials compromised poses a significant threat. In this blog, we provide you with ten actionable ways to safeguard your digital identity, focusing specifically on how to prevent compromised credentials.

Identity Theft 52

Identity Theft Password Management Passwords Authentication 52

Identity IQ

JULY 17, 2023

Cybercriminals are constantly evolving their tactics to get unauthorized access to sensitive data, and having your credentials compromised poses a significant threat. In this blog, we provide you with ten actionable ways to safeguard your digital identity, focusing specifically on how to prevent compromised credentials.

Identity Theft 52

Identity Theft Password Management Passwords Authentication 52

Duo's Security Blog

MAY 5, 2022

Our passwords are the gatekeepers to our digital lives, from online banking and shopping accounts to social media platforms, a significant portion of our online accessibility is determined by the strength (and memorability) of our passwords. To create a more secure and convenient future, authentication must become passwordless.

Passwords 73

Passwords Password Management Authentication Risk 73

Troy Hunt

MARCH 29, 2018

The penny first dropped for me just over 7 years ago to the day: The only secure password is the one you can't remember. In an era well before the birth of Have I Been Pwned (HIBP), I was doing a bunch of password analysis on data breaches and wouldn't you know it - people are terrible at creating passwords!

Password Management 264

Password Management Passwords Data breaches Retail 264

Duo's Security Blog

MARCH 24, 2023

How passwordless solves for password problems Chrysta: What does passwordless mean, and how does that differ from traditional password-based authentication? Christi: Passwordless authentication specifically is any primary factor authentication that is not requiring the user to remember a passphrase or password.

Passwords 78

Passwords Authentication Password Management Technology 78

Troy Hunt

MARCH 10, 2021

Pwned Passwords is a repository of 613M passwords exposed in previous data breaches, which makes them very poor choices for future use. They're totally free and they have a really cool anonymity API that ensures no useful information about the password being searched for is ever exposed.

Passwords 348

Passwords IoT Password Management Data breaches 348

Krebs on Security

JANUARY 30, 2024

The missives asked users to click a link and log in at a phishing page that mimicked their employer’s Okta authentication page. Those who submitted credentials were then prompted to provide the one-time password needed for multi-factor authentication. A booking photo of Noah Michael Urban released by the Volusia County Sheriff.

Social Engineering 326

Social Engineering Mobile Cybercrime Passwords 326

Google Security

FEBRUARY 23, 2021

Passwords are usually the first line of defense against hackers, and with the number of data breaches that could publicly expose those passwords, users must be vigilant about safeguarding their credentials. Password Checkup on Android apps is available on Android 9 and above, for users of Autofill with Google.

Passwords 95

Passwords Authentication Accountability Password Management 95

BH Consulting

FEBRUARY 15, 2024

Its findings included data from Irish businesses, which ranked cyber attacks and data breaches as their top risk they face. Passwords: can’t live with ’em, can’t access vital online services without ’em Passwords were in the news again lately, for all the wrong reasons. It’s downloadable here.

Passwords 52

Passwords Surveillance Risk Data breaches 52

Troy Hunt

DECEMBER 10, 2019

So why doesn't every site take away the ability for people to choose their own passwords? Why not just generate the password for them thus completely eradicating password reuse? There's a fundamental flaw in the logic which I summarised as follows: If the site generates a password, how do you store it? Password manager?

Passwords 161

Passwords Password Management Accountability Authentication 161

Heimadal Security

SEPTEMBER 20, 2021

Credential stuffing is a form of cyberattack where hackers are taking over massive databases of usernames and passwords, many of which are stolen in recent data breaches, and use an automated method to “stuff” the account logins into other online services.

Data breaches 78

Data breaches Passwords Phishing Accountability 78

Security Affairs

SEPTEMBER 14, 2018

The operator of the service shared the file with the popular expert Troy Hunt who operates the Have I Been Pwned data breach notification service asking him to check the source of the huge trove of data. The data is not related to a data breach of kayo.moe, the platform was not impacted by any incident.

Data breaches 89

Data breaches Passwords Advertising Password Management 89

Malwarebytes

MAY 24, 2022

Credential stuffing is a special type of brute force attack where the attacker uses existing username and password combinations, usually ones that were stolen in a data breach on another service. This incident demonstrates how dangerous it is to re-use your passwords for sites, services and platforms. Credential stuffing.

Passwords 90

Passwords Accountability Password Management Manufacturing 90

Malwarebytes

MAY 19, 2021

What these names have in common is that they have all experienced at least one breach in 2013—the year when threat actors started targeting organizations across industries to either steal data for profit or leak them to “teach companies a lesson about cybersecurity.” Do they even know they have been breached?

Passwords 119

Passwords Data breaches Government Accountability 119

SiteLock

AUGUST 27, 2021

It’s a heartwarming tale of multiple mass data compromises, which affected yours truly. We’ll also discuss how major data breaches occur, and what you can do to protect yourself in the Age of the Large Data Breach. How Website Security Breaches Occur. Next, use robust authentication practices.

Data breaches 52

Data breaches Identity Theft Passwords Firewall 52

IT Security Guru

JULY 4, 2023

Educational institutions own many sensitive data, such as personnel and financial information, as well as intellectual property. In this blog post, we’ll look at the factors that make schools susceptible to cyberattacks and discuss why it’s crucial to have robust cybersecurity measures to safeguard the academic community.

Education 100

Education Passwords Backups IoT 100

Thales Cloud Protection & Licensing

JANUARY 7, 2021

Modern architectures and applications place additional demands on access management tools. This blog will introduce access management evaluation criteria guidelines and discuss what features you should look for and what vendors to consider for your next employee access management solution. FIDO Authentication.

Authentication 62

Authentication VPN Passwords Risk 62

Identity IQ

APRIL 12, 2023

Top 7 Data Security Practices for the Workplace IdentityIQ As businesses become increasingly reliant on technology, protecting sensitive information is more important than ever. Data breaches and cyberattacks can result in costly consequences, making strong data security practices essential. Risk reduction. Job security.

Passwords 52

Passwords Data breaches Antivirus Password Management 52

Identity IQ

JUNE 20, 2023

Leveraging this trust, they convince individuals to provide access to their accounts, share confidential data, or perform actions that compromise their identities. Data Breaches and Targeted Phishing Attacks Data breaches and targeted phishing attacks are common methods employed by identity thieves.

Social Engineering 73

Social Engineering Scams Engineering Identity Theft 73

Malwarebytes

SEPTEMBER 21, 2021

After a breach, cybercriminals often sell and re-sell the stolen data. And if your child uses the same password across multiple accounts, when one gets breached they are all vulnerable. This is where a password manager comes in. Your password manager can help with this. Far from it.

Internet 107

Internet Internet Passwords Password Management 107

eSecurity Planet

DECEMBER 3, 2021

Brian Krebs is an independent investigative reporter known for his coverage of technology, malware , data breaches , and cybercrime developments. Krebs wrote for The Washington Post between 1995 and 2009 before launching his current blog KrebsOnSecurity.com. Brian Krebs | @briankrebs. Dave Kennedy | @hackingdave.

Accountability 139

Accountability Cybersecurity Penetration Testing InfoSec 139

Troy Hunt

JUNE 25, 2018

Pretty much every day, I get a reminder from someone about how little people know about their exposure in data breaches. Frequently, it's some long-forgotten site they haven't even thought about in years and also frequently, the first people know of these incidents is via HIBP: large @ticketfly data breach.

Passwords 273

Passwords Data breaches Password Management Accountability 273

Troy Hunt

FEBRUARY 11, 2019

On reflecting over the last 3 and a half weeks, this is where we seem to be with credential stuffing lists today and I want to use this blog post to explain the thinking whilst also addressing specific questions I've had regarding Collections #2 through #5. As the rest of world woke up to the story, all hell broke loose.

Passwords 209

Passwords Data breaches Media InfoSec 209

Identity IQ

MAY 9, 2023

This blog covers why military members are more vulnerable to identity theft, how they can help prevent it, how to spot warning signs, and where to report identity theft if they become a victim. Data breaches at government agencies may lead to the sale of servicemembers’ personal information online.

Identity Theft 52

Identity Theft Accountability Banking Passwords 52

Zigrin Security

OCTOBER 11, 2023

In today’s digital age, the threat of data breaches is a constant concern. Therefore, it is crucial to understand what hackers are planning to do with your data and take proactive measures to protect it. Let’s have a look at the types of threat actors and what type of data they would like to obtain.

Cyber threats 52

Cyber threats Penetration Testing Passwords Backups 52