Schneier on Security

NOVEMBER 5, 2018

Troy Hunt has a good essay about why passwords are here to stay, despite all their security problems: This is why passwords aren't going anywhere in the foreseeable future and why [insert thing here] isn't going to kill them. And I want to add that good two-factor systems, like Duo, also augment passwords rather than replace them.

Passwords 213

Passwords Authentication Banking Media 213

Troy Hunt

AUGUST 30, 2023

The advice to impacted individuals is as follows: Get a digital password manager to help you make all passwords strong and unique If you've been reusing passwords, change them to strong and unique versions now, starting with the most important services you use Turn on multi-factor authentication wherever it's available, especially for important (..)

Phishing 339

Phishing Password Management Passwords Banking 339

Troy Hunt

DECEMBER 7, 2021

He's not a techie (he runs a pizza restaurant), but somehow, we ended up talking about passwords. Change the password to one 1Password automatically generates c. Obviously, he still has a heap of accounts to set decent passwords on, but now he knows the pattern and he can repeat that over and over again.

Passwords 343

Passwords Password Management Banking Accountability 343

Troy Hunt

SEPTEMBER 17, 2019

Allow me to be controversial for a moment: arbitrary password restrictions on banks such as short max lengths and disallowed characters don't matter. Also, allow me to argue with myself for a moment: banks shouldn't have these restrictions in place anyway. 6 characters. for my *online banking*.

Banking 239

Banking Passwords Accountability Authentication 239

Krebs on Security

AUGUST 1, 2018

Reddit.com today disclosed that a data breach exposed some internal data, as well as email addresses and passwords for some Reddit users. Reddit said the exposed data included internal source code as well as email addresses and obfuscated passwords for all Reddit users who registered accounts on the site prior to May 2007.

Authentication 195

Authentication Mobile Passwords Accountability 195

Security Affairs

AUGUST 24, 2022

The streaming media platform Plex is urging its users to reset passwords after threat actors gained access to its database. Plex is an American streaming media service and a client–server media player platform. Exposed data includes emails, usernames, and encrypted passwords.

Data breaches 107

Data breaches Passwords Media Accountability 107

Malwarebytes

APRIL 11, 2022

A credential-stealing Windows-based malware, Spyware.FFDroider , is after social media credentials and cookies, according to researchers at ThreatLabz. Social media. If the malware manages to grab cookies for facebook.com or instagram.com from any of the target browsers, the cookies are replayed on the social media platforms.

Media 133

Media Malware Spyware Accountability 133

BH Consulting

AUGUST 31, 2023

When we think about social media, we think about the nice side of it: staying in touch with friends and family, getting updates about our interests – but the more active we are on it, the more risk we’re exposed to. Having policies and procedures to secure social media accounts and minimise the potential for incidents can help.

Media 52

Media Accountability Authentication Passwords 52

The Last Watchdog

NOVEMBER 19, 2023

As the companies face nine federal lawsuits for failing to protect customer data, it’s abundantly clear hackers have checkmated multi-factor authentication (MFA). But the coup de gras was how easily they brushed aside the multi-factor authentication protections. How they steamrolled multi-factor authentication is a reason for pause.

Social Engineering 310

Social Engineering Passwords Authentication Marketing 310

Security Affairs

OCTOBER 9, 2021

American media conglomerate Cox Media Group (CMG) was hit by a ransomware attack that took down live TV and radio broadcast streams in June 2021. The American media conglomerate Cox Media Group (CMG) announced it was hit by a ransomware attack that caused the interruption of the live TV and radio broadcast streams in June 2021.

Media 99

Media Ransomware Identity Theft Insurance 99

Malwarebytes

JANUARY 6, 2022

Credential stuffing is the automated injection of stolen username and password pairs in to website login forms, in order to fraudulently gain access to user accounts. Using a forum or social media account to send phishing messages or spam. Start using a password manager. No more passwords. What can users do?

Passwords 140

Passwords Accountability Identity Theft Password Management 140

Approachable Cyber Threats

MARCH 24, 2023

Try these tips for securing the digital treasure trove that is your social media presence. The age of digitization has transformed social media platforms into essential tools for personal and professional communication. Why should I secure my social media accounts?” What are some strategies for securing my accounts?”

Media 52

Media Accountability Passwords Password Management 52

Approachable Cyber Threats

MARCH 24, 2023

Try these tips for securing the digital treasure trove that is your social media presence. The age of digitization has transformed social media platforms into essential tools for personal and professional communication. Why should I secure my social media accounts?” What are some strategies for securing my accounts?”

Media 52

Media Accountability Passwords Password Management 52

Malwarebytes

OCTOBER 26, 2021

Users of social media and Facebook in particular tend to forget how many people can see the “public” part of their profile and posts. Other password shenanigans. Another privacy related concern we often get asked about are the sextortion emails that try to intimidate the recipient by telling them the attacker has their password.

Media 102

Media Cybersecurity Advertising Passwords 102

DoublePulsar

JANUARY 3, 2024

How 50% of telco Orange Spain’s traffic got hijacked — a weak password So here’s a funny story. The threat actor posted themselves logged in to account adminripe-ipnt@orange.es: The threat actor actually posted this screenshot themselves on social media to Orange, earlier today, while goading them. Or don’t, I don’t care.

Passwords 81

Passwords Accountability Internet Internet 81

Malwarebytes

SEPTEMBER 21, 2022

With children now back at school, it’s time to think about social media, and their use of it. Now is the time to consider giving your kids some security and privacy tips for all their social media needs. Tales of empty houses being broadcast to the world at large on social media may not end well. The value of anonymity.

Media 98

Media Scams Accountability Advertising 98

Malwarebytes

FEBRUARY 1, 2024

On January 31, 2024, the CEOs of the most widely used social media platforms appeared before the Committee. In response to the Committee’s questions, the social media CEOs largely agreed upon hiding inappropriate content and some sort of age verification. Such content includes the promotion of unlawful products for minors (e.g.

Media 116

Media Identity Theft Accountability Risk 116

SecureWorld News

MAY 10, 2022

Even though World Password Day is over, it's never too late to remind your end-users that weak, unimaginative, and easy-to-guess passwords—like "123456," "qwerty," and, well… "password"—are poor options for securing accounts and devices. Improving password best practices matters.

Passwords 80

Passwords Education Password Management Computers and Electronics 80

Security Affairs

MARCH 13, 2023

US CISA added remote code execution vulnerability in Plex Media Server to its Known Exploited Vulnerabilities Catalog. The three-year-old high-severity flaw is a deserialization of untrusted data in Plex Media Server on Windows, a remote, authenticated attacker can trigger it to execute arbitrary Python code. in May 2020. .

Media 79

Media InfoSec Password Management Engineering 79

Identity IQ

MAY 15, 2021

Passwords are your first line of defense for protecting your digital identity. As important as they are, however, about 52 percent of people still use the same passwords across multiple accounts and 24 percent use a variation of common passwords that are easy to hack. Hackers employ different strategies to steal your passwords.

Passwords 129

Passwords Password Management Accountability Phishing 129

Hot for Security

APRIL 19, 2021

A recent study analyzing the most effective social media phishing scams shows that LinkedIn-related emails were among the most successful entry points in the first quarter of 2021. According to KnowBe4’s simulated phishing tests report, 42% of employees will click on email subjects posing as authentic LinkedIn correspondence.

Scams 134

Scams Media Phishing Passwords 134

SC Magazine

MAY 7, 2021

Google announced that it will automatically enroll users in multifactor authentication – what they are calling two-step verification. Using their mobile device to sign in gives people a safer and more secure authentication experience than passwords alone,” Risher said. Photo by Mario Tama/Getty Images).

Authentication 89

Authentication Passwords Password Management Mobile 89

eSecurity Planet

SEPTEMBER 30, 2021

Underground services are cropping up that are designed to enable bad actors to intercept one-time passwords (OTPs), which are widely used in two-factor authentication programs whose purpose is to better protect customers’ online accounts. By using the services, cybercriminals can gain access to victims’ accounts to steal money.

Authentication 107

Authentication Social Engineering Phishing Banking 107

SC Magazine

FEBRUARY 4, 2021

Employees and executives are often oversharing personal details on social media and even in automated out-of-office (OOO) email messages. Of course, OOO instructions serve an important business communications function, and a strong strong social media profile is a great way to network with your peers and brand yourself. Social media.

Media 110

Media Social Engineering Passwords Accountability 110

Thales Cloud Protection & Licensing

OCTOBER 28, 2021

Trick or Treat: The Choice is Yours with Multifactor Authentication. Whether you want the ‘trick’ of a malevolent threat actor infiltrating your network by exploiting a compromised password or the ‘treat’ from the peace of mind associated with multifactor authentication, the choice is yours. Fri, 10/29/2021 - 05:29.

Authentication 71

Authentication VPN Passwords Accountability 71

Malwarebytes

SEPTEMBER 20, 2021

In a recent blog Microsoft announced that as of September 15, 2021 you can completely remove the password from your Microsoft account and use the Microsoft Authenticator app, Windows Hello, a security key, or a verification code sent to your phone or email to sign in to Microsoft apps and services. Why get rid of passwords?

Passwords 92

Passwords Accountability Authentication Phishing 92

CyberSecurity Insiders

JUNE 5, 2023

From social media platforms to online shopping and banking, we share a wealth of personal information that can be vulnerable to misuse or exploitation. Use Strong and Unique Passwords : One of the most basic yet critical steps is to create strong, unique passwords for your online accounts.

Passwords 126

Passwords Encryption Media Banking 126

SC Magazine

JUNE 21, 2021

Today’s columnist, Marcus Kaber of Specops Software, writes that as much as the tech companies are pushing biometrics options like facial recognition, most enterprises still run on legacy passwords. Enterprise security and IT are mostly well aware of these many password-driven risks. Industry must double down on password protection.

Passwords 79

Passwords Data breaches Social Engineering Security Awareness 79

Cisco Security

OCTOBER 19, 2022

You can start with your email accounts (especially any that you use as a recovery email for forgotten passwords, or use for financial, medical, or other sensitive communications). Set a long, unique password for each account. Set up strong authentication using multi-factor authentication wherever it is supported.

Passwords 109

Passwords Authentication Accountability Password Management 109

Threatpost

OCTOBER 13, 2020

The streaming box allows arbitrary code execution as root, paving the way to pilfering social-media tokens, passwords, messaging history and more.

Authentication 103

Authentication Media Passwords IoT 103

Thales Cloud Protection & Licensing

FEBRUARY 7, 2024

Additionally, the frustration with intrusive advertising (71%), cumbersome password resets (64%), and repetitive data entry (64%) indicate a growing demand for smoother digital experiences. The frustration is particularly evident in mundane yet essential tasks such as password management.

Media 78

Media Passwords Authentication Digital transformation 78

Krebs on Security

JUNE 27, 2023

On July 16, 2020 — the day after some of Twitter’s most recognizable and popular users had their accounts hacked and used to tweet out a bitcoin scam — KrebsOnSecurity observed that several social media accounts tied to O’Connor appeared to have inside knowledge of the intrusion.

Cryptocurrency 223

Cryptocurrency Accountability Mobile Hacking 223

Krebs on Security

FEBRUARY 26, 2023

Media coverage understandably focused on GoDaddy’s admission that it suffered three different cyberattacks over as many years at the hands of the same hacking group. But both SMS and app-based codes can be undermined by phishing attacks that simply request this information in addition to the user’s password.

Hacking 268

Hacking Social Engineering Phishing Scams 268

Security Affairs

APRIL 29, 2019

A cyber survey conducted by the United Kingdom’s National Cyber Security Centre (NCSC) revealed that ‘123456’ is still the most hacked password. Security experts at the United Kingdom’s National Cyber Security Centre (NCSC) analyzed the 100,000 most-commonly re-occurring breached passwords using data from Have I Been Pwned (HIBP).

Passwords 105

Passwords Accountability Data breaches Advertising 105

Krebs on Security

APRIL 6, 2021

. — rely on that number for password resets. From there, the bad guys can reset the password of any account to which that mobile number is tied, and of course intercept any one-time tokens sent to that number for the purposes of multi-factor authentication. It’s time we stopped letting everyone treat them that way.

Mobile 342

Mobile Accountability Passwords Authentication 342

Malwarebytes

DECEMBER 21, 2023

million customers’ usernames and hashed passwords. The company is notifying customers through a variety of channels, including through the Xfinity website , email, and news media. Xfinity has required customers to reset their passwords to protect affected accounts. Change your password. Watch out for fake vendors.

Data breaches 111

Data breaches Passwords Identity Theft Phishing 111

Mitnick Security

MARCH 31, 2021

It seems that everything we use these days requires a password. From email and social media accounts to everything in between, we always need a password to gain access. But it isn't as simple as just coming up with one password and using it for everything. At least, it would be best if you weren't doing that.

Authentication 40

Authentication Passwords Accountability Media 40