2018 and Password Management - Cyber Security Informer

LastPass updates security notice with information about a recent incident

Malwarebytes

JANUARY 3, 2023

The password management company LastPasss notified customers in late December about a recent security incident. LastPass states that users that followed their best password practices have nothing to worry about. It is recommended that you never reuse your master password on other websites.

Password Management

Password Management Passwords Encryption Accountability

Banks, Arbitrary Password Restrictions and Why They Don't Matter

Troy Hunt

SEPTEMBER 17, 2019

That said, Westpac down in Australia certainly appears to be 6 characters: Finally thought @Westpac had upped their password game, moving from the long pointless on-screen keyboard (OSK) with a character count limit, to 'normal' password entry. troyhunt pic.twitter.com/9FMSdvVRiL — Hagen (@hagendittmer) June 3, 2018.

Banking

Banking Passwords Accountability Authentication

Discord.io confirms theft of 760,000 members' data

Malwarebytes

AUGUST 16, 2023

username and your Discord ID, your email-address, your billing address, and a salted and hashed password if you signed up in 2018 or earlier. (In In 2018 discord.io Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don't use for anything else.

Data breaches

Data breaches Authentication Passwords Phishing

The Effectiveness of Publicly Shaming Bad Security

Troy Hunt

SEPTEMBER 11, 2018

[link] — Troy Hunt (@troyhunt) April 18, 2018. Third party password managers are precisely what we need to address the scourge of account takeover attacks driven by sloppy password management on behalf of individuals. AjaxStudy) April 18, 2018. Käthe — T-Mobile Austria (@tmobileat) April 6, 2018.

Media

Media Accountability Passwords Mobile

Why (almost) everything we told you about passwords was wrong

Malwarebytes

OCTOBER 3, 2022

I have an embarrassing confession to make: I reuse passwords. I am not a heavy re-user, nothing crazy, I use a password manager to handle most of my credentials but I still reuse the odd password from time to time. passwords each. One weird trick to improve your passwords.

Passwords

Passwords Password Management Accountability Internet

CryptoCore hacker group stole over $200M from cryptocurrency exchanges

Security Affairs

JUNE 24, 2020

The CryptoCore group, aks Crypto-gang, “Dangerous Password”, and “Leery Turtle” has been active since 2018. The spear-phishing messages attempt to trick the victims into installing malware on their computer that allows attacker to steal or obtain access to a password manager account. Pierluigi Paganini.

Cryptocurrency

Cryptocurrency Phishing Accountability Passwords

How to Stop Phishing Attacks in Their Tracks

SiteLock

AUGUST 27, 2021

Microsoft’s “ Security Intelligence Report, Volume 24 ” shows a 250% increase in the number of phishing emails and attacks since 2018. Pick a Strong Password Manager. Employees inevitably rely on a few identical or similar passwords for multiple accounts.

Phishing

Phishing Passwords Education Password Management

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

The Last Watchdog

JANUARY 28, 2019

Worldwide spending on information security products and services rose to $114 billion in 2018, up from $102 billion in 2017, an increase of 12.4 Use a password manager. It’s clear that we will continue to be reliant on usernames and passwords to access online services for some time to come.

Passwords

Passwords Password Management Antivirus Internet

Blur data leak potentially exposed data of 2.4 Million users

Security Affairs

JANUARY 6, 2019

Blur is a popular password manager developed by the online privacy firm Abine, it also implements private browsing features and masked email. Leaked data included email addresses, password hashes ( bcrypt hashes with a unique salt for each user), IP addresses and, in some cases, first and last names and password hints.

Passwords

Passwords Password Management Advertising Accountability

Security Affairs newsletter Round 312

Security Affairs

MAY 2, 2021

Every week the best security articles from Security Affairs free for you in your email box. Every week the best security articles from Security Affairs free for you in your email box.

Password Management

Password Management DNS Ransomware Malware

Why & Where You Should You Plant Your Flag

Krebs on Security

AUGUST 12, 2020

As KrebsOnSecurity observed back in 2018 , many people — particularly older folks — proudly declare they avoid using the Web to manage various accounts tied to their personal and financial data — including everything from utilities and mobile phones to retirement benefits and online banking services. In 2018, the U.S.

Accountability

Accountability Mobile Banking Passwords

Reddit locked Down accounts due to alleged security breach

Security Affairs

JANUARY 10, 2019

In August 2018, Reddit warned users of a security breach, an attacker broke into the systems of the platform and accessed user data. The hacker accessed user data, email addresses, and a 2007 backup database containing hashed passwords managed by the platform. Pierluigi Paganini. SecurityAffairs – Reddit, data breach).

Accountability

Accountability Data breaches Passwords Advertising

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

Krebs on Security

MARCH 31, 2020

A massive cyber espionage campaign targeting a slew of domains for government agencies across the Middle East region between 2018 and 2019 was preceded by a series of targeted attacks on domain registrars and Internet infrastructure firms that served those countries. Nation-state level attackers also are taking a similar approach.

Phishing

Phishing DNS Social Engineering Accountability

Discord scammers lure victims with promise of free Nitro subscriptions

Malwarebytes

OCTOBER 8, 2021

This week it’ll be a bot promoting a “red hot” offer from 2018. Discord offers some tips on how to keep your account safe : Use a strong password, and one that is unique to your Discord account. You’ll also frequently see bots pushing offers for things which simply don’t exist anymore. How to protect your Discord account.

Scams

Scams Phishing Accountability Passwords

Immigration organisations targeted by APT group Evilnum

Malwarebytes

JUNE 30, 2022

Evilnum, on the APT scene since 2018 at the earliest and perhaps most well known for targeting the financial sector , appears to have switched gears. Consider using a password manager for organization-specific passwords. In times of conflict.

Password Management

Password Management Passwords Encryption Authentication

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Krebs on Security

FEBRUARY 18, 2019

27, 2018, Cisco’s Talos research division published a write-up outlining the contours of a sophisticated cyber espionage campaign it dubbed “ DNSpionage.” Two of those domains only appeared at that Internet address in December 2018, including domains in Lebanon and — curiously — Sweden. 14, 2018 and Jan.

DNS

DNS Internet Internet Government

Reddit discloses a data breach, a hacker accessed user data

Security Affairs

AUGUST 1, 2018

The hacker accessed user data, email addresses, and a 2007 backup database containing hashed passwords managed by the platform. “A hacker broke into a few of Reddit’s systems and managed to access some user data, including some current email addresses and a 2007 database backup containing old salted and hashed passwords.

Data breaches

Data breaches Backups Passwords Authentication

NEW TECH: Devolutions’ ‘PAM’ solution helps SMBs deal with rising authentication risks

The Last Watchdog

MARCH 10, 2020

A 2018 Cisco Cybersecurity Special Report found that 54 % of all cyber attacks cost the target company more than $0.5 It delivers simple but effective IT software solutions that give SMBs the tools they need for effective universal password and access management, including PAM, password management and remote connection management.

Authentication

Authentication Risk Digital transformation Passwords

Kaspersky addressed multiple issues in online protection solutions

Security Affairs

NOVEMBER 26, 2019

The vulnerabilities were found by the security researcher Wladimir Palant that reported them to Kaspersky in December 2018. “In December 2018 I could prove that websites can hijack the communication between Kaspersky browser scripts and their main application in all possible configurations. ” continues the analysis.

Antivirus

Antivirus Advertising Password Management Passwords

The CPRA compliance checklist every business should follow in 2023

CyberSecurity Insiders

MAY 2, 2023

It amends the 2018 California Consumer Privacy Act (CCPA) introduced in response to rising consumer data privacy concerns. The CPRA builds on the six original consumer rights introduced by the CCPA in 2018. Ensure employees use modern tools such as password managers to protect their online accounts.

Data collection

Data collection Data breaches Password Management Data privacy

Beyond Awareness: How to Cultivate the Human Side of Security

CyberSecurity Insiders

MAY 16, 2022

Think about password management. The average person, in their personal and professional life, may be managing as many as 200 application accounts, each with a password. Security professionals can step in and offer the ability, or capability, piece—the tool, a password manager—and show how to use it.

CSO

CSO Passwords Password Management Accountability

RSA 2022 Musings: The Past and The Future of Security

Anton on Security

JUNE 10, 2022

A password manager claimed “zero trust for passwords” while a SIEM/UEBA vendor promised to reveal all zero trust secrets (I bet they use VPN internally…). A firewall management vendor claimed to “simplify zero trust.” So still no money in it? But this is perhaps changing in the next few years. RSA 2017: What’s The Theme?

VPN

VPN Marketing Firewall Passwords

MY TAKE: Why companies should care about 2.2 billion stolen credentials circulating in easy reach

The Last Watchdog

FEBRUARY 1, 2019

billion stolen usernames, passwords and other personal data. Related: Massive Marriott breach closes out 2018. Wired magazine reported this week on findings by independent security researchers who have been tracking the wide open availability of a massive cache of some 2.2

Small Business

Small Business Passwords Authentication Accountability

LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

Krebs on Security

SEPTEMBER 22, 2023

The password manager service LastPass is now forcing some of its users to pick longer master passwords. But critics say the move is little more than a public relations stunt that will do nothing to help countless early adopters whose password vaults were exposed in a 2022 breach at LastPass. ”

Passwords

Passwords Encryption Password Management Cryptocurrency

Akamai Report: Credential stuffing attacks are a growing threat

Security Affairs

SEPTEMBER 25, 2018

Billion malicious login attempts from bots in May and June, an overall number of 30 billion malicious logins were observed between November 2017 and June 2018, an average of 3.75 “They use lists of usernames and passwords gathered from the breaches you hear about nearly every day on the news. . The experts detected 8.3

Passwords

Passwords Data breaches Advertising Password Management

What Is REvil Ransomware?

SiteLock

SEPTEMBER 29, 2021

Researchers and security firms have linked REvil as a strain of GandCrab, another RaaS group that was wildly popular in 2018. Use unique passwords to protect each of your sensitive data and accounts, while also enabling two-factor authorization. Use a password manager to generate and track your passwords.

Ransomware

Ransomware Computers and Electronics Backups Passwords

Top 5 Strategies for Vulnerability Mitigation

Centraleyes

DECEMBER 6, 2023

According to Purplesec, ransomware attacks have increased by 350% since 2018, zero-day attacks were up by 55% in 2021, and out of the 30 million SMBs in the USA, over 66% have had at least 1 cyber incident between 2018-2020. Vulnerability management is a critical element of information security.

Risk

Risk Cyber Risk Software Information Security

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Krebs on Security

SEPTEMBER 5, 2023

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. “That’s because LastPass didn’t ask existing customers to change their master password. .

Cryptocurrency

Cryptocurrency Passwords Encryption Accountability

Announcing the launch of the Android Partner Vulnerability Initiative

Google Security

OCTOBER 2, 2020

Improving Android OEM device security The APVI covers Google-discovered issues that could potentially affect the security posture of an Android device or its user and is aligned to ISO/IEC 29147:2018 Information technology -- Security techniques -- Vulnerability disclosure recommendations.

Password Management

Password Management Passwords Backups Engineering

When Accounts are "Hacked" Due to Poor Passwords, Victims Must Share the Blame

Troy Hunt

NOVEMBER 7, 2018

As such, I proposed the headlines as they stood were likely inaccurate: Let’s stopped saying “hacked” in the news headlines and start saying “used a s**t password” instead! link] — Troy Hunt (@troyhunt) November 6, 2018. — Troy Hunt (@troyhunt) November 7, 2018.

Passwords

Passwords Accountability Hacking Education

Ferocious Kitten: 6 years of covert surveillance in Iran

SecureList

JUNE 16, 2021

From 2015 to February 2018, the malware was compiled with Visual Studio 2013 and 2015, whereas in February 2018, the developers moved to Visual Studio 2017 and embedded the malware’s logic within Microsoft Foundation Class (MFC) classes. argument: path to file to upload. – List files and repositories.

Surveillance

Surveillance Malware Password Management Passwords

350 million decrypted email addresses left exposed on an unsecured server

Security Affairs

AUGUST 27, 2020

The timeline of uploads might indicate that these emails have been either stolen or acquired on the black market back in October 2018 , and then gradually decrypted by the owner of the bucket. Here’s how: Create long, strong, and unique passwords that are difficult to guess, or use a password manager to generate strong passwords for you.

Social Engineering

Social Engineering Passwords Marketing Phishing

RSA 2022 Musings: The Past and The Future of Security

Security Boulevard

JUNE 10, 2022

A password manager claimed “zero trust for passwords” while a SIEM/UEBA vendor promised to reveal all zero trust secrets (I bet they use VPN internally…). A firewall management vendor claimed to “simplify zero trust.” RSA 2018: Not As Messy As Before? So still no money in it? Related posts: RSA 2020 Reflection.

VPN

VPN Marketing Firewall Passwords

How to secure a Mac for your kids

Malwarebytes

AUGUST 24, 2022

In 2018 I decided to give my kids an old Apple laptop to share, and I documented the steps I took to secure it. Install a password manager. A password manager is software for creating and remember strong passwords. Good ones also provide a safe way for users to share passwords with other people.

Passwords

Passwords Accountability Software Password Management

Podcast Episode 113: SAP CSO Justin Somaini and Election Hacks – No Voting Machines Required!

The Security Ledger

SEPTEMBER 25, 2018

» Related Stories Voting Machine Maker Defends Refusal of White-Hat Hacker Testing at DEF-CON Kaspersky: Attacks on Smart Devices Rise Threefold in 2018 Podcast Episode 112: what it takes to be a top bug hunter. For consumers, that means boning up on account security – maybe getting a password manager.

CSO

CSO Hacking Security Awareness Password Management

Spotlight: CTIA’s IoT Cybersecurity Certification is a Big Deal. Here’s why.

The Security Ledger

MARCH 13, 2019

Introduced in August, 2018, the CTIA Cybersecurity Certification Program for Cellular Connected Internet of Things devices is being promoted as a way to protect consumers and the nation’s wireless infrastructure from harm caused by insecure IoT endpoints. Sameer Dixit is the Sr. Director- Security Consulting at Spirent Communications.

IoT

IoT Cybersecurity Internet Internet

Have I Been Pwned is Now Partnering With 1Password

Troy Hunt

MARCH 29, 2018

Why It Makes Sense to Partner with a Password Manager Now. I could have said "go and get a password manager", but this is barely any better as it doesn't lead them by the hand to a good one! I spent a few hours manually updating all passwords to all sites. — Dan Blank (@danblank000) March 20, 2018.

Password Management

Password Management Passwords Data breaches Retail

Facebook’s Massive Data Breach Is Already Impacting You

Approachable Cyber Threats

APRIL 9, 2021

Well, in its public statements, Facebook is acting in lock-step with its response during the Cambridge Analytica scandal in 2018, attempting to reframe the security failure as merely a breach of its terms of service. If you’ve re-used your email password elsewhere, you should change it - and get a password manager while you’re at it!

Data breaches

Data breaches Passwords Identity Theft Password Management

ROUNDTABLE: Why T-Mobile’s latest huge data breach could fuel attacks directed at mobile devices

The Last Watchdog

AUGUST 19, 2021

For T-Mobile, this is the sixth major breach since 2018. By that I mean, freezing your credit, being vigilant about checking your credit card and bank statements, using password managers with pass phrases versus passwords, and being cautious about what you share on social media. Otavio Freire, CTO, SafeGuard Cyber.

Mobile

Mobile Data breaches Authentication Accountability

MY TAKE: COVID-19’s silver lining could turn out to be more rapid, wide adoption of cyber hygiene

The Last Watchdog

MAY 11, 2020

Rules with teeth This fast-tracking of Middle East cybersecurity regulations unfolded as the European Union was putting the finishing touches on its tough new data privacy and data handling rules, with enforcement teeth , set forth in GDPR, which took effect in May 2018. Cyber hygiene isn’t difficult.

Computers and Electronics

Computers and Electronics Data privacy Encryption Media

Is India's Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture

Troy Hunt

JANUARY 10, 2018

agarwal_mohit) January 5, 2018. I think the URL is right but it seems inaccessible from other countries: [link] — Troy Hunt (@troyhunt) January 9, 2018. Security /= George blocking — Vatsalya Goel (@vatsalyagoel) January 9, 2018. — Khas Mek (@KhasMek) January 10, 2018. FergusInLondon) January 10, 2018.

Hacking

Hacking Government Risk Encryption

Inside the Cit0Day Breach Collection

Troy Hunt

NOVEMBER 19, 2020

There were a bunch of addresses in the Collection #1 incident and also in the 2,844 breach collection I added in Feb 2018 , but clearly based on the red "null" results there were also many new addresses. And if you don't already have a password manager? Get a password manager, use strong and unique passwords, that is all.

Passwords

Passwords Password Management Accountability Risk

Apple shines and buffs Mac security—Is it enough to stop today’s malware?

Malwarebytes

MARCH 17, 2021

Several effective Mac-facing miners joined the crypto-rush in 2018. From an optional password manager feature in Safari that looks out for saved passwords involved in data breaches to new digital security for car keys on Apple Watches and the iPhone, the security sweep appears to be comprehensive.

Malware

Malware Adware Software Passwords

Internet Safety Month: Avoiding the consequences of unsafe Internet practices

Malwarebytes

JUNE 3, 2022

By focusing on this context, we hope that you’ll come away with a stronger understanding about, for instance, why you should use a password manager rather than that you should use a password manager. A video of Kanye West from 2018 purportedly revealed that the rapper and producer’s iPhone passcode was 000000.

Internet

Internet Internet Scams Passwords

LastPass updates security notice with information about a recent incident

Banks, Arbitrary Password Restrictions and Why They Don't Matter

Trending Sources

Discord.io confirms theft of 760,000 members' data

The Effectiveness of Publicly Shaming Bad Security

Why (almost) everything we told you about passwords was wrong

CryptoCore hacker group stole over $200M from cryptocurrency exchanges

How to Stop Phishing Attacks in Their Tracks

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

Blur data leak potentially exposed data of 2.4 Million users

Security Affairs newsletter Round 312

Why & Where You Should You Plant Your Flag

Reddit locked Down accounts due to alleged security breach

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

Discord scammers lure victims with promise of free Nitro subscriptions

Immigration organisations targeted by APT group Evilnum

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Reddit discloses a data breach, a hacker accessed user data

NEW TECH: Devolutions’ ‘PAM’ solution helps SMBs deal with rising authentication risks

Kaspersky addressed multiple issues in online protection solutions

The CPRA compliance checklist every business should follow in 2023

Beyond Awareness: How to Cultivate the Human Side of Security

RSA 2022 Musings: The Past and The Future of Security

MY TAKE: Why companies should care about 2.2 billion stolen credentials circulating in easy reach

LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

Akamai Report: Credential stuffing attacks are a growing threat

What Is REvil Ransomware?

Top 5 Strategies for Vulnerability Mitigation

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Announcing the launch of the Android Partner Vulnerability Initiative

When Accounts are "Hacked" Due to Poor Passwords, Victims Must Share the Blame

Ferocious Kitten: 6 years of covert surveillance in Iran

350 million decrypted email addresses left exposed on an unsecured server

RSA 2022 Musings: The Past and The Future of Security

How to secure a Mac for your kids

Podcast Episode 113: SAP CSO Justin Somaini and Election Hacks – No Voting Machines Required!

Spotlight: CTIA’s IoT Cybersecurity Certification is a Big Deal. Here’s why.

Have I Been Pwned is Now Partnering With 1Password

Facebook’s Massive Data Breach Is Already Impacting You

ROUNDTABLE: Why T-Mobile’s latest huge data breach could fuel attacks directed at mobile devices

MY TAKE: COVID-19’s silver lining could turn out to be more rapid, wide adoption of cyber hygiene

Is India's Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture

Inside the Cit0Day Breach Collection

Apple shines and buffs Mac security—Is it enough to stop today’s malware?

Internet Safety Month: Avoiding the consequences of unsafe Internet practices

Stay Connected