Security Affairs

JANUARY 29, 2024

A flaw in Microsoft Outlook can be exploited to access NTLM v2 hashed passwords by tricking users into opening a specially crafted file. The vulnerability CVE-2023-35636 impacting Microsoft Outlook is a Microsoft Outlook information disclosure issue that could be exploited by threat actors to access NT LAN Manager (NTLM) v2 hashed passwords.

Passwords 114

Passwords Authentication Hacking Accountability 114

Heimadal Security

OCTOBER 6, 2022

Exchange Online users are warned about the increasing number of password spray attacks that use Microsoft’s Exchange Basic Authentication feature. The goal is to implement multi-factor authentication […]. The goal is to implement multi-factor authentication […].

Passwords 99

Passwords Authentication Cybersecurity 99

NSTIC

OCTOBER 3, 2022

Today’s interview-style blog features two NIST experts —Bill Newhouse and Ryan Galluzzo—discussing different reasons to enable multi-factor authentication (a mechanism to verify an individual’s identity by requiring them to provide more information than just a username and password).

Authentication 78

Authentication Cybersecurity Passwords 78

Security Boulevard

JANUARY 4, 2024

Password manager vendor LastPass, beset by high-profile data breaches from 2022 that affected millions of users, is strengthening the security requirements for its customers, including requiring all of them to use a minimum of 12 characters for their master passwords.

Passwords 72

Passwords Password Management Data breaches Authentication 72

The Hacker News

SEPTEMBER 1, 2022

So far 2022 confirms that passwords are not dead yet. Even though Microsoft and Apple are championing passwordless authentication methods, most applications and websites will not remove this option for a very long time. Neither will they be anytime soon.

Passwords 91

Passwords Authentication Government 91

Troy Hunt

AUGUST 30, 2023

Data accumulated by the malicious activity spanned from October 2022 until just last week.

Phishing 339

Phishing Password Management Passwords Banking 339

Security Affairs

AUGUST 6, 2022

Slack is resetting passwords for approximately 0.5% of its users after a bug exposed salted password hashes when users created or revoked a shared invitation link for their workspace. Slack announced that it is resetting passwords for about 0.5% The post Slack resets passwords for about 0.5% Pierluigi Paganini.

Passwords 91

Passwords Password Management Antivirus Encryption 91

Duo's Security Blog

SEPTEMBER 6, 2023

But conventional protection solutions, like password security, fall short when it comes to efficacy. We have a lot of thoughts on passkeys – some of which we’ve shared in other posts in this passkey blog series – and today we’re going to explore how passkeys stack up against passwords from the perspective of cloud platforms.

Passwords 96

Passwords Password Management Authentication Threat Detection 96

SecureList

DECEMBER 19, 2022

The first one, later identified as CVE-2022-41040, is a server-side request forgery (SSRF) vulnerability that allows an authenticated attacker to remotely trigger the next vulnerability – CVE-2022-41082. After CVE-2022-41040 and CVE-2022-41082 were revealed, Microsoft provided mitigation guidance followed by a few updates.

Malware 140

Malware Passwords Authentication Internet 140

Malwarebytes

MAY 4, 2023

Back in October 2022, I wrote an article called Why (almost) everything we told you about passwords was wrong. Most damningly of all, the vast effort involved in dispensing this advice over decades has generated little discernible improvement in people’s password choices. OK, it’s time for me to keep a promise.

Passwords 98

Passwords Authentication Password Management Accountability 98

Cisco Security

MARCH 15, 2022

On March 15, 2022, a government flash bulletin was published describing how state-sponsored cyber actors were able to use the PrintNightmare vulnerability (CVE-2021-34527) in addition to bypassing Duo 2FA to compromise an unpatched Windows machine and gain administrative privileges. This activity was documented as early as May, 2021.

Authentication 118

Authentication Passwords Accountability Government 118

Krebs on Security

JANUARY 30, 2024

technology companies during the summer of 2022. stole at least $800,000 from at least five victims between August 2022 and March 2023. 2022 that an intrusion had exposed a “limited number” of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials.

Social Engineering 318

Social Engineering Mobile Cybercrime Passwords 318

SecureList

MAY 16, 2023

Download the full version of the report (PDF) Kaspersky Incident Response in various regions and industries In 2022, 45.9% Key trends in 2022: initial attack vectors and impact In 2022, attackers most often penetrated organizations’ infrastructure by exploiting various vulnerabilities in public-facing applications (42.9%).

Ransomware 108

Ransomware Encryption Security Awareness Authentication 108

The Last Watchdog

NOVEMBER 11, 2020

As a tradeoff for enjoying our digital lives, we’ve learned to live with password overload and even tolerate two-factor authentication. But now, at long last, we’re on the brink of eliminating passwords altogether, once and for all. Password tradeoffs Passwords have always been a big pain.

Authentication 153

Authentication VPN Passwords Hacking 153

Krebs on Security

SEPTEMBER 13, 2023

In December 2022, KrebsOnSecurity broke the news that a cybercriminal using the handle “ USDoD ” had infiltrated the FBI ‘s vetted information sharing network InfraGard , and was selling the contact information for all 80,000 members. Microsoft Corp. government inboxes.

Cybercrime 286

Cybercrime Passwords Authentication Malware 286

Malwarebytes

OCTOBER 13, 2022

On May 5, 2022, it said it would implement passwordless support in Android and Chrome and the latest annoncement about passkeys is an important step in that journey. Passkeys are a replacement for passwords. Although they share four letters, passkeys are nothing like passwords. Authenticators. Sounds good, right?

Passwords 90

Passwords Authentication Password Management Accountability 90

Krebs on Security

MARCH 26, 2024

Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature. “It was like this system notification from Apple to approve [a reset of the account password], but I couldn’t do anything else with my phone. .”

Passwords 345

Passwords Accountability Engineering Phishing 345

Krebs on Security

FEBRUARY 26, 2023

million customers, including website administrator passwords, sFTP credentials, and private SSL keys; -December 2022: Hackers gained access to and installed malware on GoDaddy’s cPanel hosting servers that “intermittently redirected random customer websites to malicious sites.”

Hacking 268

Hacking Social Engineering Phishing Scams 268

Thales Cloud Protection & Licensing

AUGUST 15, 2022

FIDO - Leading the Zero Trust Passwordless Authentication Evolution. Tue, 08/16/2022 - 06:32. It’s no secret that passwords have become one of the weakest links in enterprise security. A Zero Trust approach starts with Multi-Factor Authentication (MFA). The Role of Passwordless Authentication.

Authentication 71

Authentication Phishing Passwords Risk 71

CyberSecurity Insiders

MAY 6, 2021

If anyone wants their online activity to be secure and private, password usage helps them in doing so; as it blocks unauthorized access to a service and access to personal information. About World Password Day- Every year, the first Thursday in May is being promoted as the World Password Day.

Passwords 128

Passwords Firewall DDOS Backups 128

Security Boulevard

NOVEMBER 17, 2022

Passwords and credentials remain the largest source of attack attempts and successful attacks, making them the biggest cybersecurity threat to organizations across all industries. Per Verizon’s 2022 Data Breach Investigations Report, 62% of successful breaches are tied to stolen credentials or phishing. .

Passwords 72

Passwords Data breaches Phishing Cybersecurity 72

Malwarebytes

SEPTEMBER 5, 2022

Microsoft has posted a reminder on the Exchange Team blog that Basic authentication for Exchange Online will be disabled in less than a month, on October 1, 2022. For many years, client apps have used Basic authentication to connect to servers, services and endpoints. Goodbye "Basic", hello "Modern". token-based authorization).

Authentication 76

Authentication Phishing Passwords 76

Security Affairs

MAY 2, 2024

Threat actors breached the Dropbox Sign production environment and accessed customer email addresses and hashed passwords Cloud storage provider DropBox revealed that threat actors have breached the production infrastructure of the DropBox Sign eSignature service and gained access to customer information and authentication data.

Hacking 98

Hacking Authentication Passwords Accountability 98

eSecurity Planet

FEBRUARY 8, 2022

Single sign-on (SSO) is one of several authentication technologies aimed at streamlining and keeping login information and processes secure. It is often implemented along with multi-factor authentication (MFA) , wherein more than one factor of authentication is needed to authenticate the user. What is Single Sign-On?

Authentication 93

Authentication Passwords Risk Digital transformation 93

Duo's Security Blog

JUNE 12, 2023

Before we can discuss passkeys, we need to lay some groundwork and discuss authentication, Passwordless and WebAuthn. What is authentication? Authentication is the process of verifying your online identity. We started with usernames and passwords – something you know. What is passwordless? It is MFA Phishing Resistant.

Authentication 118

Authentication Passwords Password Management Phishing 118

NSTIC

SEPTEMBER 30, 2022

Today’s blog will jumpstart NIST’s celebration of Cybersecurity Awareness Month 2022! We have a lot in store for October and are looking forward to sharing our work, progress, events, and news with you.

Password Management 80

Password Management Cybersecurity Passwords Phishing 80

Hacker Combat

APRIL 22, 2022

Below are Seven ransomware protection tips to help you secure data in 2022; #1 Do not open suspicious attachments. You could find yourself unable to access important information, passwords, and others. 3 Enable multi-factor authentication. 7 Use strong and unique passwords. 5 Make use of windows firewall. Conclusion.

Ransomware 105

Ransomware Firewall Passwords Authentication 105

Security Affairs

AUGUST 22, 2023

The company, with reported revenue of $950 million in 2022, is a trusted strategic partner to more than 40 US Federal agencies. However, hashes can still be cracked, and other authentication data may be used in spear phishing attacks. In this case, it could take attackers as long as 22 years to crack a very strong admin password.

Passwords 82

Passwords Penetration Testing Engineering Manufacturing 82

Thales Cloud Protection & Licensing

FEBRUARY 9, 2022

Not All Authentication Methods Are Equally Safe. Thu, 02/10/2022 - 05:53. There is broad recognition by security leaders that stronger authentication is foundational to preventing data breaches. While the concept of multifactor authentication is comprehensive, the devil is hiding in the implementation detail.

Authentication 71

Authentication Mobile Passwords Internet 71

Malwarebytes

AUGUST 11, 2022

Slack, the workplace communication platform, has notified some of its users that their hashed passwords have been subject to exposure for the last five years. The flaw exposed hashed passwords of users when creating or revoking shared invitation links for workspaces. Hashed passwords could still be revered by brute force methods.

Passwords 63

Passwords Accountability Encryption Authentication 63

Duo's Security Blog

MARCH 15, 2022

On March 15, 2022, a US government flash bulletin was published describing how state-sponsored cyber actors were able to exploit certain authentication workflows in combination with PrintNightmare vulnerability (CVE-2021-34527) to gain administrative access to Windows domain controllers.

Authentication 79

Authentication Passwords Government Accountability 79

Malwarebytes

JANUARY 20, 2022

Data included email and IP addresses, usernames and unsalted MD5 password hashes. Read more: [link] — Have I Been Pwned (@haveibeenpwned) January 19, 2022. He gained access to all users’ data – email, username, password…He promised the data would be erased and he would help us secure the site after the payment.

Passwords 80

Passwords Accountability Social Engineering Password Management 80

SecureList

FEBRUARY 16, 2023

Fake donation sites started popping up after the Ukraine crisis broke out in 2022, pretending to accept money as aid to Ukraine. The pandemic The COVID-19 theme had lost relevance by late 2022 as the pandemic restrictions had been lifted in most countries. “Promotional campaigns by major banks” were a popular bait in 2022.

Phishing 90

Phishing Scams Accountability Energy and Utilities 90

Krebs on Security

AUGUST 30, 2022

In mid-June 2022, a flood of SMS phishing messages began targeting employees at commercial staffing firms that provide customer support and outsourcing to thousands of companies. The missives asked users to click a link and log in at a phishing page that mimicked their employer’s Okta authentication page.

Mobile 291

Mobile Phishing Authentication Accountability 291

Duo's Security Blog

MAY 23, 2023

Your passwords are on the internet. Talks of passkeys, passphrases, and even password less all point in one direction: eroding faith in the previously trusty password tucked under your keyboard. These habits highlight the need for more modern password technology and stronger authentication methods.

Authentication 131

Authentication Passwords Data breaches Phishing 131

Thales Cloud Protection & Licensing

APRIL 12, 2022

Identity Management Day 2022: Identity Security Is Our Responsibility. Tue, 04/12/2022 - 09:41. Identity Management Day 2022 , sponsored by Identity Defined Security Alliance and National Cybersecurity Alliance, is a reminder to make identity management and digital identity security a priority.

Authentication 71

Authentication Digital transformation Data breaches Phishing 71

The Last Watchdog

AUGUST 29, 2022

This is according to Verizon’s latest 2022 Data Breach Investigations Report ( DBIR ). Brute forcing passwords (10 percent) came in third. Poor password practices are responsible for most incidents involving web applications and data breaches since 2009. Authentication bypass. Brute forcing passwords.

Hacking 201

Hacking Passwords Password Management Data breaches 201