Account Security, Government and Passwords

Data of 3,191 congressional staffers leaked in the dark web

Security Affairs

SEPTEMBER 25, 2024

The personal information of approximately 3,191 congressional staffers has been leaked on the dark web , according to new research from internet security firm Proton and Constella Intelligence. The leaked data includes passwords, IP addresses, and social media information. “The volume of exposed accounts among U.S.

Passwords

Passwords Data breaches Media Accountability

How Microsoft's highly secure environment was breached

Malwarebytes

SEPTEMBER 7, 2023

An investigation by Microsoft has finally revealed how China-based hackers circumvented the protections of a "highly isolated and restricted production environment" in May 2023 to unlock sensitive email accounts belonging to US government agencies.

Authentication

Authentication Accountability Government Passwords

SEC X account hacked to hawk crypto-scams

Malwarebytes

JANUARY 10, 2024

The SEC will work with law enforcement and our partners across government to investigate the matter and determine appropriate next steps relating to both the unauthorized access and any related misconduct.” Although apparently the SEC did not have 2FA enabled for its X account! From there, follow the instructions in the prompts.

Accountability

Accountability Scams Hacking Cryptocurrency

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Security Affairs

APRIL 6, 2023

Google’s Threat Analysis Group (TAG) is warning of the North Korea-linked ARCHIPELAGO group that is targeting government and military personnel, think tanks, policy makers, academics, and researchers in South Korea, the US and elsewhere. The experts pointed out that ARCHIPELAGO focuses on building a rapport with targets.

Phishing

Phishing Media Passwords Malware

Recipe for Cybersecurity Success in the Restaurant Industry

SecureWorld News

SEPTEMBER 18, 2024

"Additionally, enforcing least privilege policies by restricting elevated and contractor accounts to only the data and systems they specifically need is essential. Regular audits, the use of password managers, enforcement of password complexity policies, and multi-factor authentication (MFA) can significantly reduce the attack surface."

Cybersecurity

Cybersecurity Data breaches Accountability Authentication

Episode 164: Who owns the Data Smart Cars collect? Also: making Passwords work.

The Security Ledger

OCTOBER 9, 2019

Also: LastPass’s Dan DeMichele joins us to talk about why password security is still so hard. In this episode of Security Ledger Podcast (#164): your car is spying on you. In this episode of Security Ledger Podcast (#164): your car is spying on you. Why Companies struggle with Passwords. Who owns your Car Data?

Passwords

Passwords Authentication Small Business Cyber Risk

Why TOTP Won’t Cut It (And What to Consider Instead)

NetSpi Technical

JANUARY 18, 2024

While TOTP was once an advancement in authorizing secure access, today it’s become a dated security measure that allows persistent threat actors to find exploitable gaps. In this article we’ll explore security risks of TOTP and an alternative 2FA method to increase security.

Authentication

Authentication Passwords Accountability Penetration Testing

A Beginner's Guide to 2FA and MFA

Approachable Cyber Threats

JANUARY 24, 2022

Today, many people when they sign up for a new account for an internet-based service are asked to pick a password to help secure their account from unauthorized access. A password is considered “something you know”, a secret more or less that shouldn’t be shared. That is where MFA comes in.

Authentication

Authentication Passwords Accountability Mobile

Ransomware gang hits 49ers’ network before Super Bowl kick off

Malwarebytes

FEBRUARY 14, 2022

In a recent Malwarebytes Lock and Code podcast, host David Ruiz spoke with Matt Crape, technical account manager for VMware, about why backups are so hard to get right, and what the most basic missteps are when companies roll out a backup plan.

Ransomware

Ransomware Backups Encryption InfoSec

CISO workshop slides

Notice Bored

AUGUST 5, 2022

Security Posture suggests a confusing mix of application and account security metrics. I'm really not sure what ' security posture ' even means in this context, and curious as to why those two aspects in particular have been selected as example metrics.

CISO

CISO Risk Artificial Intelligence Marketing

Why TOTP Won’t Cut It (And What to Consider Instead)

NetSpi Technical

JANUARY 18, 2024

While TOTP was once an advancement in authorizing secure access, today it’s become a dated security measure that allows persistent threat actors to find exploitable gaps. In this article we’ll explore security risks of TOTP and an alternative 2FA method to increase security.

Authentication

Authentication Passwords Accountability Phishing

Podcast Episode 113: SAP CSO Justin Somaini and Election Hacks – No Voting Machines Required!

The Security Ledger

SEPTEMBER 25, 2018

But what if elections could be swayed by other means – without even touching voting equipment, vote tabulation systems or government networks? For consumers, that means boning up on account security – maybe getting a password manager. SAP CSO Justin Somaini. October is Cybersecurity awareness month.

CSO

CSO Hacking Security Awareness Password Management

5 Best Bot Protection Solutions and Software for 2023

eSecurity Planet

APRIL 14, 2023

See the Top Deception Tools Two-Factor Authentication (2FA) 2FA is a proven security measure that can help protect against a wide range of cyber threats, including bot attacks. This includes businesses of all sizes, government agencies, financial institutions, healthcare providers, e-commerce companies, and more.

Software

Software DDOS Accountability Firewall

The Hacker Mind Podcast: Hacking Voting Systems

ForAllSecure

OCTOBER 29, 2020

There were PDFs of Election Day passwords that supervisors use to start in elections. Bee: Can you tell me what the password was? Bee: I have to put in 16 letters and digits to get into my FreshDirect account. At that point I wrote a little bit of code to download everything that I could from that website. Are you kidding me?

Hacking

Hacking Mobile Software Technology

The Hacker Mind Podcast: Hacking Voting Systems

ForAllSecure

OCTOBER 29, 2020

There were PDFs of Election Day passwords that supervisors use to start in elections. Bee: Can you tell me what the password was? Bee: I have to put in 16 letters and digits to get into my FreshDirect account. At that point I wrote a little bit of code to download everything that I could from that website. Are you kidding me?

Hacking

Hacking Mobile Software Technology

The Hacker Mind Podcast: Hacking Voting Systems

ForAllSecure

OCTOBER 20, 2020

There were PDFs of Election Day passwords that supervisors use to start in elections. Bee: Can you tell me what the password was? Bee: I have to put in 16 letters and digits to get into my FreshDirect account. At that point I wrote a little bit of code to download everything that I could from that website. Are you kidding me?

Hacking

Hacking Mobile Software Technology

Google Sending Security Keys to 10,000 Users at High Risk of Attack

eSecurity Planet

OCTOBER 11, 2021

8 blog post , Grace Hoyt, partnerships manager for Google’s Advanced Protection Program (APP), and Nafis Zebarjadi, product manager for account security, wrote that Google was part of a larger effort to ensure the security of organizations and individuals. Android, YouTube Users Get More Security.

Risk

Risk Passwords Authentication Accountability

ROUNDTABLE: What’s next, now that we know V.I.P Twitter users can so easily be spoofed?

The Last Watchdog

JULY 20, 2020

This brings us to the core question – why does any employee or a group of employees have so much control over users’ accounts? Twitter was caught storing plaintext passwords in logfiles two years ago. Apparently, Twitter did not learn from that experience or take sufficient steps keep user credentials and accounts secure.”

Accountability

Accountability Social Engineering Hacking Media

Lamborghini Carjackers Lured by $243M Cyberheist

Krebs on Security

OCTOBER 9, 2024

Government prosecutors say the brazen daylight carjacking was paid for and organized by 23-year-old Miami resident Angel “Chi Chi” Borrero. From there, the attacker can intercept any password reset links, and any one-time passcodes sent via SMS or automated voice calls.

Cryptocurrency

Cryptocurrency Social Engineering Accountability Mobile

Spam and phishing in 2024

SecureList

FEBRUARY 19, 2025

On a fraudulent page, they claimed to offer a service that allowed users to find Instagram profiles by entering their Facebook login and password. All or nothing: multipurpose phishing Victims of phishing frequently included bank clients and users of government service portals.

Phishing

Phishing Scams Cryptocurrency Computers and Electronics

Twitter Fact Check: Was Trump's Password Really Maga2020!?

SecureWorld News

OCTOBER 27, 2020

When Donald Trump was running for president the first time, ethical hacker Victor Gevers accessed his Twitter account by guessing the candidate's password. Unfortunately for the candidate, he had chosen a password that was easy to remember and also easy for someone to guess. Hackers claims new access to Trump's Twitter account.

Passwords

Passwords Accountability Media Account Security

Nation-State Actors Phishing Trump and Biden Campaigns

SecureWorld News

JUNE 5, 2020

Chances are, the concept of "a foreign government interfering in an American election" sounds pretty commonplace to you. APT35 : Otherwise known as Newscaster or Charming Kitten, APT35 is an Iranian cyber-espionage group sponsored by the Iranian government. security.". Not that this reality is a good thing. improving ?technology

Phishing

Phishing Telecommunications Government Hacking

A Researcher Figured Out How to Reveal Any Phone Number Linked to a Google Account

WIRED Threat Level

JUNE 9, 2025

Typically that’s in the context of finding someone’s password, but here brutecat is doing something similar to determine a Google user’s phone number. From there, the hacker can request password reset text messages, or multi-factor authentication codes, and log into the victim’s valuable accounts.

Accountability

Accountability Scams Media Cryptocurrency

Cyber Security Informer

Data of 3,191 congressional staffers leaked in the dark web

How Microsoft's highly secure environment was breached

Trending Sources

SEC X account hacked to hawk crypto-scams

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Recipe for Cybersecurity Success in the Restaurant Industry

Episode 164: Who owns the Data Smart Cars collect? Also: making Passwords work.

Why TOTP Won’t Cut It (And What to Consider Instead)

A Beginner's Guide to 2FA and MFA

Ransomware gang hits 49ers’ network before Super Bowl kick off

CISO workshop slides

Why TOTP Won’t Cut It (And What to Consider Instead)

Podcast Episode 113: SAP CSO Justin Somaini and Election Hacks – No Voting Machines Required!

5 Best Bot Protection Solutions and Software for 2023

The Hacker Mind Podcast: Hacking Voting Systems

The Hacker Mind Podcast: Hacking Voting Systems

The Hacker Mind Podcast: Hacking Voting Systems

Google Sending Security Keys to 10,000 Users at High Risk of Attack

ROUNDTABLE: What’s next, now that we know V.I.P Twitter users can so easily be spoofed?

Lamborghini Carjackers Lured by $243M Cyberheist

Spam and phishing in 2024

Twitter Fact Check: Was Trump's Password Really Maga2020!?

Nation-State Actors Phishing Trump and Biden Campaigns

A Researcher Figured Out How to Reveal Any Phone Number Linked to a Google Account

Stay Connected