Accountability, Blog, Information Security and Passwords

GUEST ESSAY: The key differences between ‘information privacy’ vs. ‘information security’

The Last Watchdog

JUNE 12, 2023

Information privacy and information security are two different things. Related: Tapping hidden pools of security talent Information privacy is the ability to control who (or what) can view or access information that is collected about you or your customers. still available for you to use.

Information Security

Information Security Data breaches CISO Encryption

Removing Passwords, Without Compromising Security

Duo's Security Blog

JANUARY 26, 2024

In today’s complex IT landscape, one of the biggest problems faced by a Chief Information Security Officer (CISO) and their IT security team are forgotten and stolen passwords. On average, employees lose 11 hours per year resetting passwords and an average company spends ~$5M per year on setting and resetting passwords.

Passwords

Passwords Authentication Mobile CISO

Passwordless sign-in with passkeys is now available for Google accounts

Security Affairs

MAY 3, 2023

Google announced the introduction of the passwordless secure sign-in with Passkeys for Google Accounts on all platforms. Google is rolling out the passwordless secure sign-in with Passkeys for Google Accounts on all platforms. ” reads the announcement published by the company. face recognition, fingerprints).

Accountability

Accountability Passwords Password Management Phishing

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Crooks broke into AT&T email accounts to empty their cryptocurrency wallets

Security Affairs

APRIL 30, 2023

Threat actors are gaining access to AT&T email accounts in an attempt to hack into the victim’s cryptocurrency exchange accounts. Hackers are breaking into the AT&T email accounts and then using the access they are logging into the victim’s cryptocurrency exchange accounts to drain their crypto funds, TechCrunch reported.

Cryptocurrency

Cryptocurrency Accountability Passwords Hacking

The Life and Death of Passwords: Improving Security With Passwords and People

Duo's Security Blog

MARCH 28, 2023

Our documentary, “ The Life and Death of Passwords ,” explores with industry experts the history of passwords, why passwords have become less effective over time, and how trust is established in a passwordless future. See the video at the blog post. Humans are not the weakest link in information security.

Passwords

Passwords Social Engineering Phishing Technology

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space. Krebs wrote for The Washington Post between 1995 and 2009 before launching his current blog KrebsOnSecurity.com. Read more: Top IT Asset Management Tools for Security.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

Privileged account management challenges: comparing PIM, PUM and PAM

CyberSecurity Insiders

NOVEMBER 18, 2021

This blog was written by an independent guest blogger. He is also looking for opportunities to collect additional access parameters (usernames and passwords), elevate privileges, or use already existing compromised accounts for unauthorized access to systems, applications, and data. Security vulnerabilities.

Accountability

Accountability Passwords Authentication Social Engineering

Ukraine warns of attacks aimed at taking over Telegram accounts

Security Affairs

APRIL 6, 2022

Ukraine’s technical security and intelligence service warns of threat actors targeting aimed at gaining access to users’ Telegram accounts. State Service of Special Communication and Information Protection (SSSCIP) of Ukraine spotted a new wave of cyber attacks aimed at gaining access to users’ Telegram accounts.

Accountability

Accountability Phishing Passwords Hacking

The Trouble with Politicians Sharing Passwords

Troy Hunt

DECEMBER 4, 2017

In this case, that secret is her password and, well, just read it: My staff log onto my computer on my desk with my login everyday. To be fair to Nadine, she's certainly not the only one handing her password out to other people. In fact I often forget my password and have to ask my staff what it is. No one else has access.

Passwords

Passwords Accountability Technology InfoSec

GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen

The Last Watchdog

OCTOBER 24, 2022

Employee security awareness is the most important defense against data breaches. Related: Leveraging security standards to protect your company. It involves regularly changing passwords and inventorying sensitive data. As such, you should limit the amount of information that employees have access to. This can be risky.

Passwords

Passwords Security Awareness Data breaches Cybersecurity

ConnectWise Quietly Patches Flaw That Helps Phishers

Krebs on Security

DECEMBER 1, 2022

While modern Microsoft Windows operating systems by default will ask users whether they want to run a downloaded executable file, many systems set up for remote administration by MSPs disable that user account control feature for this particular application. The timing of our advisory and Mr. Pyle’s blog were coincidental.

Phishing

Phishing Architecture Passwords Accountability

Slickwraps discloses data leak that impacted 850,000 user accounts

Security Affairs

FEBRUARY 24, 2020

Slickwraps has disclosed a data breach that impacted over 850,000 user accounts, data were accidentally exposed due to security vulnerabilities. ” reads the security update published by the company. Lynx0x00’s Medium and Twitter accounts have mysteriously vanished but, fortunately, the Internet never truly forgets.

Accountability

Accountability Data breaches Passwords Advertising

American Bar Association (ABA) suffered a data breach,1.4 million members impacted

Security Affairs

APRIL 21, 2023

.” The investigation launched into the incident revealed that that an unauthorized third party obtained usernames and hashed and salted passwords for members’ online accounts on the ABA website prior to 2018 or the ABA Career Center since 2018. million members impacted appeared first on Security Affairs.

Data breaches

Data breaches Passwords Education Accountability

WordPress Easy WP SMTP zero-day potentially exposes hundreds of thousands of sites to hack

Security Affairs

DECEMBER 12, 2020

Hackers are actively exploiting a zero-day vulnerability in the popular Easy WP SMTP WordPress plugin to reset passwords for admin accounts. The SMTP WordPress plugin is installed on more than 500,000 sites, but despite the security patch has been released earlier this week many sites are yet to be patched. .

Hacking

Hacking Passwords Accountability Technology

Kodi discloses data breach after its forum was compromised

Security Affairs

APRIL 14, 2023

. “MyBB admin logs show the account of a trusted but currently inactive member of the forum admin team was used to access the web-based MyBB admin console twice: on 16 February and again on 21 February. The account was used to create database backups which were then downloaded and deleted.

Data breaches

Data breaches Backups Passwords Accountability

G Suite users’ passwords stored in plain-text for more than 14 years

Security Affairs

MAY 22, 2019

Google accidentally stored the passwords of its G Suite users in plain-text for 14 years allowing its employees to access them. The news is disconcerting, Google has accidentally stored the passwords of the G Suite users in plain-text for 14 years, this means that every employee in the company was able to access them.

Passwords

Passwords Encryption Advertising Accountability

FBI: Compromised US academic credentials available on various cybercrime forums

Security Affairs

MAY 27, 2022

This exposure of sensitive credential and network access information, especially privileged user accounts, could lead to subsequent cyber attacks against individual users or affiliated organizations.” Crooks obtain the information by conducting spear-phishing and ransomware attacks, or other means. Pierluigi Paganini.

Cybercrime

Cybercrime Education Accountability Phishing

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

The Last Watchdog

APRIL 13, 2022

Enforce strong passwords and implement multi-factor authentication (MFA) — by educating users about using a unique password for each account and enforcing higher security for privileged accounts (administrators, root). Accounting for humans.

Cybersecurity

Cybersecurity Cybercrime Education Passwords

Protecting Your Digital Identity: Celebrating Identity Management Day

Webroot

APRIL 3, 2024

In a world where our lives are increasingly navigated through digital apps and online accounts, understanding and managing our online identities has become paramount. Simply put, it’s the practice of ensuring that only authorized individuals have access to your sensitive information and online accounts.

VPN

VPN Passwords Scams Accountability

Atomic macOS Stealer is advertised on Telegram for $1,000 per month

Security Affairs

APRIL 29, 2023

The Atomic macOS Stealer allows operators to can steal various types of information from the infected machines, including Keychain passwords, complete system information, files from the desktop and documents folder, and even the macOS password. The threat actors spread the malware in the form of a ‘.dmg’

Advertising

Advertising Passwords Malware Password Management

Volvo retailer leaks sensitive files

Security Affairs

APRIL 15, 2023

An attacker could exploit this data to hijack the victim’s account. Attackers may have exploited leaked credentials to brute force access to the repository, since they only needed a password, which is faster than guessing both a username and password.

Retail

Retail Manufacturing Passwords Phishing

Personal info of 90k hikers leaked by French tourism company La Malle Postale

Security Affairs

MAY 13, 2023

The leaked information included names, phone numbers, emails, private communication via SMS messages, passwords, and employees’ credentials. Screenshot of leaked customer information Researchers also stumbled upon 70,000 customer credentials. Leaking employee credentials might put the company at risk of targeted cyberattacks.

Passwords

Passwords Identity Theft Scams Social Engineering

538 Million Weibo users’ records being sold on Dark Web

Security Affairs

MARCH 23, 2020

107 million records include personal data and basic account information such as the user ID, number of Weibo tweets, number of followers and accounts users are following, account gender, geographic location and more. The dump doesn’t include Weibo users’ passwords. 5.38?????????????? Good night.”

Accountability

Accountability Passwords Advertising Internet

3CX Breach Was a Double Supply Chain Compromise

Krebs on Security

APRIL 20, 2023

“Eventually, the threat actor was able to compromise both the Windows and macOS build environments,” 3CX said in an April 20 update on their blog. In many cases, the phony profiles spoofed chief information security officers at major corporations , and some attracted quite a few connections before their accounts were terminated.

Malware

Malware Software Technology Accountability

SAP April 2023 security updates fix critical vulnerabilities

Security Affairs

APRIL 12, 2023

Once the attacker gained access to BI user’s passwords and depending on the privileges of the BI user, he can perform operations that can completely compromise the application. The complete list of the notes is reported in the latest security bulletin : SAP administrators are urged to apply the available security patches as soon as possible.

Education

Education Media Authentication Passwords

A flaw in the Essential ‘Addons for Elementor’ WordPress plugin poses 1M sites at risk of hacking

Security Affairs

MAY 11, 2023

The vulnerability resides in the plugin’s password reset functionality, it impacts versions 5.4.0 “It is possible to reset the password of any user as long as we know their username thus being able to reset the password of the administrator and login on their account. . ” continues the analysis.

Hacking

Hacking Risk Passwords Accountability

CISA adds Zimbra bug exploited in attacks against NATO countries to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 4, 2023

The attacker can also use the compromised accounts to carry out lateral phishing attacks and further infiltrate the target organizations TA473 targeted US elected officials and staffers since at least February 2023. The threat actors created bespoke JavaScript payloads designed for each government targets’ webmail portal.

Phishing

Phishing Spyware Government Passwords

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Security Affairs

APRIL 6, 2023

The credentials provided by the recipient are sent to an attacker-controlled URL, however, after the recipient enters their password, the phishing page redirects to a benign document that contains the interview questions, or an RFI that includes information of interest for the victims.

Phishing

Phishing Media Passwords Malware

China-linked threat actors have breached telcos and network service providers

Security Affairs

JUNE 8, 2022

. “Upon gaining an initial foothold into a telecommunications organization or network service provider, PRC state-sponsored cyber actors have identified critical users and infrastructure including systems critical to maintaining the security of authentication, authorization, and accounting. To nominate, please visit:?.

Telecommunications

Telecommunications Authentication Passwords Accountability

BlackCat Ransomware gang breached over 60 orgs worldwide

Security Affairs

APRIL 25, 2022

Below are recommended mitigations included in the alert: Review domain controllers, servers, workstations, and active directories for new or unrecognized user accounts. Regularly back up data, air gap, and password-protect backup copies offline. Implement the shortest acceptable timeframe for password changes.

Ransomware

Ransomware Antivirus Passwords Malware

Cyber Security Roundup for May 2021

Security Boulevard

MAY 3, 2021

roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, April 2021. The UK Security Service MI5 said 10,000 staff from every UK government department and from important UK industries have been lured by fake LinkedIn profiles.

Ransomware

Ransomware Passwords Scams Government

China-linked APT41 group spotted using open-source red teaming tool GC2

Security Affairs

APRIL 17, 2023

The attack took place in October 2022, threat actors sent phishing emails that contained links to a password-protected file hosted in Drive. The researchers noticed that the most common attack against networks and cloud instances is the account takeover. ” continues the report.

Media

Media Accountability Government Malware

EvilExtractor, a new All-in-One info stealer appeared on the Dark Web

Security Affairs

APRIL 24, 2023

FortiGuard Labs observed this malware in a phishing email campaign on 30 March, which we traced back to the samples included in this blog.” The malware can steal sensitive data from the infected endpoint, including browser history and passwords, and cookies. . “Based on our traffic source data to the host, evilextractor[.]com,

Cybercrime

Cybercrime Malware Education Phishing

Operation TOURNIQUET: Authorities shut down dark web marketplace RaidForums

Security Affairs

APRIL 12, 2022

These contained information for millions of credit cards, bank account numbers and routing information, and the usernames and associated passwords needed to access online accounts.” ” RaidForums was launched in 2015, its community reached over half a million users. To nominate, please visit:?

Cybercrime

Cybercrime Banking Accountability Hacking

Trigona Ransomware targets Microsoft SQL servers

Security Affairs

APRIL 20, 2023

The attackers launch brute-force or dictionary attacks against the server in an attempt to guess account credentials. CLR Shell allows operators to harvest system information and escalate privileges to LocalSystem by exploiting a vulnerability in the Windows Secondary Logon Service. ” reads the report published by AhnLab.

Ransomware

Ransomware Malware Encryption Hacking

5 API Vulnerabilities That Get Exploited by Criminals

Security Affairs

NOVEMBER 22, 2022

It’s no secret that cyber security has become a leading priority for most organizations — especially those in industries that handle sensitive customer information. And as these businesses work towards building robust security strategies, it’s vital that they account for various threat vectors and vulnerabilities.

Authentication

Authentication B2B Accountability Digital transformation

China-linked APT Curious Gorge targeted Russian govt agencies

Security Affairs

MAY 3, 2022

Google TAG also observed Russia-linked APT28 (aka Fancy Bear) cyberespionage group targeting users in Ukraine with a new variant of a.Net malware distributed via email attachments inside of password protected zip files (ua_report.zip). The malware is able to steal cookies and saved passwords from Chrome, Edge and Firefox browsers.

Manufacturing

Manufacturing Government Phishing Passwords

Phishers migrate to Telegram

Security Affairs

APRIL 6, 2023

Data includes verified online banking credentials, in some cases phishers also provides info on the account balances. “For example, the same Telegram channel offered the credentials for a bank account with $1,400 in it for $110, whereas access to an account with a balance of $49,000 was put up for $700.”

Phishing

Phishing Scams Social Engineering Banking

Peugeot leaks access to user information in South America

Security Affairs

APRIL 25, 2023

The exposed file contained: Full MySQL database Uniform Resource Identifier (URI) – a unique sequence of characters that identifies a resource – as well as username and password to access it; JSON Web Token’s (JWT) passphrase and locations of private and public keys; A link to the git repository for the site; Symfony application secret.

Social Engineering

Social Engineering Education Media Marketing

Five Eyes agencies warn of attacks on MSPs

Security Affairs

MAY 12, 2022

. “The CSA—created in response to reports of increased activity against MSPs and their customers—provides specific guidance for both MSPs and customers aimed at enabling transparent discussions on securing sensitive data.” Protect internet-facing services Defend against brute force and password spraying Defend against phishing.

Authentication

Authentication Accountability Architecture Backups

15 Cybersecurity Measures for the Cloud Era

Security Affairs

APRIL 8, 2022

Two-factor authentication is another important security measure for the cloud era. This means that in addition to your password, you will also need a second factor, such as a code from a key fob or a fingerprint, to access your data. Use strong passwords. Another important security measure is to use strong passwords.

Cybersecurity

Cybersecurity Passwords Penetration Testing Encryption

‘Land Lordz’ Service Powers Airbnb Scams

Krebs on Security

APRIL 14, 2019

The ne’er-do-well who set up the account below has been paying $550 a month for a Land Lordz “basic plan” subscription at landlordz[.]site The site looks exactly like the real Airbnb, includes pictures of the requested property, and steers visitors toward signing in or to creating a new account. co.uk , airbnb.pt-anuncio[.]com

Scams

Scams Advertising Accountability Phishing

Ukrainian national sentenced to 4 years in prison for selling access to hacked servers

Security Affairs

MAY 16, 2022

Ivanov-Tolpintsev was charged with conspiracy, trafficking in unauthorized access devices, and trafficking in computer passwords. The post Ukrainian national sentenced to 4 years in prison for selling access to hacked servers appeared first on Security Affairs. In September, he was extradited to the U.S. in September 2021.

Hacking

Hacking Passwords Government Accountability

Block discloses data breach involving Cash App potentially impacting 8.2 million US customers

Security Affairs

APRIL 6, 2022

Securities and Exchange Commission (SEC). Block pointed out that the reports don’t contain personally identifiable information such as usernames or passwords, Social Security numbers, dates of birth, payment card information, addresses, and bank account details. million current and former customers.

Data breaches

Data breaches Cryptocurrency Accountability Banking

GUEST ESSAY: The key differences between ‘information privacy’ vs. ‘information security’

Removing Passwords, Without Compromising Security

Webinars

Trending Sources

Passwordless sign-in with passkeys is now available for Google accounts

Webinars

Crooks broke into AT&T email accounts to empty their cryptocurrency wallets

The Life and Death of Passwords: Improving Security With Passwords and People

Top Cybersecurity Accounts to Follow on Twitter

Privileged account management challenges: comparing PIM, PUM and PAM

Ukraine warns of attacks aimed at taking over Telegram accounts

The Trouble with Politicians Sharing Passwords

GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen

ConnectWise Quietly Patches Flaw That Helps Phishers

Slickwraps discloses data leak that impacted 850,000 user accounts

American Bar Association (ABA) suffered a data breach,1.4 million members impacted

WordPress Easy WP SMTP zero-day potentially exposes hundreds of thousands of sites to hack

Kodi discloses data breach after its forum was compromised

G Suite users’ passwords stored in plain-text for more than 14 years

FBI: Compromised US academic credentials available on various cybercrime forums

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

Protecting Your Digital Identity: Celebrating Identity Management Day

Atomic macOS Stealer is advertised on Telegram for $1,000 per month

Volvo retailer leaks sensitive files

Personal info of 90k hikers leaked by French tourism company La Malle Postale

538 Million Weibo users’ records being sold on Dark Web

3CX Breach Was a Double Supply Chain Compromise

SAP April 2023 security updates fix critical vulnerabilities

A flaw in the Essential ‘Addons for Elementor’ WordPress plugin poses 1M sites at risk of hacking

CISA adds Zimbra bug exploited in attacks against NATO countries to its Known Exploited Vulnerabilities catalog

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

China-linked threat actors have breached telcos and network service providers

BlackCat Ransomware gang breached over 60 orgs worldwide

Cyber Security Roundup for May 2021

China-linked APT41 group spotted using open-source red teaming tool GC2

EvilExtractor, a new All-in-One info stealer appeared on the Dark Web

Operation TOURNIQUET: Authorities shut down dark web marketplace RaidForums

Trigona Ransomware targets Microsoft SQL servers

5 API Vulnerabilities That Get Exploited by Criminals

China-linked APT Curious Gorge targeted Russian govt agencies

Phishers migrate to Telegram

Peugeot leaks access to user information in South America

Five Eyes agencies warn of attacks on MSPs

15 Cybersecurity Measures for the Cloud Era

‘Land Lordz’ Service Powers Airbnb Scams

Ukrainian national sentenced to 4 years in prison for selling access to hacked servers

Block discloses data breach involving Cash App potentially impacting 8.2 million US customers

Stay Connected