Authentication, Document and Passwords - Cyber Security Informer

GUEST ESSAY: How the FIDO Alliance helps drive the move to passwordless authentication

The Last Watchdog

DECEMBER 6, 2021

For IT leaders, passwords no longer cut it. This traditional authentication method is challenging to get rid of, mostly because it’s so common. Every new account you sign up for, application you download, or device you purchase requires a password. Lowering password use. So why are they still around?

Authentication

Authentication Passwords Mobile Phishing

Microsoft: Happy 2025. Here’s 161 Security Updates

Krebs on Security

JANUARY 14, 2025

out of a possible 10, including CVE-2025-21298 , a weakness in Windows that could allow attackers to run arbitrary code by getting a target to open a malicious.rtf file, documents typically opened on Office applications like Microsoft Word. .” Several bugs addressed today earned CVSS (threat rating) scores of 9.8

Artificial Intelligence

Artificial Intelligence Social Engineering Encryption Internet

Microsoft to Require Multi-Factor Authentication for Cloud Solution Providers

Krebs on Security

JUNE 28, 2019

says it will soon force all Cloud Solution Providers (CSPs) that help companies manage their Office365 accounts to use multi-factor authentication. As it happened, the PCM employee was not using multi-factor authentication. It might be difficult to fathom how this isn’t already mandatory, but Microsoft Corp.

Authentication

Authentication Accountability Data breaches Software

How to Lose a Fortune with Just One Bad Click

Krebs on Security

DECEMBER 18, 2024

Griffin said a follow-up investigation revealed the attackers had used his Gmail account to gain access to his Coinbase account from a VPN connection in California, providing the multi-factor code from his Google Authenticator app. You may also wish to download Google Authenticator to another mobile device that you control.

Cryptocurrency

Cryptocurrency Accountability Authentication Phishing

Passwords in the age of AI: We need to find alternatives

Malwarebytes

MAY 8, 2025

For decades, passwords have been our default method for keeping online accounts safe. A team at Cybernews conducted a study of over 19 billion newly exposed passwords which showed were looking at a a widespread epidemic of weak password reuse. Does that make the password obsolete? But our opponents have.

Passwords

Passwords Artificial Intelligence Identity Theft Password Management

Bitwarden vs Dashlane: Comparing Password Managers

eSecurity Planet

MAY 14, 2025

Bitwarden and Dashlane are two popular password managers that offer business plans in addition to their products for individuals. 5 Bitwarden is a popular business password manager with features like user management, custom session length, and integrations with SIEM products. However, Dashlane is still a great choice for businesses.

Password Management

Password Management Passwords Data breaches Encryption

Threat Modeling and Logins

Adam Shostack

JANUARY 2, 2025

Authentication is more frustrating to your customers when you dont threat model. The bank unexpectedly sent me a temporary password to sign up, and when I did, the temporary password had expired. But then, after I went to reset the password, the bank emailed me a one time code. Recently, I was opening a new bank account.

Banking

Banking Passwords Password Management Authentication

Making authentication faster than ever: passkeys vs. passwords

Google Security

MAY 5, 2023

Silvia Convento, Senior UX Researcher and Court Jacinic, Senior UX Content Designer In recognition of World Password Day 2023, Google announced its next step toward a passwordless future: passkeys. Passkeys are not just easier to use, but also significantly faster than passwords. On average, a user can successfully sign in within 14.9

Authentication

Authentication Passwords Technology Password Management

Internet Archive was breached twice in a month

Security Affairs

OCTOBER 21, 2024

The Internet Archive was breached again, attackers hacked its Zendesk email support platform through stolen GitLab authentication tokens. The breach may have exposed personal identification documents uploaded by users for Wayback Machine page removal requests, depending on the attacker’s Zendesk API access.

Internet

Internet Internet Data breaches Authentication

184 million logins for Instagram, Roblox, Facebook, Snapchat, and more exposed online

Malwarebytes

MAY 27, 2025

While the sheer volume of exposed dataincluding emails, passwords, and authorization URLsis alarming, the real concern is not just about the exposure itself, but in how cybercriminals collect and weaponize these credentials. Infostealers have evolved beyond simple password grabbers. Use unique, complex passwords for every service.

Identity Theft

Identity Theft Passwords Accountability Phishing

Strengthen your digital defenses on World Password Day

Webroot

APRIL 30, 2025

In todays digital world, passwords have become a necessary part of life. May 1, 2025, is World Password Day , a reminder that passwords are the unsung heroes of cybersecurity, the first line of defense for all your sensitive personal data. World Password Day is more relevant than ever in todays evolving threat landscape.

Passwords

Passwords Password Management Accountability Malware

Are You One of the 533M People Who Got Facebooked?

Krebs on Security

APRIL 6, 2021

. — rely on that number for password resets. From there, the bad guys can reset the password of any account to which that mobile number is tied, and of course intercept any one-time tokens sent to that number for the purposes of multi-factor authentication. It’s time we stopped letting everyone treat them that way.

Mobile

Mobile Accountability Passwords Authentication

As Seen on Channel 5’s Vanessa (Feltz) Show: What to Do if You’re Targeted by a Scam

Jane Frankland

MAY 16, 2025

Scammers use fake personas often posing as military personnel or celebrities e.g., a French woman recently lost 700,000 to scammers pretending to be Brad Pitt using AI-generated photos and fake documents ( BBC ). Auto-fill Exploits: A small but critical sign when your password manager doesnt autofill it might be a scam site.

Scams

Scams Password Management Passwords Banking

FCC Proposal Targets SIM Swapping, Port-Out Fraud

Krebs on Security

OCTOBER 1, 2021

30 , the FCC said it plans to move quickly on requiring the mobile companies to adopt more secure methods of authenticating customers before redirecting their phone number to a new device or carrier. In a long-overdue notice issued Sept. ” The FCC said the proposal was in response to a flood of complaints to the agency and the U.S.

Wireless

Wireless Mobile Passwords Authentication

How to Protect Your Gmail Password: Top Tips for Maximum Security

Hacker's King

DECEMBER 28, 2024

Your Gmail account stores valuable information such as emails, contacts, and documents. A compromised password can lead to identity theft and data breaches. To safeguard your Gmail password, you need to adopt a few best practices that will enhance your accounts security and keep cyber threats at bay.

Passwords

Passwords Identity Theft Accountability Data breaches

Recycle Your Phone, Sure, But Maybe Not Your Number

Krebs on Security

MAY 19, 2021

Many online services allow users to reset their passwords by clicking a link sent via SMS, and this unfortunately widespread practice has turned mobile phone numbers into de facto identity documents. While you’re at it, consider removing your phone number as a primary or secondary authentication mechanism wherever possible.

Mobile

Mobile Wireless Authentication Accountability

Employee monitoring app exposes users, leaks 21+ million screenshots

Malwarebytes

APRIL 28, 2025

This is not just bad news for those remote workers, it could be even worse for the WorkComposer customers that can see internal communications, confidential business documents, and log in pages exposed to anyone that stumbled over the unprotected bucket. Change the passwords that may have been seen. Watch out for phishing attacks.

Passwords

Passwords Phishing Spyware Password Management

News alert: INE Security announces new initiative to help companies accelerate CMMC 2.0 compliance

The Last Watchdog

JANUARY 27, 2025

Organizations can use this checklist to track progress and identify areas requiring attention before assessment. demands a structured approach to implementation and preparation. demands a structured approach to implementation and preparation. demands a structured approach to implementation and preparation.

Password Management

Password Management Architecture Threat Detection Cybersecurity

IT administrators' passwords are awful too

Malwarebytes

OCTOBER 19, 2023

The administrator password is "admin". Research has revealed that IT administrators are just as likely to do the tech equivalent of putting the key under the mat as end users, with both groups using similarly predictable passwords. For that reason, using default passwords is considered a serious security risk.

Passwords

Passwords Authentication Password Management Engineering

U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason”

Krebs on Security

FEBRUARY 26, 2025

At the end of 2023, malicious hackers learned that many companies had uploaded sensitive customer records to accounts at the cloud data storage service Snowflake that were protected with little more than a username and password (no multi-factor authentication needed).

Hacking

Hacking Government Identity Theft Accountability

Cisco fixed tens of vulnerabilities, including an actively exploited one

Security Affairs

OCTOBER 24, 2024

An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device. Cisco warned customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services configured on Cisco Secure Firewall devices. ” reads the advisory.

VPN

VPN Firewall Passwords Software

Alleged ‘Scattered Spider’ Member Extradited to U.S.

Krebs on Security

APRIL 30, 2025

In a SIM-swapping attack, crooks transfer the targets phone number to a device they control and intercept any text messages or phone calls to the victim’s device including one-time passcodes for authentication and password reset links sent via SMS. Documents from the U.S. ” U.S.

Identity Theft

Identity Theft Phishing Cryptocurrency Cybercrime

Cyber Actors Bypassing Two-Factor Authentication Implementations

Cisco Security

MARCH 15, 2022

According to the FBI’s bulletin, cyber actors were able to obtain access to primary credentials for users with Duo accounts that did not have an enrolled multi-factor authentication (MFA) device. This activity was documented as early as May, 2021. General Best Practices: Require complex or strong primary user passwords.

Authentication

Authentication Passwords Accountability Government

Malicious Office 365 Apps Are the Ultimate Insiders

Krebs on Security

MAY 5, 2021

After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the user’s emails and files, both of which are then plundered to launch malware and phishing scams against others.

Accountability

Accountability Passwords Advertising Phishing

Cisco warns of password-spraying attacks targeting Secure Firewall devices

Security Affairs

MARCH 29, 2024

Cisco warns customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services of Cisco Secure Firewall devices. Cisco is warning customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services configured on Cisco Secure Firewall devices. ” reads the report.

Firewall

Firewall Passwords VPN Authentication

Why you should act like your CEO’s password is “querty”

Malwarebytes

MAY 20, 2022

A poor password at the highest levels of an organisation can cost a company millions in losses. Recent findings show that half of IT leaders store passwords in shared documents. On top of that, it seems that folks at executive level are not picking good passwords either. Are CEOs naming their passwords after themselves?

Passwords

Passwords Password Management Authentication VPN

Hackers take over 1.1 million accounts by trying reused passwords

Malwarebytes

JANUARY 6, 2022

Credential stuffing is the automated injection of stolen username and password pairs in to website login forms, in order to fraudulently gain access to user accounts. Accessing more sensitive information such as credit card numbers, private messages, pictures, or documents which can ultimately lead to identity theft. No more passwords.

Passwords

Passwords Accountability Identity Theft Password Management

U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

OCTOBER 25, 2024

An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device. Cisco warned customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services configured on Cisco Secure Firewall devices. This vulnerability is due to resource exhaustion.

VPN

VPN Firewall Technology Passwords

Can We Stop Pretending SMS Is Secure Now?

Krebs on Security

MARCH 16, 2021

From there, the attacker can reset the password of any account which uses that phone number for password reset links. But Lucky225 said the class of SMS interception he’s been testing targets a series of authentication weaknesses tied to a system developed by NetNumber , a private company in Lowell, Mass.

Telecommunications

Telecommunications Mobile Accountability Wireless

Recent ‘MFA Bombing’ Attacks Targeting Apple Users

Krebs on Security

MARCH 26, 2024

Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature. “It was like this system notification from Apple to approve [a reset of the account password], but I couldn’t do anything else with my phone.

Passwords

Passwords Accountability Cryptocurrency Phishing

Making Seamless Authentication a Reality for MSP Customers

Duo's Security Blog

APRIL 3, 2025

Users dont like passwords and logging in, period. MSPs should like passwords even less since, according to Gartner , 40% of all help desk calls are related to password resets. While this may avoid authentication fatigue, it certainly risks and may even violate some security standards.

Authentication

Authentication Passwords Risk VPN

The Stealthy Success of Passkeys

IT Security Guru

NOVEMBER 18, 2024

It’s interesting to note that many people will happily unlock their phone by just looking at it and have no problem tapping their bank card against a store’s point of sale terminal, but if the term password security is presented to them, they have a blank expression, or worse, shrink away. People are just starting to adopt it passively.

Passwords

Passwords Password Management Technology Authentication

Application and AI roundup - May

Adam Shostack

JANUARY 2, 2025

This month runs quite heavy on AI, but the CISA Safe by Design and Default document is going to be important for the next several years. Their first example is fascinating: the code hardcodes a password, and they say its safe to ignore. I think its not safe, the sample code should show how to get the password from a secret store API.

Passwords

Passwords Encryption Risk Advertising

Why Phone Numbers Stink As Identity Proof

Krebs on Security

MARCH 17, 2019

Phone numbers stink for security and authentication. Illegal SIM swaps allow fraudsters to hijack a target’s phone’s number and use it to steal financial data, passwords, cryptocurrencies and other items of value from victims. Many major providers still let people reset their passwords with just a text message.

Accountability

Accountability Passwords Mobile Banking

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Krebs on Security

SEPTEMBER 5, 2023

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. 15, 2022, LastPass said an investigation into the August breach determined the attacker did not access any customer data or password vaults.

Cryptocurrency

Cryptocurrency Passwords Encryption Accountability

Apple’s passkeys attempt to solve the password problem

Malwarebytes

JUNE 9, 2022

The recent Apple Worldwide Developers Conference (WWDC) revealed another teasing of what has been referred to as “the end of passwords forever” Passkeys are a “new biometric sign-in standard” Biometrics in security circles are used for things like identity cards, building access, and so on. Pass the passkey.

Passwords

Passwords Phishing Authentication Accountability

Microsoft Announces Security Update with Windows Resiliency Initiative

eSecurity Planet

DECEMBER 4, 2024

Improving Identity Protection According to Microsoft’s Entra ID data, more than 600 million identity attacks occur daily, and 99% of them are password based. This includes strengthening password policies, implementing multi-factor authentication, and leveraging advanced threat detection techniques.

Encryption

Encryption Phishing Authentication Passwords

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

Webroot

MARCH 3, 2025

Common attacks to consumer protection Identity theft and fraud Some common types of identity theft and fraud include account takeover fraud , when criminals use stolen personal information such as account numbers, usernames, or passwords to hijack bank accounts, credit cards, and even email and social media accounts.

Consumer Protection

Consumer Protection Identity Theft Scams Social Engineering

Top Unexpected Ways to Utilise a Password Manager for Enhanced Security and Organisation

IT Security Guru

JANUARY 22, 2024

Password managers have become integral tools for individuals and businesses alike. However, these digital guardians can offer more than just a secure vault for passwords. In fact, a good password manager can play a crucial role in enhancing both the personal and professional aspects of a user’s digital life.

Password Management

Password Management Passwords Banking Accountability

It’s Still Easy for Anyone to Become You at Experian

Krebs on Security

NOVEMBER 11, 2023

In the summer of 2022, KrebsOnSecurity documented the plight of several readers who had their accounts at big-three consumer credit reporting bureau Experian hijacked after identity thieves simply re-registered the accounts using a different email address. Sixteen months later, Experian clearly has not addressed this gaping lack of security.

Accountability

Accountability Authentication Passwords Identity Theft

FBI, CISA Echo Warnings on ‘Vishing’ Threat

Krebs on Security

AUGUST 21, 2020

” “The actors then convinced the targeted employee that a new VPN link would be sent and required their login, including any 2FA [2-factor authentication] or OTP [one-time passwords]. authenticate the phone call before sensitive information can be discussed.

Social Engineering

Social Engineering VPN Authentication Engineering

Duo Continues to Enhance Partnership With Microsoft on New Entra ID External Authentication Methods

Duo's Security Blog

MAY 2, 2024

We are excited to have partnered closely with Microsoft in the co-development of Microsoft Entra ID External Authentication Methods, available in Public Preview May 2024! External Authentication Methods (EAM) enables frictionless integration of Duo’s full security feature set.

Authentication

Authentication Phishing Passwords Risk

8 Best Password Management Software & Tools for 2022

eSecurity Planet

SEPTEMBER 19, 2022

Since many people use the same passwords or patterns when generating passwords, hackers have more and more opportunities to gain access to sensitive company data. Password manager tools allow organizations and their employees to seamlessly and securely handle login credentials. Best Password Manager Tools.

Password Management

Password Management Passwords Software Encryption

Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks

Krebs on Security

JULY 15, 2024

“And since there’s no password on the account, it just shoots them to the ‘create password for your new account’ flow. What’s more, Monahan said, Squarespace did not require email verification for new accounts created with a password.

Accountability

Accountability Cryptocurrency Passwords DNS

GUEST ESSAY: How the FIDO Alliance helps drive the move to passwordless authentication

Microsoft: Happy 2025. Here’s 161 Security Updates

Trending Sources

Microsoft to Require Multi-Factor Authentication for Cloud Solution Providers

How to Lose a Fortune with Just One Bad Click

Passwords in the age of AI: We need to find alternatives

Bitwarden vs Dashlane: Comparing Password Managers

Threat Modeling and Logins

Making authentication faster than ever: passkeys vs. passwords

Internet Archive was breached twice in a month

184 million logins for Instagram, Roblox, Facebook, Snapchat, and more exposed online

Strengthen your digital defenses on World Password Day

Are You One of the 533M People Who Got Facebooked?

As Seen on Channel 5’s Vanessa (Feltz) Show: What to Do if You’re Targeted by a Scam

FCC Proposal Targets SIM Swapping, Port-Out Fraud

How to Protect Your Gmail Password: Top Tips for Maximum Security

Recycle Your Phone, Sure, But Maybe Not Your Number

Employee monitoring app exposes users, leaks 21+ million screenshots

News alert: INE Security announces new initiative to help companies accelerate CMMC 2.0 compliance

IT administrators' passwords are awful too

U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason”

Cisco fixed tens of vulnerabilities, including an actively exploited one

Alleged ‘Scattered Spider’ Member Extradited to U.S.

Cyber Actors Bypassing Two-Factor Authentication Implementations

Malicious Office 365 Apps Are the Ultimate Insiders

Cisco warns of password-spraying attacks targeting Secure Firewall devices

Why you should act like your CEO’s password is “querty”

Hackers take over 1.1 million accounts by trying reused passwords

U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog

Can We Stop Pretending SMS Is Secure Now?

Recent ‘MFA Bombing’ Attacks Targeting Apple Users

Making Seamless Authentication a Reality for MSP Customers

The Stealthy Success of Passkeys

Application and AI roundup - May

Why Phone Numbers Stink As Identity Proof

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Apple’s passkeys attempt to solve the password problem

Microsoft Announces Security Update with Windows Resiliency Initiative

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

Top Unexpected Ways to Utilise a Password Manager for Enhanced Security and Organisation

It’s Still Easy for Anyone to Become You at Experian

FBI, CISA Echo Warnings on ‘Vishing’ Threat

Duo Continues to Enhance Partnership With Microsoft on New Entra ID External Authentication Methods

8 Best Password Management Software & Tools for 2022

Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks

Stay Connected