Authentication, InfoSec and Password Management

Still Using Passwords? Get Started with Phishing-Resistant, Passwordless Authentication Now!

Cisco Security

NOVEMBER 2, 2022

Going beyond the hype, passwordless authentication is now a reality. Cisco Duo’s passwordless authentication is now generally available across all Duo Editions. “ Cisco Duo simplifies the passwordless journey for organizations that want to implement phishing-resistant authentication and adopt a zero trust security strategy.

Authentication

Authentication Passwords Phishing Mobile

Password Managers Under Attack, Shady Reward Apps on Google Play, Meta Account Center 2FA Bypass

Security Boulevard

FEBRUARY 5, 2023

The attacks on password managers and their users continue as Bitwarden and 1Password users have reported seeing paid ads for phishing sites in Google search results for the official login page of the password management vendors.

Password Management

Password Management Passwords Accountability Phishing

"Pwned", the Book, is Finally Here!

Troy Hunt

SEPTEMBER 8, 2022

Captivating stuff, apart from infosec, you really feel as though you’ve been taken on a journey with Troy through the years of living in paradise a.k.a. Great to see a book deliver this authenticity - we're all only human after all! I haven't been able to put the book down. This book has it all.

InfoSec

InfoSec Password Management Passwords IoT

OAuth: Your Guide to Industry Authorization and Authentication

eSecurity Planet

APRIL 20, 2021

Nearly a decade ago, the cyber industry was toiling over how to enable access for users between applications and grant access to specific information about the user for authentication and authorization purposes. and authentication-focused OpenID Connect (OIDC). Also Read: Passwordless Authentication 101. Manages permissions.

Authentication

Authentication Mobile Accountability Encryption

World Password Day and the importance of password integrity

Webroot

MAY 3, 2022

While avoiding duplication of passwords for multiple accounts and enabling two-way authentication can help, using a password manager is another way to help manage all of your account passwords seamlessly. LastPass is the most trusted name in secure password management.

Passwords

Passwords Identity Theft Password Management Antivirus

Happy 13th Birthday, KrebsOnSecurity!

Krebs on Security

DECEMBER 29, 2022

I seem to be doing most of that activity now on Mastodon , which appears to have absorbed most of the infosec refugees from Twitter, and in any case is proving to be a far more useful, civil and constructive place to post such things. For a variety of reasons, I will no longer be sharing these updates on Twitter. ” SEPTEMBER.

Cryptocurrency

Cryptocurrency Cybercrime Computers and Electronics Scams

CISA adds Plex Media Server bug, exploited in LastPass attack, to Known Exploited Vulnerabilities Catalog

Security Affairs

MARCH 13, 2023

The three-year-old high-severity flaw is a deserialization of untrusted data in Plex Media Server on Windows, a remote, authenticated attacker can trigger it to execute arbitrary Python code. CISAgov added #CVE -2020-5741 & CVE-2021-39144 to the Known Exploited Vulnerabilities Catalog. in May 2020.

Media

Media InfoSec Password Management Engineering

SolarWinds blaming intern for leaked password is symptom of ‘security failures’

SC Magazine

MARCH 2, 2021

House Oversight and Homeland Security committees last week, SolarWinds’s former and current CEOs blamed an intern for creating a weak FTP server password and leaking it on GitHub – an act which may or may not have contributed to a supply chain hack that impacted users of the tech firm’s Orion IT performance monitoring platform.

Passwords

Passwords Password Management CISO InfoSec

Celebrate Identity Management Day by Taking Identity Security Seriously

CyberSecurity Insiders

APRIL 8, 2022

In honor of the day coming up on April 12, I spoke to the below industry experts on how both individuals and organizations can strengthen identity management all year round. Those steps can become overwhelming for small businesses with staff shortages, small budgets or limited time.

Small Business

Small Business InfoSec Password Management Data breaches

Protect IT—A Combination of Security Culture and Cyber Hygiene Good Practices

Thales Cloud Protection & Licensing

OCTOBER 24, 2019

Per Symantec , they should specifically require passwords that contain at least 16 characters comprised of upper- and lowercase letters, numbers and symbols. Infosec personnel should also help employees store those passwords safely such as via the use of a password manager. Implement Multi-Factor Authentication.

Security Awareness

Security Awareness InfoSec Passwords Accountability

Evolving Identity: Why Legacy IAM May Not Be Fit for Purpose

CyberSecurity Insiders

APRIL 21, 2021

Multi-factor authentication is great for security, but can still be a chore for the average person to use. In some cases, people will choose weak passwords, relying on the security of the multi-factor process as the extra safety mechanism. The InfoSec Perspective. Here To Stay.

Passwords

Passwords Information Security Engineering Authentication

Is India's Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture

Troy Hunt

JANUARY 10, 2018

But getting onto the title of this section, the page in question is the E-Aadhaar authentication page (also geo-blocked). This is poor form as it can break tools that encourage good security practices such as password managers.

Hacking

Hacking Government Encryption Risk

The Race to the Bottom of Credential Stuffing Lists; Collections #2 Through #5 (and More)

Troy Hunt

FEBRUARY 11, 2019

Incidentally, Lorenzo who wrote that Motherboard piece is a top-notch infosec journo I've worked with many times before and he reported accurately in that piece.) Of course, there was nothing missing from the post and each time I asked the question it was met with silence.

Passwords

Passwords Data breaches Media InfoSec

Episode 145: Veracode CTO Chris Wysopal and Life After Passwords with Plurilock

The Security Ledger

MAY 8, 2019

Also: we continue our series on life after the password by speaking to Ian Paterson, the CEO of behavioral authentication vendor Plurilock. Also: we continue our series on life after the password by speaking to Ian Paterson, the CEO of behavioral authentication vendor Plurilock.

Passwords

Passwords Password Management Authentication InfoSec

Scattered Spider x RansomHub: A New Partnership

Digital Shadows

OCTOBER 23, 2024

Figure 3: Scattered Spider attack timeline Social Engineering: Fool Me Once, Fool Me Twice To gain initial access to the target network, the threat actor called the organization’s IT help desk and persuaded staff to reset the CFO’s account password. This isn’t the first time we’ve seen Scattered Spider target password managers.

Social Engineering

Social Engineering Engineering Accountability Backups

Personal Cybersecurity Concerns for 2023

Security Through Education

JANUARY 18, 2023

The Cybersecurity & Infrastructure Security Agency , lists the following 4 steps to protect yourself: Implement multi-factor authentication on your accounts and make it significantly less likely you’ll get hacked. Use strong passwords, and ideally a password manager to generate and store unique passwords.

Cybersecurity

Cybersecurity Social Engineering Scams IoT

Scattered Spider x RansomHub: A New Partnership

Digital Shadows

OCTOBER 23, 2024

Figure 3: Scattered Spider attack timeline Social Engineering: Fool Me Once, Fool Me Twice To gain initial access to the target network, the threat actor called the organization’s IT help desk and persuaded staff to reset the CFO’s account password. This isn’t the first time we’ve seen Scattered Spider target password managers.

Social Engineering

Social Engineering Engineering Accountability Backups

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

How to screen for natural infosec talent: Ask for a worst case scenario for any common situation. Street is an industry-respected speaker and analyst and currently is the VP of InfoSec for SphereNY. Markstedter actively contributes to filling the infosec education gap. — Jack Daniel (@jack_daniel) October 10, 2018.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

Generated Passwords, UX and Security Absolutism

Troy Hunt

DECEMBER 10, 2019

. — Martin Boissonneault (@ve2mrx) December 9, 2019 For me, the issue isn't really about the storage and delivery of the password, it's about the practice of generating a password for someone that just doesn't add up. Password manager? Then you have a strong password generator already. No password manager?

Passwords

Passwords Password Management Accountability Authentication

Cyber Security Informer

Still Using Passwords? Get Started with Phishing-Resistant, Passwordless Authentication Now!

Password Managers Under Attack, Shady Reward Apps on Google Play, Meta Account Center 2FA Bypass

Trending Sources

"Pwned", the Book, is Finally Here!

OAuth: Your Guide to Industry Authorization and Authentication

World Password Day and the importance of password integrity

Happy 13th Birthday, KrebsOnSecurity!

CISA adds Plex Media Server bug, exploited in LastPass attack, to Known Exploited Vulnerabilities Catalog

SolarWinds blaming intern for leaked password is symptom of ‘security failures’

Celebrate Identity Management Day by Taking Identity Security Seriously

Protect IT—A Combination of Security Culture and Cyber Hygiene Good Practices

Evolving Identity: Why Legacy IAM May Not Be Fit for Purpose

Is India's Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture

The Race to the Bottom of Credential Stuffing Lists; Collections #2 Through #5 (and More)

Episode 145: Veracode CTO Chris Wysopal and Life After Passwords with Plurilock

Scattered Spider x RansomHub: A New Partnership

Personal Cybersecurity Concerns for 2023

Scattered Spider x RansomHub: A New Partnership

Top Cybersecurity Accounts to Follow on Twitter

Generated Passwords, UX and Security Absolutism

Stay Connected