The Hacker News

APRIL 28, 2023

The Atomic macOS Stealer can steal various types of information from the victim's machine, including Keychain passwords, complete system information, files from the desktop and documents folder, and

Passwords 104

Passwords Malware Advertising 104

Malwarebytes

MAY 20, 2022

A poor password at the highest levels of an organisation can cost a company millions in losses. Recent findings show that half of IT leaders store passwords in shared documents. On top of that, it seems that folks at executive level are not picking good passwords either. Are CEOs naming their passwords after themselves?

Passwords 132

Passwords Password Management Authentication VPN 132

Malwarebytes

SEPTEMBER 4, 2023

Researchers at the University of Wisconsin–Madison have demonstrated that Chrome browser extensions can steal passwords from the text input fields in websites, even if the extension is compliant with Chrome's latest security and privacy standard, Manifest V3. This creates a significant challenge for vendors like Google.

Passwords 115

Passwords Password Management Ransomware 115

Adam Shostack

JUNE 26, 2019

Bruce Marshall has put together a comparison of OWASP ASVS v3 and v4 password requirements: OWASP ASVS 3.0 & 4.0 We should judge standards on their delivery of these important contextual documents. Comparison. This is useful in and of itself, and is also the sort of thing that more standards bodies should do, by default.

Passwords 140

Passwords 140

Schneier on Security

JANUARY 29, 2024

Microsoft is reporting that a Russian intelligence agency—the same one responsible for SolarWinds—accessed the email system of the company’s executives. The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself.

Hacking 247

Hacking Accountability Passwords Cybersecurity 247

Krebs on Security

NOVEMBER 11, 2019

In late October, this author received a tip from Wisconsin-based security firm Hold Security that a file containing a staggering number of internal usernames and passwords for Orvis had been posted to Pastebin. Microsoft Active Directory accounts and passwords. 4, and the second Oct. 4, and the second Oct. Data backup services.

Retail 169

Retail Passwords Wireless Backups 169

Bleeping Computer

AUGUST 21, 2022

Password-protected ZIP archives are common means of compressing and sharing sets of files—from sensitive documents to malware samples to even malware (phishing "invoices" in emails). But, did you know it is possible for an encrypted ZIP file to have two correct passwords, with both producing the same outcome on extraction? [.].

Passwords 98

Passwords Encryption Phishing Malware 98

CyberSecurity Insiders

JUNE 3, 2021

A recent project associated with Dartmouth College aims to limit the damage hackers cause by tricking them with fake documents. The idea involves spreading several fake documents. WE-FORGE depends on artificial intelligence (AI) to create false documents , protecting intellectual property in the process.

Cyber Attacks 92

Cyber Attacks Artificial Intelligence Cybersecurity Data breaches 92

Malwarebytes

JANUARY 6, 2022

Credential stuffing is the automated injection of stolen username and password pairs in to website login forms, in order to fraudulently gain access to user accounts. Accessing more sensitive information such as credit card numbers, private messages, pictures, or documents which can ultimately lead to identity theft. No more passwords.

Passwords 135

Passwords Accountability Identity Theft Password Management 135

Heimadal Security

MARCH 28, 2023

Researchers discovered a new MacOS info-stealer that extracts documents, cookies, and login data from infected devices. At […] The post MacStealer MacOS Malware Steals Passwords from iCloud Keychain appeared first on Heimdal Security Blog.

Passwords 69

Passwords Malware Cybersecurity 69

IT Security Guru

JULY 23, 2021

Stealing access to your environment using a known password for a user account is a much easier way to compromise systems than relying on other vulnerabilities. Therefore, using good password security and robust password policies is an excellent way for organizations to bolster their cybersecurity posture. MyP@$$w0rd1$ (84 bits).

Policy Compliance 121

Policy Compliance Passwords Accountability Authentication 121

Troy Hunt

APRIL 27, 2018

When I launched Pwned Passwords in August , I honestly didn't know how much it would be used. I made 320M SHA-1 password hashes downloadable and also stood up an API to query the data "as a service" by either a plain text password or a SHA-1 hash. Thanks @haveibeenpwned !

Passwords 187

Passwords 187

Veracode Security

APRIL 7, 2021

Password being such a central piece of any authentication-based system, every developer would be involved with it at some point in his or her career. It becomes exceedingly important to make sure these stored passwords can???t KDFs used to generate these random bytes of data are commonly called as password hashing algorithms.

Passwords 123

Passwords Architecture Encryption Government 123

Security Boulevard

JULY 28, 2022

Microsoft Office XLS Document Executes Obfuscated Excel 4.0 The first stage of an attack likely begins with a spam email delivering a Microsoft Office XLS document as an attachment. The XLS document uses obfuscated Excel macros. When opened, the document asks the user to ‘Enable Content’, when enabled the macro will execute.

Encryption 57

Encryption Malware Phishing Cybercrime 57

Krebs on Security

MARCH 26, 2024

Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature. “It was like this system notification from Apple to approve [a reset of the account password], but I couldn’t do anything else with my phone.

Passwords 338

Passwords Accountability Engineering Phishing 338

Security Affairs

JUNE 15, 2022

Citrix fixed a critical flaw in Citrix Application Delivery Management (ADM), tracked as CVE-2022-27511, that can allow attackers to reset admin passwords. Citrix fixed a critical vulnerability in Citrix Application Delivery Management (ADM), tracked as CVE-2022-27511, that can be exploited by attackers to reset admin passwords.

Passwords 91

Passwords Hacking Cybersecurity Information Security 91

Security Affairs

JANUARY 21, 2021

With a simple Google search, anyone could have found the password to one of the compromised, stolen email addresses: a gift to every opportunistic attacker.” Once the victim double-clicked the HTML file, a blurred image with a preconfigured email within the document is opened in the browser. ” continues the post.

Phishing 129

Phishing Passwords Healthcare Manufacturing 129

Security Affairs

MARCH 8, 2024

million files, and 65,000 documents were classified by NCSC as data relevant to the Federal Administration. Government experts discovered sensitive information, including personal data, technical information, classified details, and passwords, in approximately half of the Federal Administration’s files (5,182).

Ransomware 122

Ransomware Data breaches Unstructured Data Architecture 122

Krebs on Security

APRIL 9, 2024

It involves convincing a user to click on a malicious link in an email, which can then steal the user’s password hash and authenticate as the user in another Microsoft service. Adobe has since clarified that its apps won’t use AI to auto-scan your documents, as the original language in its FAQ suggested.

DNS 227

DNS Social Engineering Malware Media 227

Security Affairs

JANUARY 31, 2024

Source: Cybernews Users holding the company’s email addresses, potentially the employees, had their passwords exposed in plaintext. Hashed passwords to access user accounts on the DTT trading platform were also leaked. Leaked emails. Some clients had their home addresses, phone numbers, and partial credit card details exposed.

Technology 122

Technology Identity Theft Backups Passwords 122

Security Affairs

APRIL 1, 2020

The popular Zoom app is under scrutiny, experts have discovered a vulnerability that could be exploited to steal users’ Windows passwords. The attack leverages the SMBRelay technique that provides username and NTLM password hashes to a remote SMB server when connecting to it. Baset (@SymbianSyMoh) April 1, 2020.

Passwords 119

Passwords Advertising Hacking Software 119

SC Magazine

MARCH 12, 2021

In a related exhibit, NYC Carpenters documents nearly $1 million they invested in 23 different purchases of SolarWinds stock starting January 2019, when it sold for just over $14 a share and ending on June 3, 2020, six months before the breach was announced and when it was still selling for $19.41. 18, 2018 and Dec.

Hacking 70

Hacking Government Cybersecurity Risk 70

Security Boulevard

APRIL 7, 2021

Password being such a central piece of any authentication-based system, every developer would be involved with it at some point in his or her career. It becomes exceedingly important to make sure these stored passwords can???t KDFs used to generate these random bytes of data are commonly called as password hashing algorithms.

Passwords 62

Passwords Architecture Encryption Government 62

Thales Cloud Protection & Licensing

NOVEMBER 14, 2017

The tsunami of passwords that exist across every aspect of our digital life means that there’s a thriving underground industry of cyber-criminals trying to get at them. This time passwords were lightly protected by the 1970s-era DES algorithm. Taking a password dump from a server isn’t, of course, the only route to compromise.

Passwords 99

Passwords Internet Internet Data breaches 99

SecureWorld News

NOVEMBER 5, 2020

When it comes to passwords, where is the holy grail that will miraculously maximize security and usability at the same time? Password best practices: 10 years of research. Password best practices: 10 years of research. And during the decade of research, it wasn't just passwords that changed; it was the people, too. "We

Passwords 65

Passwords System Administration Accountability 65

SC Magazine

MARCH 12, 2021

In a related exhibit, NYC Carpenters documents nearly $1 million they invested in 23 different purchases of SolarWinds stock starting January 2019, when it sold for just over $14 a share and ending on June 3, 2020, six months before the breach was announced and when it was still selling for $19.41. 18, 2018 and Dec.

Hacking 59

Hacking Government Cybersecurity Risk 59

Security Affairs

AUGUST 12, 2020

The experts first discovered the malware in June 2018, but it has been available since 2014, when they observed threat actors spreading it via a Microsoft Word document containing an auto-executable malicious VBA Macro. To do this, the spyware creates different threads and timer functions in the main function. Pierluigi Paganini.

Passwords 137

Passwords Spyware VPN Malware 137

Dark Reading

JULY 14, 2022

Attackers use scam security checks to steal victims' government documents, photos, banking information, and email passwords, researchers warn.

Scams 131

Scams Phishing Banking Passwords 131

Tech Republic Security

SEPTEMBER 4, 2020

Dubbed PyVil, the new remote access trojan goes after passwords, documents, browser cookies, and email credentials, says Cybereason.

Passwords 186

Passwords 186

Bleeping Computer

JULY 23, 2023

Microsoft is further enhancing the Windows 11 Enhanced Phishing Protection by testing a new feature that warns users when they copy and paste their Windows password into websites and documents. [.]

Phishing 91

Phishing Passwords 91

Bleeping Computer

APRIL 1, 2022

Okta's outsourced provider of support services, Sitel (Sykes) has shared more information this week in response to the leaked documents that detailed the various incident response tasks carried out by Sitel after the Lapsus$ hack. [.].

Passwords 70

Passwords Hacking 70

Malwarebytes

AUGUST 18, 2021

DocuSign is a service that allows people to sign documents in the Cloud. Signing documents electronically saves a lot of paper and time. Recipients can check links by hovering their mouse pointer over the document link in the email. If it is an actual DocuSign document it will be hosted at docusign.net.

Phishing 142

Phishing Password Management Passwords Accountability 142

Krebs on Security

JUNE 1, 2023

.” Constella Intelligence , a company that tracks exposed databases, finds that 774748@gmail.com was used in connection with just a handful of passwords, but most frequently the password “ featar24 “ Pivoting off of that password reveals a handful of email addresses, including akafitis@gmail.com. ru in 2008.

Malware 228

Malware Cybercrime Software Antivirus 228

SiteLock

AUGUST 27, 2021

The threat rating was determined using the following metrics: Complexity: LOW: The vectors used to infect websites appear to be well-documented vulnerabilities in older versions of website platforms. Change all database passwords. Change your CMS passwords. Vector: Application Vulnerability, Multiple.

Passwords 52

Passwords Malware Accountability Backups 52

Tech Republic Security

MAY 19, 2020

Learn to secure multiple documents by encrypting compressed files on various OSes using a password.

Encryption 176

Encryption Passwords 176

SC Magazine

MAY 6, 2021

It’s World Password Day, do the company’s users still rely on passwords? Passwords are no longer considered a secure way to log in, so what does the company plan to do about it? While passwords inherently introduce risk into the organization, there are easier and more effective ways the team can protect its crown jewels.

Passwords 54

Passwords Authentication Identity Theft Risk 54

Malwarebytes

JUNE 21, 2022

On June 20, 2022, Malwarebytes Threat Intelligence identified a document that had been weaponized with the Follina (CVE-2022-30190) exploit to download and execute a new.Net stealer first reported by Google. The malicious document. The malicious HTML document. Attackers will grab also passwords from Firefox. db , cert8.db

Passwords 131

Passwords Malware Government 131