Information Security, InfoSec and Passwords

Advanced Persistent Teenagers, Okta Bug Allowed Logins Without a Correct Password

Security Boulevard

NOVEMBER 10, 2024

The episode also covers a notable Okta vulnerability that allowed someone to login without […] The post Advanced Persistent Teenagers, Okta Bug Allowed Logins Without a Correct Password appeared first on Shared Security Podcast.

Passwords

Passwords Cybersecurity Data privacy Data breaches

LastPass Master Passwords, New Cars and Your Privacy, Amazon Alexa Lethal Challenge

Security Boulevard

JANUARY 2, 2022

LastPass users received emails about their master passwords being compromised, details about the privacy policies of new cars, and a story about an Amazon Echo that proposed a lethal challenge to a ten-year-old girl. ** Links mentioned on the show ** Log4j 2.17.1 out now, fixes new remote code execution bug [link] If any person […].

Passwords

Passwords IoT InfoSec Technology

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

The Last Watchdog

JANUARY 28, 2019

Worldwide spending on information security products and services rose to $114 billion in 2018, up from $102 billion in 2017, an increase of 12.4 Through the course of this year, Gartner forecasts that the infosec market will climb 9 percent to $124 billion. Use a password manager. Secure your phone.

Passwords

Passwords Password Management Antivirus Internet

Password Managers Under Attack, Shady Reward Apps on Google Play, Meta Account Center 2FA Bypass

Security Boulevard

FEBRUARY 5, 2023

The attacks on password managers and their users continue as Bitwarden and 1Password users have reported seeing paid ads for phishing sites in Google search results for the official login page of the password management vendors.

Password Management

Password Management Passwords Accountability Phishing

BSides Huntsville 2021 – Steven Kirby’s ‘Requiem For The Password’

Security Boulevard

MARCH 17, 2021

Many thanks to BSides Huntsville 2021 for publishing their tremendous conference videos on the organization's YouTube channel; a great BSides, don't miss this 10-video infosec event. The post BSides Huntsville 2021 – Steven Kirby’s ‘Requiem For The Password’ appeared first on Security Boulevard.

Passwords

Passwords InfoSec Education Information Security

2018 Retrospective

Troy Hunt

JANUARY 3, 2019

Of the ones I can talk about, they included: Microsoft in Copenhagen: Thanks @troyhunt , fun and interesting talk in copenhagen today #happyaussieday #infosec #haveibeenpwned pic.twitter.com/vrNQNb6Po5 — Finn Strand (@finnstrand) January 26, 2018. SSW in Sydney: How safe is your #password ?! troyhunt is here to help.

Passwords

Passwords Technology Government InfoSec

Cryptocurrency exchange BuyUcoin hacked, data of 325K+ users leaked

Security Affairs

JANUARY 25, 2021

A new incident involving a cryptocurrency exchange made the headlines, the India-based cryptocurrency exchange suffered a security incident, threat actors leaked sensitive data of 325K users on the Dark Web. Again didn't informed to affected users by company. Please Inform your users Right Now. You leaked my own data too.

Cryptocurrency

Cryptocurrency Hacking InfoSec Data breaches

Veridium Named Winner in the Coveted Global InfoSec Awards During RSA Conference 2021

CyberSecurity Insiders

MAY 22, 2021

NEW YORK–( BUSINESS WIRE )– Veridium , a leading developer of frictionless, passwordless authentication solutions, is proud to announce that it’s won the 2021 Global InfoSec Award in the category of Next-Gen in Passwordless Authentication. “We More information can be found here: www.cyberdefenseawards.com/.

InfoSec

InfoSec B2C B2B Authentication

Hotarus Corp gang hacked Ecuador’s Ministry of Finance and Banco Pichincha

Security Affairs

FEBRUARY 27, 2021

An alleged member of the @HotarusCorp leaked on a hacking forum a link to a file containing 6500 records (Email, Identity Card numbers, and passwords) that claims to Ministry of Finance. breach #infosec #deepwebnews @FinanzasEc @EcuCERT_EC pic.twitter.com/WTbXz8EYLx — Security Chronicle (@SecurChronicle) February 23, 2021. .

Hacking

Hacking Banking Ransomware InfoSec

Authy Breach: What It Means for You, RockYou 2024 Password Leak

Security Boulevard

JULY 14, 2024

We also explore a massive password list leak titled ‘Rock You 2024’ that has surfaced online. Find out why this file may not be as significant as it seems and the importance of avoiding password reuse. […] The post Authy Breach: What It Means for You, RockYou 2024 Password Leak appeared first on Shared Security Podcast.

Passwords

Passwords Authentication Social Engineering Data privacy

BSides Vancouver 2021 – Chris Timmons’s ‘So You Cracked A Bunch Of Passwords. Now What?’

Security Boulevard

JULY 22, 2021

The post BSides Vancouver 2021 – Chris Timmons’s ‘So You Cracked A Bunch Of Passwords. ’ appeared first on Security Boulevard. Our thanks to BSides Vancouver for publishing their outstanding BSides Vancouver 2021 Conference videos on the groups' YouTube channel.

Passwords

Passwords Education InfoSec Information Security

Records of 45 million+ travelers to Thailand and Malaysia surfaced in the darkweb

Security Affairs

JULY 13, 2020

Records of 45 Million+ travelers to Thailand and Malaysia Leaked on #Darkweb (Blog Link) [link] #infosec #leaks #CyberSecurity pic.twitter.com/zHOujQ8CMm — Cyble (@AuCyble) July 12, 2020. The huge trove of data was discovered by the researchers during their regular Deepweb and Darkweb monitoring activity.

Mobile

Mobile InfoSec Data breaches Advertising

Kia Security Flaw Exposed, NIST’s New Password Guidelines

Security Boulevard

OCTOBER 6, 2024

Also covered are NIST’s updated password guidelines, eliminating complexity rules and […] The post Kia Security Flaw Exposed, NIST’s New Password Guidelines appeared first on Shared Security Podcast. The post Kia Security Flaw Exposed, NIST’s New Password Guidelines appeared first on Security Boulevard.

Passwords

Passwords Authentication Data privacy Cyber threats

HP Device Manager flaws expose Windows systems to hack

Security Affairs

OCTOBER 4, 2020

The vulnerabilities have been reported to HP by the infosec researchers Nick Bloor, an attacker could chain the three issues to achieve SYSTEM privileges on targeted devices and potentially take over them. The IT giant revealed that an attacker could exploit the vulnerabilities to take over Windows systems.

Hacking

Hacking Accountability Passwords InfoSec

Bot list with Telnet credentials for more than 500,000 servers and IoT devices leaked online

Security Affairs

JANUARY 19, 2020

This is the biggest leak of Telnet passwords even reported. The list includes the IP address, username and password for the Telnet service for each device. The list appears to be the result of an Internet scan for devices using default credentials or easy-to-guess passwords. ” reported ZDNet. ” reported ZDNet.

IoT

IoT DDOS InfoSec Internet

Evolving Identity: Why Legacy IAM May Not Be Fit for Purpose

CyberSecurity Insiders

APRIL 21, 2021

As an information security professional, you are aware that identity management is a very important part of the security landscape. To the modern information security practitioner, it must do both at the same time. Quite often, the information security professional has experienced this frustration too.

Passwords

Passwords Information Security Engineering Authentication

Ecuador’s Banco Pichincha has yet to recover after recent cyberattack

Security Affairs

OCTOBER 17, 2021

An alleged member of the @HotarusCorp leaked on a hacking forum a link to a file containing 6500 records (Email, Identity Card numbers, and passwords) that claims to Ministry of Finance. breach #infosec #deepwebnews @FinanzasEc @EcuCERT_EC pic.twitter.com/WTbXz8EYLx — Security Chronicle (@SecurChronicle) February 23, 2021.

Banking

Banking InfoSec Cyber Attacks Cybercrime

Hackers Could Cause ‘Fake Earthquakes’ by Exploiting Vulnerable Seismic Equipment, Researchers Warn

Hot for Security

FEBRUARY 16, 2021

Because modern seismic stations are now implemented as an Internet-of-Things (IoT) station – and just as insecure as any other IoT device – Samios and his colleagues were able to identify threats to the equipment that infosec pros typically find in common IoT gear, from smart doorbells to security cams.

IoT

IoT InfoSec Data collection Encryption

Expert discloses 4 zero-days in IBM Data Risk Manager

Security Affairs

APRIL 21, 2020

A security researcher disclosed details of four zero-day flaws impacting an IBM security product after the IT giant refused to address them. The latest version Agile InfoSec has access to is 2.0.3, ” the expert wrote on GitHub. “At the time of disclosure, it is unclear if the latest version 2.0.6

Risk

Risk Authentication InfoSec Advertising

Social Media Warning Labels, Should You Store Passwords in Your Web Browser?

Security Boulevard

JUNE 23, 2024

In this episode of the Shared Security Podcast, the team debates the Surgeon General’s recent call for social media warning labels and explores the pros and cons. Scott discusses whether passwords should be stored in web browsers, potentially sparking strong opinions. appeared first on Shared Security Podcast.

Media

Media Passwords Data privacy InfoSec

Charting a Course to Zero Trust Maturity: 5 Steps to Securing User Access to Apps

Duo's Security Blog

OCTOBER 6, 2023

For example, outcomes like adapting to external events, creating a security culture, and cost-effective programs, all improve when organizations make progress towards zero trust security (based on survey responses from 4,751 active information security and privacy professionals from 26 countries).

Authentication

Authentication Risk Social Engineering InfoSec

Netflix Cracks Down on Password Sharing, AI Legal Research Gone Wrong, Fake Identities and Surveillance Firms

Security Boulevard

JUNE 4, 2023

Netflix plans to crack down on the widespread practice of password sharing among households. We discuss their new verification feature and its impact on user experience and security. A lawyer finds himself in hot water after relying on ChatGPT for legal research.

Surveillance

Surveillance Passwords Data privacy InfoSec

Anonymous Sudan launched a DDoS attack against Telegram

Security Affairs

SEPTEMBER 12, 2023

cybersecurity #infosec pic.twitter.com/ZvqtEUTBQn — CyberKnow (@Cyberknow20) September 9, 2023 The attack on Telegram does not appear to be politically motivated like other offensives conducted by the hacker group. Its these type of spiteful, vengeful attacks that put doubt on the state controlled narrative of the group.

DDOS

DDOS Accountability InfoSec Hacking

Oscorp, a new Android malware targets Italian users

Security Affairs

JANUARY 28, 2021

Researchers from security firm AddressIntel spotted a new Android malware dubbed Oscorp , its name comes from the title of the login page of its command-and-control server. When the user opens one of the apps targeted by Oscorp, the malicious code will display a phishing page that asks him to provide a username and password.

Malware

Malware Phishing InfoSec Cryptocurrency

Spotlight on Cybersecurity Leaders: Bill Bowman

SecureWorld News

FEBRUARY 26, 2024

Bill Bowman, CISSP, CIPM, is the Chief Information Security Officer & Data Privacy Officer at financial software company Emburse. A : When I was with Bright Horizons, many top-tier clients demanded InfoSec competence. A : Eliminate passwords. I learned from them. A : Bad actors building Zero Days for us.

Cybersecurity

Cybersecurity CISO InfoSec Risk

People-Centric Security (or Bottoms-Up)

Security Boulevard

NOVEMBER 17, 2022

Data is, or at least should be, the lifeblood of an effective information security program. One source of data that is typically missing from an infosec program is user, or employee driven data. Data is, or at least should be, the lifeblood of an effective information security program.

InfoSec

InfoSec Passwords Information Security Risk

Cisco was hacked by the Yanluowang ransomware gang

Security Affairs

AUGUST 10, 2022

The user had enabled password syncing via Google Chrome and had stored their Cisco credentials in their browser, enabling that information to synchronize to their Google account.” cybersecurity #infosec #ransomware pic.twitter.com/kwrfjbwbkT — CyberKnow (@Cyberknow20) August 10, 2022.

Ransomware

Ransomware Hacking VPN Phishing

Episode 145: Veracode CTO Chris Wysopal and Life After Passwords with Plurilock

The Security Ledger

MAY 8, 2019

In this week’s episode, #145 Veracode CTO Chris Wysopal joins us to talk about the early days of the information security industry with L0pht and securing software supply chains. Also: we continue our series on life after the password by speaking to Ian Paterson, the CEO of behavioral authentication vendor Plurilock.

Passwords

Passwords Password Management Authentication InfoSec

MOVEit Cyberattack, The Problem with Password Rotations, Military Alert on Free Smartwatches

Security Boulevard

JULY 2, 2023

Is it better to change passwords regularly or focus on creating complex ones? We discuss the […] The post MOVEit Cyberattack, The Problem with Password Rotations, Military Alert on Free Smartwatches appeared first on Shared Security Podcast.

Passwords

Passwords Data privacy Data breaches Security Awareness

Spotlight on Cybersecurity Leaders: Randy Raw

SecureWorld News

MARCH 31, 2022

He is the Chief Information Security Officer at Veterans United Home Loans in Columbia, Missouri. He has more than 25 years of experience in both public entities and private industry, having built several Information Security programs from the ground up. In this installment, we introduce you to Randy Raw.

Cybersecurity

Cybersecurity InfoSec Authentication DDOS

Uber Breach Guilty Verdict, Mandatory Password Expiration, Fake Executive Profiles on LinkedIn

Security Boulevard

OCTOBER 16, 2022

Former Uber CSO Joe Sullivan was found guilty of obstructing a federal investigation in connection with the attempted cover-up of a 2016 hack at Uber, NIST and Microsoft say that mandatory password expiration is no longer needed but many organizations are still doing it, and how fake executive profiles are becoming a huge problem for […].

Passwords

Passwords CSO Hacking Accountability

Threat actors found a way to bypass mitigation F5 BIG-IP CVE-2020-5902 flaw

Security Affairs

JULY 8, 2020

infosec #CVE pic.twitter.com/IqmtfZ8WER — TeamAres (@TeamAresSec) July 7, 2020. ” Threat actors exploited the CVE-2020-5902 flaw to obtain passwords, create web shells, and infect systems with various malware. If you are relying on mitigations for CVE-2020-5902 we highly recommend that you patch.

InfoSec

InfoSec Advertising Government Healthcare

Everest gang demands $200K for data stolen from South Africa state-owned electricity company ESKOM

Security Affairs

OCTOBER 9, 2022

Eskom_SA #cybersecurity #infosec pic.twitter.com/clUC6hKdSN — Dominic Alvieri (@AlvieriD) October 8, 2022. The ransomware gang is offering a package including servers with administrator, root, sysadmin passwords for Linux and Windows servers, and more. Government of the Republic of South Africa owned utility ESKOM Hld SOC Ltd.

Energy and Utilities

Energy and Utilities Ransomware InfoSec Hacking

An initial access broker claims to have hacked Deutsche Bank

Security Affairs

NOVEMBER 11, 2022

We can provide VDI & VPN + all passwords of domain dump (with DA usr’s) Their funds is in B$ Price 7.5BTC We will request for proof that one can afford to avoid time wasters etc…” reads the announcement. Breaking Deutsche Bank allegedly breached and for sale by the same access broker that sold access to Medibank.

Banking

Banking Hacking InfoSec Insurance

CISA adds Plex Media Server bug, exploited in LastPass attack, to Known Exploited Vulnerabilities Catalog

Security Affairs

MARCH 13, 2023

More at: [link] #cybersecurity #InfoSec #VulnerabilityManagement pic.twitter.com/hNwDHFaPtt — CISA Cyber (@CISACyber) March 10, 2023 “This issue allowed an attacker with access to the server administrator’s Plex account to upload a malicious file via the Camera Upload feature and have the media server execute it. .”

Media

Media InfoSec Password Management Engineering

The Hacker Mind: Shattering InfoSec's Glass Ceiling

ForAllSecure

MARCH 8, 2023

Booth babes and rampant sexism were more of a problem in infosec in the past. What if you are a woman in information security? I’m Robert Vamosi, and in the episode I’m talking about diversity, equality, and inclusion in information security with one of the industries' most successful examples.

InfoSec

InfoSec Engineering CSO Technology

Analysis of the 2020 Verizon Data Breach Report

Daniel Miessler

MAY 19, 2020

Verizon’s Breach Report is one of the best infosec reports out there, and I’m always excited when I hear it’s been released. The top malware type is Password Dumper, because it really is about getting those creds. He looks at the key findings and talks about what they might mean to us going forward.

Data breaches

Data breaches Phishing Malware Hacking

DEF CON 29 Cloud Village – Karl Fosaaen’s ‘Extracting All The Azure Passwords’

Security Boulevard

SEPTEMBER 24, 2021

The post DEF CON 29 Cloud Village – Karl Fosaaen’s ‘Extracting All The Azure Passwords’ appeared first on Security Boulevard. Our thanks to DEFCON for publishing their tremendous DEFCON Conference Cloud Village videos on the groups' YouTube channel.

Passwords

Passwords Education InfoSec Information Security

NBlog Oct 8 - is Facebook an asset?

Notice Bored

OCTOBER 7, 2020

Someone asked whether to add the company's Facebook page to their information asset register (implying that it would need to be risk-assessed and secured using the Information Security Management System processes), or whether the asset should be the Facebook account (ID and password, I guess)**.

InfoSec

InfoSec Risk Banking Marketing

CSO of the Year | Dan Meacham helps Legendary Entertainment’s movie magic live safely in the cloud

SC Magazine

MAY 3, 2021

Dan Meacham is chief information security officer and CSO with Legendary Entertainment, the production company behind Godzilla vs. Kong and other popular films such as The Dark Knight and Jurassic World. If they can pass this authentication process, then they don’t even need a password to log in. Legendary Entertainment).

CSO

CSO InfoSec Media Authentication

The Dark Web Has Nothing on Data Brokers

Daniel Miessler

FEBRUARY 1, 2020

And the media doesn’t help either, not to mention InfoSec marketing departments. As far as they’re concerned, if you don’t say the name of your password manager 7 times before bed the Dark Web will haunt your closet. To regular folks with some basic computer skills, the Dark Web seems like Enemy #1.

InfoSec

InfoSec Advertising Password Management Cybercrime

The cyber skills gap & the diversity debate

Thales Cloud Protection & Licensing

JUNE 25, 2019

Broadly speaking, there has been an increase in the amount of overall investment in the recruitment and retention of information security talent. As organisations work to improve their ability to manage information risk, the importance of having a Chief Information Security Officer (CISO) is also being recognised.

Technology

Technology Small Business InfoSec Cybersecurity

Quantum Computing: A Looming Threat to Organizations and Nation States

SecureWorld News

SEPTEMBER 7, 2023

Director of Information Security, State of Colorado Governor's Office of Information Technology; and Toby Zimmerer, Sr. As for the panel presentation at SecureWorld Denver , it features Edgar Acosta, Experienced Cybersecurity Professional (former CISO at DCP Midstream ); Craig Hurter, Sr. Demand and Delivery Director, Optiv.

Encryption

Encryption Technology Risk Architecture

Cyber CEO: 5 Outdated but Common Cybersecurity Practices You Should Avoid

Herjavec Group

SEPTEMBER 23, 2021

But I would add that it’s not just cybersecurity, but up-to-date cybersecurity – a security strategy that can truly prepare and defend your enterprise against the modern threat landscape. The bygone ways of approaching information security simply won’t cut it today. Keeping all device software updated.

Cybersecurity

Cybersecurity Penetration Testing Digital transformation Risk

Advanced Persistent Teenagers, Okta Bug Allowed Logins Without a Correct Password

LastPass Master Passwords, New Cars and Your Privacy, Amazon Alexa Lethal Challenge

Trending Sources

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

Password Managers Under Attack, Shady Reward Apps on Google Play, Meta Account Center 2FA Bypass

BSides Huntsville 2021 – Steven Kirby’s ‘Requiem For The Password’

2018 Retrospective

Cryptocurrency exchange BuyUcoin hacked, data of 325K+ users leaked

Veridium Named Winner in the Coveted Global InfoSec Awards During RSA Conference 2021

Hotarus Corp gang hacked Ecuador’s Ministry of Finance and Banco Pichincha

Authy Breach: What It Means for You, RockYou 2024 Password Leak

BSides Vancouver 2021 – Chris Timmons’s ‘So You Cracked A Bunch Of Passwords. Now What?’

Records of 45 million+ travelers to Thailand and Malaysia surfaced in the darkweb

Kia Security Flaw Exposed, NIST’s New Password Guidelines

HP Device Manager flaws expose Windows systems to hack

Bot list with Telnet credentials for more than 500,000 servers and IoT devices leaked online

Evolving Identity: Why Legacy IAM May Not Be Fit for Purpose

Ecuador’s Banco Pichincha has yet to recover after recent cyberattack

Hackers Could Cause ‘Fake Earthquakes’ by Exploiting Vulnerable Seismic Equipment, Researchers Warn

Expert discloses 4 zero-days in IBM Data Risk Manager

Social Media Warning Labels, Should You Store Passwords in Your Web Browser?

Charting a Course to Zero Trust Maturity: 5 Steps to Securing User Access to Apps

Netflix Cracks Down on Password Sharing, AI Legal Research Gone Wrong, Fake Identities and Surveillance Firms

Anonymous Sudan launched a DDoS attack against Telegram

Oscorp, a new Android malware targets Italian users

Spotlight on Cybersecurity Leaders: Bill Bowman

People-Centric Security (or Bottoms-Up)

Cisco was hacked by the Yanluowang ransomware gang

Episode 145: Veracode CTO Chris Wysopal and Life After Passwords with Plurilock

MOVEit Cyberattack, The Problem with Password Rotations, Military Alert on Free Smartwatches

Spotlight on Cybersecurity Leaders: Randy Raw

Uber Breach Guilty Verdict, Mandatory Password Expiration, Fake Executive Profiles on LinkedIn

Threat actors found a way to bypass mitigation F5 BIG-IP CVE-2020-5902 flaw

Everest gang demands $200K for data stolen from South Africa state-owned electricity company ESKOM

An initial access broker claims to have hacked Deutsche Bank

CISA adds Plex Media Server bug, exploited in LastPass attack, to Known Exploited Vulnerabilities Catalog

The Hacker Mind: Shattering InfoSec's Glass Ceiling

Analysis of the 2020 Verizon Data Breach Report

DEF CON 29 Cloud Village – Karl Fosaaen’s ‘Extracting All The Azure Passwords’

NBlog Oct 8 - is Facebook an asset?

CSO of the Year | Dan Meacham helps Legendary Entertainment’s movie magic live safely in the cloud

The Dark Web Has Nothing on Data Brokers

The cyber skills gap & the diversity debate

Quantum Computing: A Looming Threat to Organizations and Nation States

Cyber CEO: 5 Outdated but Common Cybersecurity Practices You Should Avoid

Stay Connected