Troy Hunt

JANUARY 27, 2018

Plus, of course, the actual infosec stuff from the week namely my new Pluralsight course on creating a security-centric culture. LastPass is sponsoring my blog this week (if you don't already have a password manager, you're doing it wrong!). This week's update is a little late as my Friday was absolutely non-stop in Denmark.

InfoSec 137

InfoSec Password Management Passwords 137

Krebs on Security

DECEMBER 29, 2022

I seem to be doing most of that activity now on Mastodon , which appears to have absorbed most of the infosec refugees from Twitter, and in any case is proving to be a far more useful, civil and constructive place to post such things. For a variety of reasons, I will no longer be sharing these updates on Twitter. ” SEPTEMBER.

Cryptocurrency 295

Cryptocurrency Cybercrime Computers and Electronics Scams 295

Troy Hunt

FEBRUARY 11, 2019

rows of email addresses and passwords in total, but only 1.6B Incidentally, Lorenzo who wrote that Motherboard piece is a top-notch infosec journo I've worked with many times before and he reported accurately in that piece.) The exposed data included email addresses and passwords stored as salted MD5 hashes. There were 2.7B

Passwords 234

Passwords Data breaches Media InfoSec 234

CyberSecurity Insiders

FEBRUARY 3, 2022

Keeper is the leading provider of zero-trust and zero-knowledge security and encryption software covering enterprise password management, role-based access control, event tracking, dark web monitoring, secure file storage, secrets management and encrypted messaging.

Password Management 80

Password Management Passwords Encryption Data breaches 80

SiteLock

AUGUST 27, 2021

One year ago in February, the major eBay hack was in progress, eventually resulting in over 233 million passwords being stolen. 10 Million Passwords Leaked Online. Security consultant Mark Burnett leaked 10 million usernames and passwords online through his personal blog last week, in a very risky move. Worst Passwords of 2014.

Passwords 95

Passwords Cybersecurity Internet Internet 95

SecureWorld News

APRIL 17, 2022

As a simple example, consider the idea of passwords. It was once the case that passwords were a cornerstone of the role of humans in cybersecurity. You would choose a password that only you knew, and without that password, no one could get access to your account. There is also the idea of password management software.

Cybersecurity 96

Cybersecurity Passwords Technology Password Management 96

Security Affairs

MARCH 13, 2023

More at: [link] #cybersecurity #InfoSec #VulnerabilityManagement pic.twitter.com/hNwDHFaPtt — CISA Cyber (@CISACyber) March 10, 2023 “This issue allowed an attacker with access to the server administrator’s Plex account to upload a malicious file via the Camera Upload feature and have the media server execute it. .”

Media 98

Media InfoSec Password Management Engineering 98

Thales Cloud Protection & Licensing

OCTOBER 24, 2019

These guidelines should include the following: Set up a Strong Password Policy. One of the most common ways by which malicious actors perpetrate account takeover (ATO) fraud is via password brute forcing attacks. Infosec personnel should also help employees store those passwords safely such as via the use of a password manager.

Security Awareness 83

Security Awareness InfoSec Passwords Accountability 83

Security Boulevard

JANUARY 26, 2023

Aviv – ‘Why Users (Don’t) Use Password Managers at a Large Educational Institution’ appeared first on Security Boulevard. Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Security ’22 Conference content on the organization’s’ YouTube channel. Munyendo, Michelle L. Mazurek, Adam J.

Password Management 40

Password Management Education Passwords InfoSec 40

Security Affairs

MAY 7, 2021

HideezKey- This is a deep-dive into a nice concept for a security token & password manager that turned into a horrible product due to lack of proper R&D and Threat Modeling. The Cloud Password that allows to login on Hideez’s website, Laptop’s credentials, Website login user and password are ALL IN PLAINTEXT!

Firmware 106

Firmware Passwords Password Management Encryption 106

CyberSecurity Insiders

APRIL 8, 2022

In honor of the day coming up on April 12, I spoke to the below industry experts on how both individuals and organizations can strengthen identity management all year round. Those steps can become overwhelming for small businesses with staff shortages, small budgets or limited time.

Small Business 118

Small Business InfoSec Password Management Data breaches 118

CyberSecurity Insiders

APRIL 21, 2021

Most home users have their computer configuration set to allow full access to everything once a password is entered. Every information security professional has been on the receiving end of a frustrated person who does not understand the reasons for password complexity. The InfoSec Perspective. Beyond The Yes And No.

Passwords 89

Passwords Information Security Engineering Authentication 89

The Security Ledger

MAY 8, 2019

Also: we continue our series on life after the password by speaking to Ian Paterson, the CEO of behavioral authentication vendor Plurilock. Also: we continue our series on life after the password by speaking to Ian Paterson, the CEO of behavioral authentication vendor Plurilock. The Persistence of Passwords.

Passwords 40

Passwords Password Management Authentication InfoSec 40

Troy Hunt

JANUARY 10, 2018

This is poor form as it can break tools that encourage good security practices such as password managers. Let them paste passwords! But just as the entire premise of this post was that infosec is a spectrum of controls, so too are the reasons that Aadhaar exists; some of them are very good reasons, others, probably not so much.

Hacking 279

Hacking Government Encryption Risk 279

Daniel Miessler

FEBRUARY 1, 2020

And the media doesn’t help either, not to mention InfoSec marketing departments. As far as they’re concerned, if you don’t say the name of your password manager 7 times before bed the Dark Web will haunt your closet. People talk about it like it’s the Internet Demogorgon.

Advertising 103

Advertising InfoSec Password Management Education 103

Security Boulevard

SEPTEMBER 5, 2022

Popular password manager LastPass announced that some of their source code was stolen, but that no customer passwords were compromised in a recent data breach disclosure, an Israeli researcher has discovered a new method to exfiltrate data from air-gapped systems using the LED indicators on network cards, and details about the Twitter whistleblower (..)

Data breaches 52

Data breaches Password Management Passwords Data privacy 52

Security Through Education

JANUARY 18, 2023

Use strong passwords, and ideally a password manager to generate and store unique passwords. Update your software. Turn on automatic updates. Think before you click. More than 90% of successful cyber-attacks start with a phishing email.

Cybersecurity 98

Cybersecurity Social Engineering Scams IoT 98

Digital Shadows

OCTOBER 23, 2024

Figure 3: Scattered Spider attack timeline Social Engineering: Fool Me Once, Fool Me Twice To gain initial access to the target network, the threat actor called the organization’s IT help desk and persuaded staff to reset the CFO’s account password. This isn’t the first time we’ve seen Scattered Spider target password managers.

Social Engineering 122

Social Engineering Engineering Accountability Backups 122

ForAllSecure

MARCH 24, 2021

Anyway I was testing this suite when I happened to randomly strike two keys -- I think it was control and B -- and up popped the password manager, displaying all my test passwords in the clear. Thing was, the manager required its own password, which I had not entered; remember, I had hit only two keys.

Software 52

Software Passwords Internet Internet 52

ForAllSecure

MARCH 24, 2021

Anyway I was testing this suite when I happened to randomly strike two keys -- I think it was control and B -- and up popped the password manager, displaying all my test passwords in the clear. Thing was, the manager required its own password, which I had not entered; remember, I had hit only two keys.

Software 52

Software Passwords Internet Internet 52

Threatpost

NOVEMBER 25, 2020

Reducing the risks of remote work starts with updating the access policies of yesterday.

Risk 94

Risk Password Management Passwords InfoSec 94

eSecurity Planet

APRIL 20, 2021

Manages permissions. Maintained by infosec teams. Manages identifying information. Also Read: How to Prevent Password Encryption Exploits. Also Read: Best Password Management Software & Tools. The below table touches on the critical differences: Authorization (OAuth). Authentication (OpenID Connect).

Authentication 75

Authentication Mobile Accountability Encryption 75

Digital Shadows

OCTOBER 23, 2024

Figure 3: Scattered Spider attack timeline Social Engineering: Fool Me Once, Fool Me Twice To gain initial access to the target network, the threat actor called the organization’s IT help desk and persuaded staff to reset the CFO’s account password. This isn’t the first time we’ve seen Scattered Spider target password managers.

Social Engineering 52

Social Engineering Engineering Accountability Backups 52

Security Boulevard

OCTOBER 13, 2024

In the milestone 350th episode of the Shared Security Podcast, the hosts reflect on 15 years of podcasting, and the podcast’s evolution from its beginnings in 2009. They discuss the impact of a current hurricane on Florida, offering advice on using iPhone and Android satellite communication features during emergencies.

Cybersecurity 64

Cybersecurity Password Management Passwords Media 64

Malwarebytes

APRIL 1, 2021

Passwords are a hot topic on social media at the moment, due to the re-emergence of a discussion about good password management practices. There’s a wealth of password management options available, some more desirable than others. The primary recommendation online is usually a software-based management tool.

Passwords 138

Passwords Internet Internet Password Management 138

ForAllSecure

MARCH 1, 2022

Vamosi: Within InfoSec there's an informal use of AppSec as well. Don't use familiar passwords seriously. If you want nothing to connect back to you choose an entirely new set of passwords. In the book Kevin recommends using a password manager; that way your new identity has its own set of passwords.

Hacking 52

Hacking Mobile Cryptocurrency VPN 52

eSecurity Planet

DECEMBER 3, 2021

Normally account take overs are due to insecure passwords or recovery options, this is definitely something different. How to screen for natural infosec talent: Ask for a worst case scenario for any common situation. Street is an industry-respected speaker and analyst and currently is the VP of InfoSec for SphereNY.

Accountability 139

Accountability Cybersecurity Penetration Testing InfoSec 139

Troy Hunt

DECEMBER 10, 2019

So why doesn't every site take away the ability for people to choose their own passwords? Why not just generate the password for them thus completely eradicating password reuse? It doesn't matter who generated the password. passwords ?? But how relevant is this criticism when the passwords are system-generated?

Passwords 200

Passwords Password Management Accountability Authentication 200