Krebs on Security

MAY 7, 2022

Apple , Google and Microsoft announced this week they will soon support an approach to authentication that avoids passwords altogether, and instead requires users to merely unlock their smartphones to sign in to websites or online services. Image: Blog.google.

Passwords 237

Passwords Authentication Phishing Cloud 237

Krebs on Security

MAY 19, 2020

In January 2019, dozens of media outlets raised the alarm about a new “megabreach” involving the release of some 773 million stolen usernames and passwords that was breathlessly labeled “the largest collection of stolen data in history.” By far the most important passwords are those protecting our email inbox(es).

Passwords 340

Passwords Authentication Sales Data breaches 340

The Last Watchdog

FEBRUARY 3, 2022

I currently have over 450 accounts that use passwords combined with a variety of two-factor authentication methods. Related: How the Fido Alliance enables password-less authentication. I don’t know every password; indeed, each password is long, complex and unique. Sharing protocols.

Authentication 235

Authentication Blockchain Passwords Access 235

The Last Watchdog

DECEMBER 6, 2021

For IT leaders, passwords no longer cut it. Related: IT pros support passwordless access. This traditional authentication method is challenging to get rid of, mostly because it’s so common. Every new account you sign up for, application you download, or device you purchase requires a password. Lowering password use.

Authentication 251

Authentication Passwords Cloud Phishing 251

Data Breach Today

SEPTEMBER 11, 2023

Honeypot Hits Reinforce Need for Strong Passwords and Multifactor Authentication Honeypot data collected by CISO Jesse La Grew highlights how attackers continue to target default usernames - including for SSH - together with weak passwords to gain brute force remote access to their targets.

Honeypots 317

Honeypots Passwords Data collection Authentication 317

Security Affairs

JANUARY 29, 2024

A flaw in Microsoft Outlook can be exploited to access NTLM v2 hashed passwords by tricking users into opening a specially crafted file. NTLMv2, which stands for NT LAN Manager version 2, is an authentication protocol used in Microsoft Windows networks. Microsoft added the option to block outgoing NTLM authentication.

Passwords 114

Passwords Authentication Access Security 114

The Last Watchdog

MAY 26, 2021

We celebrated World Password Day on May 6, 2021. Every year, the first Thursday in May serves as a reminder for us to take control of our personal password strategies. Passwords are now an expected and typical part of our data-driven online lives. Passwords are now an expected and typical part of our data-driven online lives.

Passwords 182

Passwords Security Authentication Paper 182

Krebs on Security

AUGUST 5, 2019

If you bank online and choose weak or re-used passwords, there’s a decent chance your account could be pilfered by cyberthieves — even if your bank offers multi-factor authentication as part of its login process. Crooks are constantly probing bank Web sites for customer accounts protected by weak or recycled passwords.

Passwords 248

Passwords Risk Authentication Phishing 248

The Security Ledger

NOVEMBER 1, 2022

Six decades in, password use has tipped into the absurd, while two-factor authentication is showing its limits. We talk with Matt Salisbury of Honeybadger HQ, which is using AI and machine learning to re-imagine knowledge-based authentication. 60 years in, passwords at a breaking point. Read the whole entry. »

Authentication 98

Authentication Passwords Security Access 98

eSecurity Planet

AUGUST 19, 2022

One new tactic hackers have been using is to steal cookies from current or recent web sessions to bypass multi-factor authentication (MFA). Even cloud infrastructures rely on cookies to authenticate their users. Browsers allow users to maintain authentication, remember passwords and autofill forms.

Authentication 142

Authentication Passwords Encryption Cybersecurity 142

eSecurity Planet

MAY 4, 2023

In a major move forward for passwordless authentication, Google is introducing passkeys across Google Accounts on all major platforms. ” Google’s move will make passkeys an additional verification option alongside passwords and two-factor verification. .'” Step 2: Yeet the password.”

Authentication 93

Authentication Passwords Phishing Access 93

eSecurity Planet

JUNE 30, 2022

CISA noted that Basic authentication is simple and pretty convenient but unsecured by design. Basic Auth exposes servers and other endpoints to MITM (Man In The Middle) and password spraying attacks. Basic Auth exposes servers and other endpoints to MITM (Man In The Middle) and password spraying attacks. Click Save.

Authentication 110

Authentication Libraries Cloud Passwords 110

Security Affairs

SEPTEMBER 7, 2022

In the digital age, authentication is paramount to a strong security strategy. Which are the challenges of user authentication? In the digital age, authentication is paramount to a strong security strategy. End users require access to business networks and applications from mobile workspaces. User Authentication.

Authentication 95

Authentication Passwords Risk Education 95

Security Affairs

AUGUST 31, 2023

Cisco is aware of attacks conducted by Akira ransomware threat actors targeting Cisco ASA VPNs that are not configured for multi-factor authentication. “This highlights the importance of enabling multi-factor authentication (MFA) in VPN implementations. . ” reads a post published by Cisco PSIRT.

Authentication 112

Authentication Ransomware Access Education 112

Security Affairs

MAY 2, 2024

Threat actors breached the Dropbox Sign production environment and accessed customer email addresses and hashed passwords Cloud storage provider DropBox revealed that threat actors have breached the production infrastructure of the DropBox Sign eSignature service and gained access to customer information and authentication data.

Authentication 98

Authentication Passwords Access Phishing 98

The Last Watchdog

APRIL 7, 2021

Passwordless authentication as a default parameter can’t arrive too soon. That’s the upshot of a new report, The State of Passwordless Security 2021 , put out by HYPR , a New York City-based supplier of advanced authentication systems. 1 use case is remote access.”. Related: Top execs call for facial recognition to be regulated.

Authentication 147

Authentication Digital transformation IT Passwords 147

Krebs on Security

AUGUST 1, 2018

Reddit.com today disclosed that a data breach exposed some internal data, as well as email addresses and passwords for some Reddit users. Reddit said the exposed data included internal source code as well as email addresses and obfuscated passwords for all Reddit users who registered accounts on the site prior to May 2007.

Authentication 192

Authentication Passwords Phishing Data breaches 192

Security Affairs

SEPTEMBER 15, 2021

Microsoft announced that users can access their consumer accounts without providing passwords and using more secure authentication methods. “One of our recent surveys found that 15 percent of people use their pets’ names for password inspiration. SecurityAffairs – hacking, passwordless authentication).

Authentication 96

Authentication Passwords Phishing Compliance 96

Krebs on Security

JANUARY 7, 2020

Late last year saw the re-emergence of a nasty phishing tactic that allows the attacker to gain full access to a user’s data stored in the cloud without actually stealing the account password. The phishing lure starts with a link that leads to the real login page for a cloud email and/or file storage service. Image: Phishlabs.

Passwords 237

Passwords Phishing Authentication Access 237

eSecurity Planet

AUGUST 22, 2023

Remote access security is critical for protecting increasingly distributed work environments, ensuring that only authorized users can access your valuable information regardless of their location. We’ll cover a range of best practices for remote access security, from the simple and the practical to the more advanced.

Access 84

Access Security Passwords Blockchain 84

The Last Watchdog

NOVEMBER 11, 2020

As a tradeoff for enjoying our digital lives, we’ve learned to live with password overload and even tolerate two-factor authentication. But now, at long last, we’re on the brink of eliminating passwords altogether, once and for all. Password tradeoffs Passwords have always been a big pain.

Authentication 153

Authentication Passwords Security Access 153

eSecurity Planet

MAY 22, 2023

Security researchers recently published a paper detailing an attack they say can be used to bypass smartphone fingerprint authentication. An attack like BrutePrint could present a significant threat to passkeys , an increasingly popular way to replace passwords with authentication methods like fingerprint authentication or face recognition.

Authentication 107

Authentication Encryption Passwords Manufacturing 107

Krebs on Security

JUNE 28, 2019

says it will soon force all Cloud Solution Providers (CSPs) that help companies manage their Office365 accounts to use multi-factor authentication. Microsoft says customers can remove that administrative access if they don’t want or need the partner to have access after the initial setup.

Authentication 223

Authentication Cloud Data breaches Access 223

Schneier on Security

DECEMBER 15, 2020

This is interesting : Toward the end of the second incident that Volexity worked involving Dark Halo, the actor was observed accessing the e-mail account of a user via OWA. Logs from the Exchange server showed that the attacker provided username and password authentication like normal but were not challenged for a second factor through Duo.

Authentication 135

Authentication Passwords Access IT 135

Rocket Software

MAY 15, 2020

On May 7, IT and technology businesses around the world celebrated World Password Day, a day meant to remind everyone of the importance of keeping personal and business data protected and secure. Passwords used to be simple to secure: you had to create a username and a unique password, and that was essentially it.

Authentication 52

Authentication Passwords Security Access 52

Krebs on Security

SEPTEMBER 13, 2023

USDoD claimed they grabbed the data by using passwords stolen from a Turkish airline employee who had third-party access to Airbus’ systems. By stealing these tokens, attackers can often reuse them in their own web browser, and bypass any authentication normally required for that account. Microsoft Corp.

Passwords 281

Passwords Authentication Sales Data breaches 281

The Last Watchdog

NOVEMBER 19, 2023

As the companies face nine federal lawsuits for failing to protect customer data, it’s abundantly clear hackers have checkmated multi-factor authentication (MFA). But the coup de gras was how easily they brushed aside the multi-factor authentication protections. How they steamrolled multi-factor authentication is a reason for pause.

Passwords 310

Passwords Authentication Cybersecurity Ransomware 310

The Security Ledger

JANUARY 9, 2020

Weak, stolen or reused passwords are the root of 8 in 10 data breaches. Fixing the data breach problem means abandoning passwords for something more secure. But what does passwordless authentication even look like? Yaser Masoudnia, the Senior Director Product Management, Identity Access Management, at LogMeIn* takes us there.

Passwords 98

Passwords Data breaches Authentication Risk 98

Security Affairs

NOVEMBER 2, 2022

Dropbox disclosed a security breach, threat actors gained unauthorized access to 130 of its source code repositories on GitHub. File hosting service Dropbox announced that threat actors gained unauthorized access to 130 of its source code repositories on GitHub. ” reads the advisory published by the company. Pierluigi Paganini.

Access 121

Access Phishing Authentication Passwords 121

Security Affairs

AUGUST 24, 2022

The streaming media platform Plex is urging its users to reset passwords after threat actors gained access to its database. The company disclosed a data breach after threat actors have access to a limited subset of data stored in a compromised database. Exposed data includes emails, usernames, and encrypted passwords.

Data breaches 107

Data breaches Passwords Encryption Access 107

eSecurity Planet

AUGUST 21, 2023

Secure remote access protects remote business communications that are otherwise susceptible to network and remote protocol exploits. Remote access plays an important role for businesses with remote workforces, geographically disparate branch offices, and limited technical resources. Read more about the different types of remote access.

Access 97

Access Security Passwords Cybersecurity 97

The Last Watchdog

DECEMBER 19, 2022

Initial access brokers (IABs) play an increasingly central role in this cyber underworld. They search for weak points and perform the challenging, technically demanding work of breaking past an organization’s security, then offer access to the victim to the highest bidder. IABs can gain this access through many different means.

Access 124

Access Ransomware Digital transformation Cybersecurity 124

IT Governance

MAY 5, 2022

“My password was hacked”: it’s one of the oldest excuses in the book for people who post something regrettable online. All of us have dozens of accounts that are only one password breach away from compromising sensitive information. It’s why the tech giant Intel created World Password Day, which is celebrated on 5 May 2022.

Passwords 105

Passwords Authentication Data breaches Security 105

Krebs on Security

JANUARY 21, 2022

The site says it sells “cracked” accounts, or those that used passwords which could be easily guessed or enumerated by automated tools. One example is Genesis Market , where customers can search for stolen credentials and authentication cookies from a broad range of popular online destinations. The Genesis bot shop.

Authentication 285

Authentication Passwords Sales Access 285

Security Affairs

AUGUST 6, 2022

Slack is resetting passwords for approximately 0.5% of its users after a bug exposed salted password hashes when users created or revoked a shared invitation link for their workspace. Slack announced that it is resetting passwords for about 0.5% The post Slack resets passwords for about 0.5% Pierluigi Paganini.

Passwords 92

Passwords IT Encryption Authentication 92

Security Affairs

MARCH 11, 2024

Researchers released technical specifics and a PoC exploit for a recently disclosed flaw in Progress Software OpenEdge Authentication Gateway and AdminServer. ” The vulnerability CVE-2024-1403 (CVSS score 10) is an authentication bypass issue that impacts OpenEdge versions 11.7.18 If a match occurs, authentication is granted.

Authentication 114

Authentication Passwords Libraries Access 114

Krebs on Security

APRIL 4, 2023

Several domain names tied to Genesis Market , a bustling cybercrime store that sold access to passwords and other data stolen from millions of computers infected with malicious software, were seized by the Federal Bureau of Investigation (FBI) today. ” The Genesis Store had more than 450,000 bots for sale as of Mar.

Marketing 336

Marketing Passwords Authentication Access 336