Blog, Education and Passwords - Information Management Today

GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen

The Last Watchdog

OCTOBER 24, 2022

It involves regularly changing passwords and inventorying sensitive data. In addition, educating employees about cybersecurity issues can help to reinforce the security-minded culture of the organization and change employee behaviour. Change passwords regularly. The best practice is to change passwords every 90 days.

Cybersecurity

Cybersecurity Security awareness Passwords Data breaches

American Bar Association (ABA) suffered a data breach,1.4 million members impacted

Security Affairs

APRIL 21, 2023

.” The investigation launched into the incident revealed that that an unauthorized third party obtained usernames and hashed and salted passwords for members’ online accounts on the ABA website prior to 2018 or the ABA Career Center since 2018. According to BleepingComputer, 1,466,000 members were impacted by this breach.

Data breaches

Data breaches Passwords Cybersecurity Education

‘Mother of All Breaches’: 26 BILLION Records Leaked

IT Governance

JANUARY 24, 2024

Data leaks from years ago are still being used today to compromise accounts, telling us that many people don’t change their password after a breach, or even at some regular frequency. This is from a direct perspective – to enable a supply chain attack, for example – but also because of poor password habits.

Passwords

Passwords Data breaches Encryption Risk

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

The Last Watchdog

APRIL 13, 2022

Educate your employees on threats and risks such as phishing and malware. Enforce strong passwords and implement multi-factor authentication (MFA) — by educating users about using a unique password for each account and enforcing higher security for privileged accounts (administrators, root).

Cybersecurity

Cybersecurity Military Passwords Education

GUEST ESSAY: Here’s how and why ‘trust’ presents an existential threat to cybersecurity

The Last Watchdog

DECEMBER 8, 2022

This overconfidence is cause for concern for many cybersecurity professionals as humans are the number one reason for breaches (how many of your passwords are qwerty or 1234five?). Only 28 percent don’t use repeated passwords•Only 20 percent use a password manager. Not using repeated passwords.

Cybersecurity

Cybersecurity Passwords Ransomware Personal data

Password Expiration

Roger's Information Security

SEPTEMBER 1, 2016

FTC Chief Technologist Lorrie Cranor wrote in March it is time to reconsider mandatory password changes. Unless there is reason to believe a password has been compromised or shared, requiring regular password changes may actually do more harm than good in some cases. The prime reason given is users pick bad passwords.

Passwords

Passwords Education Authentication Information Security

FBI: Compromised US academic credentials available on various cybercrime forums

Security Affairs

MAY 27, 2022

The FBI warns organizations in the higher education sector of credentials sold on cybercrime forums that can allow threat actors to access their networks. In May 2021, over 36,000 email and password combinations for.edu email accounts were offered for sale on a publically available instant messaging platform. Pierluigi Paganini.

Sales

Sales Education Phishing Passwords

Atomic macOS Stealer is advertised on Telegram for $1,000 per month

Security Affairs

APRIL 29, 2023

The Atomic macOS Stealer allows operators to can steal various types of information from the infected machines, including Keychain passwords, complete system information, files from the desktop and documents folder, and even the macOS password. The threat actors spread the malware in the form of a ‘.dmg’

Passwords

Passwords Archiving Education Phishing

GUEST ESSAY: Best practices to shrink the ever-present risk of Exchange Server getting corrupted

The Last Watchdog

FEBRUARY 5, 2024

Implement strong password policies and multi-factor authentication to prevent unauthorized access. User education: Regularly train employees on cybersecurity best practices, including recognizing phishing attempts and secure handling of sensitive information. Robust access control. Comprehensive monitoring. Backup strategies.

Risk

Risk Cloud Communications Education

Passwordless sign-in with passkeys is now available for Google accounts

Security Affairs

MAY 3, 2023

Passwords are essential to protect services and data online, but when obtained by threat actors they can pose a risk to the users. Despite the IT giant has implemented defenses like 2-Step Verification and Google Password Manager , it recognizes that to really address password issues, it is necessary to adopt passwordless solutions.

Passwords

Passwords Phishing Data breaches Education

Kodi discloses data breach after its forum was compromised

Security Affairs

APRIL 14, 2023

The threat actor was able to access the nightly backups containing all public forum posts, team forum posts, messages sent through the user-to-user messaging system, and user information such as forum username, email address used for notifications, and an encrypted (hashed and salted) password generated by the MyBB software.

Data breaches

Data breaches IT Passwords Encryption

SAP April 2023 security updates fix critical vulnerabilities

Security Affairs

APRIL 12, 2023

Once the attacker gained access to BI user’s passwords and depending on the privileges of the BI user, he can perform operations that can completely compromise the application. The complete list of the notes is reported in the latest security bulletin : SAP administrators are urged to apply the available security patches as soon as possible.

Security

Security Education Authentication Passwords

Crooks broke into AT&T email accounts to empty their cryptocurrency wallets

Security Affairs

APRIL 30, 2023

Mail keys are unique credentials that AT&T email users can use to log into their accounts using email apps such as Thunderbird or Outlook , but without having to use their passwords.” The carrier has adopted security measures to prevent similar attacks, it also forced a password reset on some email accounts.

Passwords

Passwords Access Education Security

EvilExtractor, a new All-in-One info stealer appeared on the Dark Web

Security Affairs

APRIL 24, 2023

The tool was developed by a company named Kodex, which claims that the tool was developed for an educational purpose. FortiGuard Labs observed this malware in a phishing email campaign on 30 March, which we traced back to the samples included in this blog.” The malware environment checking and Anti-VM functions.

Phishing

Phishing Sales Education Ransomware

CISA adds Zimbra bug exploited in attacks against NATO countries to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 4, 2023

The JavaScript payloads were designed to conduct Cross Site Request Forgery attacks and steal usernames, passwords, and store active session and CSRF tokens from cookies facilitating the login to publicly facing target webmail portals.

IT

IT Military Phishing Passwords

Volvo retailer leaks sensitive files

Security Affairs

APRIL 15, 2023

Attackers may have exploited leaked credentials to brute force access to the repository, since they only needed a password, which is faster than guessing both a username and password. Car industry fails to prevent data leaks Volvo is not the only car brand that has recently exposed itself and its customers.

Retail

Retail Manufacturing Communications Passwords

Catches of the Month: Phishing Scams for August 2023

IT Governance

AUGUST 7, 2023

The first looks at an alarming rise in phishing scams that impersonate the tech firm, while the second discusses a new security feature that’s designed to protect users from password compromise. One of the ways it does that is by warning people about security threats when they enter their Windows password into websites and documents.

Phishing

Phishing Passwords Education Personal data

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Security Affairs

APRIL 6, 2023

The credentials provided by the recipient are sent to an attacker-controlled URL, however, after the recipient enters their password, the phishing page redirects to a benign document that contains the interview questions, or an RFI that includes information of interest for the victims.

Phishing

Phishing Passwords Military Education

Don’t gift cyber attackers access to your organisation this Christmas

IT Governance

DECEMBER 11, 2019

Weak passwords. Hackers can crack passwords in a variety of ways: Dictionary attacks : Hackers download a text file containing a list of words (usually from a dictionary) into a cracking application, and run it against user accounts located by the application. Rainbow tables : Most modern systems store passwords in a hash.

Access

Access Passwords Education Information Security

Catches of the Month: Phishing Scams for February 2022

IT Governance

FEBRUARY 8, 2022

However, the code is actually part of Facebook’s password reset mechanism. If the victim shares the code, the fraudster can use it change the victim’s password and take control of their account. This will send the one-time password to the victim’s account.

Phishing

Phishing Passwords Authentication Education

GUEST ESSAY: Securing your cryptocurrency — best practices for Bitcoin wallet security

The Last Watchdog

SEPTEMBER 6, 2023

Use strong passwords, 2FA. The security of your Bitcoin wallet is mostly dependent on the strength of your passwords. Use uppercase, lowercase, digits, special characters, and a combination of them to create strong, one-of-a-kind passwords. Keep your name and birthday away from utilizing information that might be easily guessed.

Security

Security Passwords Phishing Encryption

Peugeot leaks access to user information in South America

Security Affairs

APRIL 25, 2023

The exposed file contained: Full MySQL database Uniform Resource Identifier (URI) – a unique sequence of characters that identifies a resource – as well as username and password to access it; JSON Web Token’s (JWT) passphrase and locations of private and public keys; A link to the git repository for the site; Symfony application secret.

Access

Access Education Encryption Passwords

What Are You Doing for Cyber Security Awareness Month?

IT Governance

OCTOBER 6, 2022

This October is Cyber Security Awareness Month, an event designed to educate people about information security and the steps they can take to stay safe online. The campaign also highlights the benefits of multi-factor authentication, strong passwords and regularly updating software. appeared first on IT Governance UK Blog.

Security awareness

Security awareness Security Phishing Passwords

GUEST ESSAY: A roadmap for the finance teams at small businesses to improve cybersecurity

The Last Watchdog

SEPTEMBER 25, 2023

Best practice is to require teams to use enhanced security measures like strong passwords that are changed regularly and multi-factor authentication to ensure your team is the only one accessing financial information. Stay educated. These back-ups can also be used to form a disaster recovery plan in the event of a natural disaster.

Cybersecurity

Cybersecurity Data breaches Compliance Phishing

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

Security Affairs

APRIL 29, 2023

The script launches the main routine of the malware that installs malicious browser extensions to exfiltrate passwords and crypto wallet data. If all checks pass, the loader decrypts and executes a second-stage PowerShell script. The malware can target multiple web browsers, including Brave, Google Chrome, Firefox, Microsoft Edge, and Opera.

Encryption

Encryption Passwords Education Communications

GUEST ESSAY: 5 steps for raising cyber smart children — who know how to guard their privacy

The Last Watchdog

JANUARY 13, 2021

The question isn’t whether we should educate children about online safety, but how we can best inspire them to learn to be thoughtful, careful, and safe in the cyber world for their lifetime. Can they create strong passwords? As adults, we know that bad online decisions can have negative or dangerous effects for years to come.

Privacy

Privacy Education Passwords Security awareness

GUEST ESSAY: Too many SMBs continue to pay ransomware crooks — exacerbating the problem

The Last Watchdog

FEBRUARY 20, 2023

The Glenn County Office of Education in California suffered an attack limiting access to its own network. Send out immediate notices to customers and ask them to reset their passwords, and inform them their data may be exposed to the dark web. It’s best to stay away from paying out any funds in cryptocurrency or otherwise.

Ransomware

Ransomware Cleanup Education Manufacturing

What are you doing for Data Privacy Week?

IT Governance

JANUARY 24, 2022

It’s why, for the past fifteen years, 28 January has marked Data Privacy Day – an international event raises awareness about online privacy and educates people on the ways they can protect their personal information. Stay Safe Online also recommends securing your data by creating unique passwords and storing them in a password manager.

Data Privacy

Data Privacy Privacy Personal data Passwords

Weekly podcast: NCSC and Kaspersky, parliamentary passwords and macOS High Sierra (again)

IT Governance

DECEMBER 7, 2017

This week, we discuss the NCSC’s warning to senior civil servants, the poor password habits of MPs, and a bug in the patch Apple rushed out last week. That’s why staff education is a core component of a best-practice approach to information security – you can have all the policies you like, but if no one follows them, they’re useless.

Passwords

Passwords Computer and Electronics Information Security Government

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Krebs on Security

NOVEMBER 21, 2020

. “A domain hosting provider ‘GoDaddy’ that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor,” Liquid CEO Kayamori said in a blog post. ” In the early morning hours of Nov.

Phishing

Phishing Authentication Passwords Access

New QBot campaign delivered hijacking business correspondence

Security Affairs

APRIL 17, 2023

“If the user complies, an archive will be downloaded from a remote server (compromised site), protected with a password given in the original PDF file.” The document’s content imitates a Microsoft Office 365 or Microsoft Azure alert advising the user to click Open to view the attached files.”

e-Delivery

e-Delivery Archiving Education Passwords

Trigona Ransomware targets Microsoft SQL servers

Security Affairs

APRIL 20, 2023

“Admins must also use passwords that cannot be easily guessed and change them periodically to protect the database servers from brute force and dictionary attacks.” The ransomware creates ransom notes named “how_to_decrypt.hta” in each folder, the note includes instructions to contact the Trigona operators.

Ransomware

Ransomware Encryption Cybersecurity Education

Moobot botnet spreads by targeting Cacti and RealTek flaws

Security Affairs

APRIL 3, 2023

Because Moobot can kill other botnet processes and also deploy brute force attacks, administrators should use strong passwords and change them periodically. Compromised victims can be controlled and used as DDoS bots after receiving a command from a C2 server. ” concludes the report.

Education

Education Encryption Passwords Communications

Catches of the Month: Phishing Scams for October 2022

IT Governance

OCTOBER 10, 2022

The fintech firm also clarified that the types of compromised data vary for different customers, but it is confident that the most sensitive forms of information, including PINs and passwords, were not accessed. You can help educate your staff with IT Governance’s Phishing Staff Awareness Training Programme. Get started.

Phishing

Phishing Passwords Personal data Data breaches

Experts devised a new exploit for the PaperCut flaw that can bypass all current detection

Security Affairs

MAY 4, 2023

Threat actors can execute arbitrary code on vulnerable servers by providing a malicious username and password during a login attempt. The PoC exploit devised by VulnCheck set the auth program to “/usr/sbin/python3” on Linux and “C:WindowsSystem32ftp.exe” on Windows. ” concludes the experts.

Cybersecurity

Cybersecurity Education Access Authentication

China-linked APT41 group spotted using open-source red teaming tool GC2

Security Affairs

APRIL 17, 2023

The attack took place in October 2022, threat actors sent phishing emails that contained links to a password-protected file hosted in Drive. The APT41 group, aka Winnti , Axiom, Barium , Blackfly, HOODOO) is a China-linked cyberespionage group that has been active since at least 2007.

Phishing

Phishing Cloud Government Education

Vishing: The Best Protection Is Knowing How Scammers Operate

Thales Cloud Protection & Licensing

OCTOBER 25, 2023

Vishing “While email may still be the most common mechanism for social engineering, we increasingly see attacks via social media, platforms such as WhatsApp, physical compromise, snail mail, and phone calls,” says ethical hacker FC in a blog. Organizations must educate users to help them recognize vishing attacks and report them.

Phishing

Phishing Passwords Education Cybersecurity

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

Krebs on Security

FEBRUARY 4, 2021

“We know hackers sometimes delete content when they gain access to an account, and until now people had no way of easily getting their photos and videos back,” Instagram explained in a blog post. WHAT YOU CAN DO. Sign up with any service online, and it will almost certainly require you to supply an email address.

Sales

Sales Passwords Authentication Access

Hackers can hack organizations using data found on their discarded enterprise network equipment

Security Affairs

APRIL 24, 2023

Exposed corporate data and sensitive data include the maps of sensitive applications hosted locally or in the cloud.

Authentication

Authentication Marketing Cloud Manufacturing

Phishers migrate to Telegram

Security Affairs

APRIL 6, 2023

One-time password (OTP) bots. Telegram channels are used to sell a range of subscriptions, with can also include customer support. Phishers provides updates on a regular basis for the phishing tools, anti-detection systems and links generated by the phishing kits.

Phishing

Phishing Sales Archiving Personal data

REvil Ransomware Gang Starts Auctioning Victim Data

Krebs on Security

JUNE 2, 2020

. “ Sodin ” and “ Sodinokibi “) used their Dark Web “Happy Blog” to announce its first ever stolen data auction, allegedly selling files taken from a Canadian agricultural production company that REvil says has so far declined its extortion demands.

Ransomware

Ransomware Agriculture Encryption Access

Sports retail giant Decathlon leaks 123 million customer and employee records

IT Governance

FEBRUARY 26, 2020

Employees’ names, addresses, usernames, passwords, social security numbers, phone numbers and dates of birth were all affected. The only way to tackle this threat is to educate staff on the importance of data protection and their obligation to secure sensitive information. Avoid basic errors with staff awareness training.

Retail

Retail Phishing Data breaches Education

Catches of the Month: Phishing Scams for August 2022

IT Governance

AUGUST 9, 2022

Nonetheless, the site does a good job imitating the genuine Twitter login page and asks users to provide their username and password. When users enter their email address and password, the site states: “Authenticity Check is completed, your account has been proved authentic by our automatic system, all current problems are resolved”.

Phishing

Phishing Authentication Passwords Blockchain

China-linked APT Volt Typhoon targets critical infrastructure organizations

Security Affairs

MAY 25, 2023

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The APT group is using almost exclusively living-off-the-land techniques and hands-on-keyboard activity to evade detection.

Communications

Communications Manufacturing Access Archiving

GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen

American Bar Association (ABA) suffered a data breach,1.4 million members impacted

Webinars

Trending Sources

‘Mother of All Breaches’: 26 BILLION Records Leaked

Webinars

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

GUEST ESSAY: Here’s how and why ‘trust’ presents an existential threat to cybersecurity

Password Expiration

FBI: Compromised US academic credentials available on various cybercrime forums

Atomic macOS Stealer is advertised on Telegram for $1,000 per month

GUEST ESSAY: Best practices to shrink the ever-present risk of Exchange Server getting corrupted

Passwordless sign-in with passkeys is now available for Google accounts

Kodi discloses data breach after its forum was compromised

SAP April 2023 security updates fix critical vulnerabilities

Crooks broke into AT&T email accounts to empty their cryptocurrency wallets

EvilExtractor, a new All-in-One info stealer appeared on the Dark Web

CISA adds Zimbra bug exploited in attacks against NATO countries to its Known Exploited Vulnerabilities catalog

Volvo retailer leaks sensitive files

Catches of the Month: Phishing Scams for August 2023

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Don’t gift cyber attackers access to your organisation this Christmas

Catches of the Month: Phishing Scams for February 2022

GUEST ESSAY: Securing your cryptocurrency — best practices for Bitcoin wallet security

Peugeot leaks access to user information in South America

What Are You Doing for Cyber Security Awareness Month?

GUEST ESSAY: A roadmap for the finance teams at small businesses to improve cybersecurity

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

GUEST ESSAY: 5 steps for raising cyber smart children — who know how to guard their privacy

GUEST ESSAY: Too many SMBs continue to pay ransomware crooks — exacerbating the problem

What are you doing for Data Privacy Week?

Weekly podcast: NCSC and Kaspersky, parliamentary passwords and macOS High Sierra (again)

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

New QBot campaign delivered hijacking business correspondence

Trigona Ransomware targets Microsoft SQL servers

Moobot botnet spreads by targeting Cacti and RealTek flaws

Catches of the Month: Phishing Scams for October 2022

Experts devised a new exploit for the PaperCut flaw that can bypass all current detection

China-linked APT41 group spotted using open-source red teaming tool GC2

Vishing: The Best Protection Is Knowing How Scammers Operate

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

Hackers can hack organizations using data found on their discarded enterprise network equipment

Phishers migrate to Telegram

REvil Ransomware Gang Starts Auctioning Victim Data

Sports retail giant Decathlon leaks 123 million customer and employee records

Catches of the Month: Phishing Scams for August 2022

China-linked APT Volt Typhoon targets critical infrastructure organizations

Stay Connected