Google sued by New Mexico attorney general for collecting student data through its Education Platform

Security Affairs

New Mexico sues Google for allegedly using the Google for Education platform to gather personal and private data from children. The company offers free Chromebooks to schools and access to the G-Suite for Education service as part of the Google for Education platform.

Online education site EduCBA discloses data breach and reset customers? pwds

Security Affairs

The online education portal EduCBA discloses a data breach and is resetting customers’ passwords in response to the incident. EduCBA is a leading global provider of skill based education with 500,000+ members across 40+ Countries.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Password Expiration

Roger's Information Security

FTC Chief Technologist Lorrie Cranor wrote in March it is time to reconsider mandatory password changes. Unless there is reason to believe a password has been compromised or shared, requiring regular password changes may actually do more harm than good in some cases. And even if a password has been compromised, changing the password may be ineffective, especially if other steps aren’t taken to correct security problems.). I like to use a password manager.

Protecting Sensitive Company Data: How to Educate Employees


In this article, we will examine how to educate your employees so that a lethal hack does not disrupt your business. It’s All About Passwords. Employing the use of strong password policies can curb hacking attempts and stop them in their tracks.

Here's Why [Insert Thing Here] Is Not a Password Killer

Troy Hunt

Often it's related to data breaches or sloppy behaviour on behalf of some online service playing fast and loose with HTTPS or passwords or some other easily observable security posture. It's totally going to kill passwords! Passwords Security

NEW TECH: ‘Passwordless authentication’ takes us closer to eliminating passwords as the weak link

The Last Watchdog

If there ever was such a thing as a cybersecurity silver bullet it would do one thing really well: eliminate passwords. Threat actors have proven to be endlessly clever at abusing and misusing passwords. Related: The Internet of Things is just getting started The technology to get rid of passwords is readily available; advances in hardware token and biometric authenticators continue apace. So what’s stopping us from getting rid of passwords altogether?

Fixing Data Breaches Part 1: Education

Troy Hunt

Let's get started with one I raised multiple times whilst sitting in front of Congress - education. Let me demonstrate precisely the problem: have a look at this code from a blog post about how to build a password reset feature (incidentally, read the comment from me and you'll understand why I'm happy sharing this here): There are two SQL statements here: the first one is resilient to SQL injection. Oh - and it uses a password of 12345678. The difference is education.

When Accounts are "Hacked" Due to Poor Passwords, Victims Must Share the Blame

Troy Hunt

The first one was about HSBC disclosing a "security incident" which, upon closer inspection, boiled down to this: The security incident that HSBC described in its letter seems to fit the characteristics of brute-force password-guessing attempts, also known as a credentials stuffing attack.

Thinkful forces a password reset for all users after a data breach

Security Affairs

The online education platform for developers Thinkful suffered a security breach and is notifying the incident to its customers requiring them to reset their passwords. However, as a measure of added precaution, we are requiring all users to reset their Thinkful passwords.”

Beyond FERPA: The California Consumer Privacy Act’s New Rules for Privacy in the Education Sector

HL Chronicle of Data Protection

The CCPA will become effective January of 2020 and may impact companies in the education sector, including the larger education technology companies. Consumer Privacy CaCPA California CCPA consumer Education non-profit personal information privacy

The Trouble with Politicians Sharing Passwords

Troy Hunt

In this case, that secret is her password and, well, just read it: My staff log onto my computer on my desk with my login everyday. I read this while wandering around in LA on my way home from sitting in front of US Congress and explaining security principles to a government so it felt like a timely opportunity to share my own view on the matter: This illustrates a fundamental lack of privacy and security education. Passwords are regularly changed.

Pennsylvania Supreme Court Rules that Forcing Provision of Computer Password Violates the Fifth Amendment: eDiscovery Case Law

eDiscovery Daily

At Appellant’s apartment, after the agents discovered a single computer, an HP Envy 700 desktop, which was encrypted with TrueCrypt, Appellant informed the agents that he lived alone, that he was the sole user of the computer, and that only he knew the password to his computer.

Weekly podcast: NCSC and Kaspersky, parliamentary passwords and macOS High Sierra (again)

IT Governance

This week, we discuss the NCSC’s warning to senior civil servants, the poor password habits of MPs, and a bug in the patch Apple rushed out last week.

Don’t gift cyber attackers access to your organisation this Christmas

IT Governance

Weak passwords. Hackers can crack passwords in a variety of ways: Dictionary attacks : Hackers download a text file containing a list of words (usually from a dictionary) into a cracking application, and run it against user accounts located by the application.

How Long Will it Take to Crack Your Password?: Cybersecurity Trends

eDiscovery Daily

And this latest infographic that I have come across – from a Facebook friend who is also a colleague nonetheless – is a great one to note when considering your own passwords. That pushes the time up to 12 years ; But, notably, size does matter – when it comes to passwords and other things. ;

What happens when remote work becomes permanent?

Rocket Software

Educate. That’s why it will be important to engage them in cybersecurity education. As more devices are automatically outfitted with MFA and more people work remotely, now is a good time to upgrade passwords.

In Decision That Sounds the “Death Knell” for Fifth Amendment Protection, Defendant Ordered to Provide Cell Phone Password: eDiscovery Case Law

eDiscovery Daily

12 of the Massachusetts Declaration of Rights), and the court remanded the case to the Superior Court for entry of an order compelling the defendant to enter the password into the cell phone at issue in the case. In Commonwealth v. Jones, SJC-12564 (Mass.

The Password Reuse Problem Has Still Not Gone Away: Cybersecurity Trends

eDiscovery Daily

But, it’s worth noting that we covered a story over two years ago where the guy who recommended we change our passwords periodically and require passwords that combine upper case letters, lower case letters, numbers and special characters admitted that was bad advice.

What Should Training Cover?

Adam Shostack

Chris Eng said “ Someone should set up a GoFundMe to send whoever wrote the hit piece on password managers to a threat modeling class. It asserted that these flaws mean that a password manager is no better than a text file full of your passwords. education threat modeling

Interview: securing the University using NIST’s Cyber Framework

The Security Ledger

» Related Stories Hackers Remotely Steer Tesla Model S Using Autopilot System Podcast Episode 140: passwords are dying. Conversation with a CISO Education Interview NIST NIST cybersecurity framework Obama Administration RSA Conference Top Stories VeracodeCollege and university campuses are notoriously difficult to tame.

TOKOPEDIA e-commerce hacked, 91 Million accounts available on the darkweb

Security Affairs

The hacker has shared 15 million user records calling for action in cracking the passwords that are hashed using the SHA2-384 hashing algorithm. – Database contains emails, password hashes, names — Under the Breach (@underthebreach) May 2, 2020.

Guy Fawkes Day – LulzSec Italy hit numerous organizations in Italy

Security Affairs

Included in the breaches were Italy’s National Research Center , The Institute for Education Technologies , the ILIESI Institute for the European Intellectual Lexicon , National Mining Office for Hydrocarbons and Geo-resources , Ministry of Economic Development , State Police Association , Fratelli D’Italia , Lega Nord Trentino , Partito Democratico Siena , TV Trentino , Technapoli Equitalia , State Archives S.I.A.S. 1 Username and Password In Database itd_cp: [link].

MY TAKE: Remote classes, mobile computing heighten need for a security culture in K-12 schools

The Last Watchdog

No one enforced the use of passwords, nor insisted on strict teacher control of those lessons. Yet it’s understandable that a teacher, in the absence of school policy, might disable the password and waiting room functionalities to keep the class open to last-minute stragglers.

Meal delivery service Home Chef discloses data breach

Security Affairs

million $1,200 Minted 5 million $2,500 Styleshare 6 million $2,700 Ggumim 2 million $1,300 Mindful 2 million $1,300 StarTribune 1 million $1,100 ChatBooks 15 million $3,500 The Chronicle Of Higher Education 3 million $1,500 Zoosk 30 million $500.

Shiny Hunters group is selling data from 11 companies on the Dark Web

Security Affairs

million $1,200 Minted 5 million $2,500 Styleshare 6 million $2,700 Ggumim 2 million $1,300 Mindful 2 million $1,300 StarTribune 1 million $1,100 ChatBooks 15 million $3,500 The Chronicle Of Higher Education 3 million $1,500 Zoosk 30 million $500.

Phish of GoDaddy Employee Jeopardized, Among Others

Krebs on Security

We have taken steps across our technology, processes and employee education, to help prevent these types of attacks in the future.” In cases where passwords are used, pick unique passwords and consider password managers.

REvil Ransomware Gang Starts Auctioning Victim Data

Krebs on Security

A ridiculous number of businesses — particularly healthcare providers — get hit with ransomware because they leave RDP open to the Internet and secured with easy-to-guess passwords.

NEW TECH: DataLocker introduces encrypted flash drive — with key pad

The Last Watchdog

All the user needs is a strong password to access to the data. The administrator can set password rules, put certain types of files on white lists or black lists, remotely reset devices; they can even disable devices lost in the field. You just simply push the power button, type in your password, authenticate it; and then you can connect it to any system with a USB port. You can pop it on a thumb drive, set the password, and overnight it.

Healthcare Cybersecurity: Protection and Recovery


Education and Training. To effectively defend your organization against cybersecurity attacks, you must invest in education and training for your staff. To prevent this social hacking, educate your users and send your own “white hat” phishing campaigns to safely expose any weaknesses and illustrate the need for caution. However, efforts to strengthen security and educate end users must be ongoing.

77% of UK workers don’t receive cyber skills training

IT Governance

See also: Lack of education is the leading cause of successful ransomware attacks. 23 million people use ‘123456’ as their password. Centrify’s survey also revealed that 27% of employees use the same passwords for multiple accounts.

Decathlon Spain data leak exposed Spanish employees’ data & more

Security Affairs

Experts discovered a leaking, active database with over 123 million records belonging to Decathlon Spain (and possibly Decathlon UK as well).

Vermont’s Amendments to Data Breach Law and New Student Privacy Law Effective July 1, 2020

Hunton Privacy

Expand the definition of a breach to include login credentials, meaning “a consumer’s user name or e-mail address, in combination with a password or an answer to a security question, that together permit access to an online account.”

Thousands Zoom credentials available on a Dark Web forum

Security Affairs

“In a recent investigation of deep and dark web forums, IntSights researchers came across a cybercriminal who shared a database containing more than 2300 usernames and passwords to Zoom accounts.”

Northern Ireland Assembly suffered multiple targeted cyber attacks

IT Governance

Staff at the Northern Ireland Assembly were warned to update their passwords after its IT system suffered multiple targeted cyber attacks. Bill Evans , senior director at One Identity, said that “[e]nd user education may have limited some of the risk.

Weekly Update 112

Troy Hunt

Wow, didn't the passwords discussions go nuts this week! But seriously, both posts on passwords this week garnered a heap of input from people agreeing with me, disagreeing with me and arguing with each other.

Digital Security: Preventing Unauthorized Access to Company Data


Address social engineering, for example, by educating employees about phishing attacks. Use multifactor authentication (MFA) so hackers who guess usernames and passwords still don’t have enough information to control user accounts and devices. Modern cyberthreats cost companies in many ways. Major data breaches have led some chief executives to resign from their organizations.

Sports retail giant Decathlon leaks 123 million customer and employee records

IT Governance

Employees’ names, addresses, usernames, passwords, social security numbers, phone numbers and dates of birth were all affected. The only way to tackle this threat is to educate staff on the importance of data protection and their obligation to secure sensitive information.

Retail 100

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

The Archiveus Trojan from 2006 was the first one to use RSA cipher, but it was reminiscent of a proof of concept and used a static 30-digit decryption password that was shortly cracked. Ransomware is undoubtedly one of the most unnerving phenomena in the cyber threat landscape.

GUEST ESSAY: Six risks tied to social media marketing that all businesses should heed

The Last Watchdog

Hackers use social media to learn more about you, and they can be very skilled when it comes to working out your passwords thanks to your posts about your pets, family, or even birthday plans. Teach your employees about the need for stronger passwords, and how to make use of both password generators and password management systems. As proven when The Department of Education misspelt W.

DOJ indicts Fxmsp hacker for selling access to hacked businesses

Security Affairs

Turchin obtained credentials to target networks by launching spear-phishing attacks and brute-forcing the passwords of remote desktop servers exposed online.