Exercises and Passwords - Information Management Today

Pwned Passwords, Version 5

Troy Hunt

JULY 8, 2019

Almost 2 years ago to the day, I wrote about Passwords Evolved: Authentication Guidance for the Modern Era. Shortly after that blog post I launched Pwned Passwords with 306M passwords from previous breach corpuses. 3,768,890 passwords. 3,768,890 passwords.

Passwords

Passwords Authentication Data breaches IT

Bodybuilding.com forces password reset after a security breach

Security Affairs

APRIL 23, 2019

The website offers any kind of fitness articles, exercises, workouts, and supplements. The IT staff behind Bodybuilding.com also introduced additional security measures and forced a password reset for its customers. Data potentially exposed in the incident includes name, Bodybuilding.com usernames and passwords.

Passwords

Passwords Security Retail Personal data

National Safety Council data leak: Credentials of NASA, Tesla, DoJ, Verizon, and 2K others leaked by workplace safety organization

Security Affairs

AUGUST 31, 2023

The National Safety Council leaked thousands of emails and passwords of their members, including companies such as NASA and Tesla. The National Safety Council has leaked nearly 10,000 emails and passwords of their members, exposing 2000 companies, including governmental organizations and big corporations.

Passwords

Passwords Healthcare Manufacturing Access

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

When Accounts are "Hacked" Due to Poor Passwords, Victims Must Share the Blame

Troy Hunt

NOVEMBER 7, 2018

The first one was about HSBC disclosing a "security incident" which, upon closer inspection, boiled down to this: The security incident that HSBC described in its letter seems to fit the characteristics of brute-force password-guessing attempts, also known as a credentials stuffing attack. link] — Troy Hunt (@troyhunt) November 6, 2018.

Passwords

Passwords Education Data breaches Security

GUEST ESSAY: NewsCorp hack shows cyber espionage, squelching of press freedom on the rise

The Last Watchdog

APRIL 5, 2022

In a recent statement , the Foreign Correspondents Club of China (FCCC) commented, “Covering China is increasingly becoming an exercise in remote reporting, as China cuts off new visas and expels journalists.” Password leaks are commonplace. Employees often reuse passwords between other services and accounts.

Passwords

Passwords Access Cloud Government

GUEST ESSAY: Defending ransomware boils down to this: make it very costly for cybercriminals

The Last Watchdog

APRIL 11, 2022

A few things that are involved in most attacks include social engineering, passwords, and vulnerabilities. At the macro level, password hygiene is abysmal. Avoiding password reuse and using strong hard to guess passwords goes a long way. Having a security tool such as endpoint protection isn’t enough.

Ransomware

Ransomware IT Passwords Government

CISA analyzed stealthy malware found on compromised Pulse Secure devices

Security Affairs

JULY 22, 2021

If these services are required, use strong passwords or Active Directory authentication. Enforce a strong password policy and implement regular password changes. Exercise caution when opening e-mail attachments even if the attachment is expected and the sender appears to be known. the extension matches the file header).

e-Discovery

e-Discovery Security Passwords Access

FBI’s alert warns about using Windows 7 and TeamViewer

Security Affairs

FEBRUARY 14, 2021

The FBI is warning companies about the use of out-of-date Windows 7 systems, desktop sharing software TeamViewer, and weak account passwords. Set random passwords to generate 10-character alphanumeric passwords. If using personal passwords, utilize complex rotating passwords of varying lengths. Windows 10).

Passwords

Passwords Systems administration Risk Access

Ransomware realities in 2023: one employee mistake can cost a company millions

Security Affairs

OCTOBER 17, 2023

If your friend or colleague is suddenly asking you for money or to change your password, call them on the phone and ask if they really sent the message. Use a strong password and store it correctly: Strong passwords consist of a combination of uppercase and lowercase letters, numbers, and special symbols such as punctuation.

Ransomware

Ransomware Phishing Passwords Education

Weekly Update 247

Troy Hunt

JUNE 11, 2021

References Trying to get local control of Tuya lights is an exercise in absolute futility (read the thread to feel my pain ??) But as I say in the video, it has all been worth it and I do get a lot of enjoyment from playing with it all ?? That and many other cyber things in this week's update.

Passwords

Passwords IoT IT Security

World Backup Day 2023: Five Essential Cyber Hygiene Tips

Thales Cloud Protection & Licensing

MARCH 29, 2023

Control Access Ensuring password security is one of the easiest steps you can take to protect your data, devices, and accounts. Create complex passwords that cannot be easily guessed and are different for each account. A password manager is an effective way to keep track of many complex passwords.

Encryption

Encryption Passwords Ransomware Privacy

Phish Leads to Breach at Calif. State Controller

Krebs on Security

MARCH 23, 2021

20, the Controller’s Office said that for more than 24 hours starting on the afternoon of March 18 attackers had access to the email records of an employee in its Unclaimed Property Division after the employee clicked a phishing link and then entered their email ID and password.

Phishing

Phishing Data breaches Access Passwords

US govt agencies share details of the China-linked espionage malware Taidoor

Security Affairs

AUGUST 4, 2020

If these services are required, use strong passwords or Active Directory authentication. Enforce a strong password policy and implement regular password changes. Exercise caution when opening e-mail attachments even if the attachment is expected and the sender appears to be known. the extension matches the file header).

Healthcare

Healthcare Passwords Government Systems administration

US Govt agencies detail North Korea-linked HIDDEN COBRA malware

Security Affairs

FEBRUARY 14, 2020

If these services are required, use strong passwords or Active Directory authentication. Enforce a strong password policy and implement regular password changes. Exercise caution when opening e-mail attachments even if the attachment is expected and the sender appears to be known. the extension matches the file header).

Passwords

Passwords Access Phishing Authentication

Weekly Update 186

Troy Hunt

APRIL 10, 2020

(this was just super good fun, it's now all hooked up to Alexa too) Pwned Passwords is getting bigger and bigger (more than half a billion queries in a month now) I hate spam and I hate being asked to link to spammy articles (but I love the outcome of this blog post!)

Passwords

Passwords Security IT

Work from Home: 7 Best Security Practices for Remote Teams

AIIM

APRIL 16, 2020

But, as you start your social distancing/remote working, there are certain strict and important practices that every organization will have to exercise. 2) Running a Password Audit Among Employees. In the matter of security policy, every organization must run a password audit to audit employee’s passcodes. Let’s get started!

Security

Security Passwords Cloud Risk

CISA’s advisory warns of notable increase in LokiBot malware

Security Affairs

SEPTEMBER 22, 2020

The malware is able to steal sensitive information (a variety of credentials, including FTP credentials, stored email passwords, passwords stored in the browser, as well as a whole host of other credentials) . If these services are required, use strong passwords or Active Directory authentication.

Passwords

Passwords Authentication Cybersecurity Access

New York City Council Passes Tenant Data Privacy Act

Hunton Privacy

MAY 13, 2021

These security measures include encryption, a password reset capability (if a password is used by the system) and regular updates to firmware to address security vulnerabilities. Building owners would be required to implement security measures to protect tenants’ data and the data of any other users of the smart access system ( e.

Data Privacy

Data Privacy Privacy Authentication Passwords

FBI: Millions in Losses resulted from attacks against Healthcare payment processors

Security Affairs

SEPTEMBER 15, 2022

Advise all employees to exercise caution while revealing sensitive information such as login credentials through phone or web communications. Viable choices such as hard tokens allow access to software and verifies identity with a physical device instead of authentication codes or passwords.

Passwords

Passwords Phishing Authentication Communications

100,000 ChatGPT Accounts Hacked in Malware Attack

IT Governance

JUNE 22, 2023

This can include passwords, cookies, browsing history and bank payment details. OpenAI maintains industry best practices for authenticating and authorizing users to services including ChatGPT, and we encourage our users to use strong passwords and install only verified and trusted software to personal computers.”

Passwords

Passwords Data breaches Risk Government

NYDFS proposes significant cybersecurity regulation amendments

Data Protection Report

NOVEMBER 14, 2022

This new version of the proposed regulation deletes the previous requirements for Class A companies to conduct weekly vulnerability scans, as well as the requirement to use password vaulting for privileged access. Note that covered entities would have 18 months to implement this password-blocking requirement.)

Cybersecurity

Cybersecurity Passwords Risk Compliance

US govt warns critical infrastructure of ransomware attacks during holidays

Security Affairs

NOVEMBER 22, 2021

Mandate strong passwords and ensure they are not reused across multiple accounts. Remind employees not to click on suspicious links, and conduct exercises to raise awareness. . Implement multi-factor authentication for remote access and administrative accounts.

Ransomware

Ransomware Phishing Authentication Passwords

Nearly a Million Kubernetes Instances Exposed on Internet

eSecurity Planet

JUNE 29, 2022

The threat-hunting exercise led to some general findings on risk exposure: The United States has the highest exposure count by far (65%), followed by China (14%) and Germany (9%) The top ports in use are 443, 10250, and 6443. ” Read next: Container & Kubernetes Security Best Practices.

Risk

Risk Authentication Passwords Access

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

Hunton Privacy

JULY 5, 2023

Security Measures Automated Password Blocker : NYDFS clarified that the requirement for Class A companies to implement “an automated method of blocking commonly used passwords” applies only to accounts on information systems “owned or controlled by a Class A company” and for all other accounts only where “feasible.”

Cybersecurity

Cybersecurity IT Compliance Financial Services

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

Security Affairs

APRIL 14, 2022

Have a cyber incident response plan, and exercise it regularly with stakeholders in IT, cybersecurity, and operations. Enforce multifactor authentication for all remote access to ICS networks and devices whenever possible.

Passwords

Passwords Communications Cybersecurity Access

First Multistate HIPAA Data Breach Lawsuit May Signal Increased State Interest in Data Security Enforcement

Data Matters

FEBRUARY 6, 2019

The stolen information allegedly included names and identifying information, hashed passwords, security questions and answers, family information, Social Security numbers, lab results, health insurance information, doctor’s names, and medical conditions, among other things.

Data breaches

Data breaches Computer and Electronics Security Insurance

German BSI agency warns of ransomware attacks over Christmas holidays

Security Affairs

DECEMBER 5, 2021

Mandate strong passwords and ensure they are not reused across multiple accounts. Remind employees not to click on suspicious links, and conduct exercises to raise awareness. Implement multi-factor authentication for remote access and administrative accounts.

Ransomware

Ransomware Cybersecurity Phishing Authentication

Hackers breached one of Comodo Forums, 245,000 users impacted

Security Affairs

OCTOBER 1, 2019

Exposed data include login username, name, email address, hashed passwords, last IP address used to access the forums, and some social media usernames for a limited number of users. “The account passwords were encrypted in vBulletin for the Comodo Forum users, but a password change is recommended as part of good password practices.”

Passwords

Passwords Data breaches Encryption Access

CISA, FBI, NSA warn of the increased globalized threat of ransomware

Security Affairs

FEBRUARY 12, 2022

service account, admin accounts, and domain admin accounts) to have strong, unique passwords. If using Linux, use a Linux security module (such as SELinux, AppArmor, or SecComp) for defense in depth.

Ransomware

Ransomware Agriculture Encryption Phishing

Five Eyes agencies warn of attacks on MSPs

Security Affairs

MAY 12, 2022

Protect internet-facing services Defend against brute force and password spraying Defend against phishing. Develop and exercise incident response and recovery plans. Below is the list of recommendations included in the guidance: Prevent initial compromise. Improve security of vulnerable devices. Apply the principle of least privilege.

Authentication

Authentication Cybersecurity Phishing Risk

Red Team vs Blue Team: What’s the Difference?

IT Governance

JULY 13, 2023

In these exercises, the red team faces off against their counterparts, the blue team, in a battle to control a particular asset. It’s therefore no surprise that red teams, like cyber criminals, target usernames and passwords ruthlessly, with an assortment of tactics ranging from brute-force attacks to phishing scams.

Phishing

Phishing Passwords Communications Security

Secure Together: video conferencing, credential stuffing and eye strain

IT Governance

APRIL 15, 2020

Researchers believe the information was compromised elsewhere, but the attacks used credential-stuffing attacks to confirm that people had reused their passwords on Zoom. In other words, if you created a Zoom account using the same username and password that you’ve used elsewhere, attackers may have been able to access your account.

Security

Security Passwords Risk Phishing

UK NCSC warns of spear-phishing attacks from Russia-linked and Iran-linked groups

Security Affairs

JANUARY 26, 2023

More details + TTPs in this MSTIC blog: [link] — Microsoft Security Intelligence (@MsftSecIntel) August 15, 2022 Below are the recommendations provided by the agency in the advisory: Use strong and separate passwords for your email account Turn on multi-factor authentication (also known as 2-step verification, or 2SV) Protect your devices and (..)

Phishing

Phishing Education Authentication Passwords

Security Affairs newsletter Round 418 by Pierluigi Paganini – International edition

Security Affairs

MAY 6, 2023

Twitter confirmed that a security incident publicly exposed Circle tweets FBI seized other domains used by the shadow eBook library Z-Library WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks Fortinet fixed two severe issues in FortiADC and FortiOS Pro-Russia group NoName took down multiple France sites, including the French (..)

Security

Security Libraries Data breaches Ransomware

New SEC Cybersecurity Rules Could Affect Private Companies Too

eSecurity Planet

SEPTEMBER 23, 2022

In an ideal world, a team should also have the time to perform drills or tabletop exercises to simulate an event and practice the reporting process. This can be satisfied through periodic vulnerability scans, penetration tests, and asset-recovery exercises. Practice can reveal overlooked information or expose unrealistic requirements.

Cybersecurity

Cybersecurity Compliance Risk Communications

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Data Matters

JANUARY 28, 2022

Organizations can use the logs to look for password spray activity, identify unusual activity in dormant accounts, or identify when an IP address is not consistent with the user’s expected location. Create, Maintain, and Exercise a Cyber Incident Response, Resilience, and Continuity of Operations Plan.

Cybersecurity

Cybersecurity Financial Services Authentication Government

UPDATE: FTC Announces Record-Breaking Facebook Settlement Order

Hunton Privacy

JULY 25, 2019

Facebook is prohibited from asking for email passwords to other services when consumers sign up for its services. Facebook is prohibited from making any misrepresentations to the assessor. Under the order, these assessments will continue for a period of 20 years.

Privacy

Privacy Passwords Compliance Encryption

What Is Penetration Testing? Complete Guide & Steps

eSecurity Planet

MARCH 7, 2023

Red and blue team exercises can go beyond individual pentests to include comprehensive, ongoing testing objectives. Pentesters, posing as red teams, may previously inform the blue team, or security team, about the nature of the simulation, or they may not.

Passwords

Passwords IoT Encryption Access

Podcast Episode 113: SAP CSO Justin Somaini and Election Hacks – No Voting Machines Required!

The Security Ledger

SEPTEMBER 25, 2018

But an exercise in Boston last week showed how hackers can compromise the vote without ever touching an election system. But an exercise in Boston last week showed how hackers can compromise the vote without ever touching an election system. That’s the scenario of an exercise that took place high above Boston last week.

Security awareness

Security awareness Passwords Security Cybersecurity

Weekly podcast: Bank of England, the OPM, Patch Tuesday and Japanese minister

IT Governance

NOVEMBER 16, 2018

This week, we discuss a Bank of England cyber resilience exercise, the latest cyber security news from the US Office of Personnel Management, the highlights of this month’s Patch Tuesday, and a surprising admission by a Japanese cyber security minister. Hello and welcome to the IT Governance podcast for Friday, 16 November.

Encryption

Encryption Risk Passwords Government

How FIDO 2 authentication can help achieve regulatory compliance

Thales Cloud Protection & Licensing

JUNE 24, 2021

A key component of delivering these capabilities securely is to ensure the authenticity and validity of the identity of individuals exercising these data rights. The use of asymmetric cryptography helps to mitigate all known attacks that target “shared” credentials like passwords. Data security. Encryption Key Management.

Authentication

Authentication Compliance GDPR Personal data

Vulnerability Recap 4/15/24 – Palo Alto, Microsoft, Ivanti Exploits

eSecurity Planet

APRIL 15, 2024

To mitigate these risks, users must promptly apply vendor-provided software patches and updates, as well as exercise vigilance when using online services and apps. Employ robust password management techniques, two-factor authentication (2FA), and regular backups of essential data.

Libraries

Libraries Risk Cybersecurity Honeypots

The Evolving Cybersecurity Threats to Critical National Infrastructure

Thales Cloud Protection & Licensing

OCTOBER 23, 2023

However, simple actions like adopting multi-factor authentication (MFA) or encrypting sensitive data everywhere should be exercised throughout the year and not just during that month. This includes using weak passwords that can be easily compromised or stolen and misconfiguration errors of cloud-based apps and platforms.

Energy and Utilities

Energy and Utilities Cybersecurity Ransomware Authentication

VulnRecap 2/26/24 – VMWare, Apple, ScreenConnect Face Risks

eSecurity Planet

FEBRUARY 26, 2024

The increasing incidence of Apple security vulnerabilities emphasizes the importance of frequent upgrades and exercising vigilance when using shortcuts from untrustworthy sources. Users should upgrade the Shortcuts software as soon as possible. CISA released a list of mitigations against LockBit’s activity.

Risk

Risk Authentication Systems administration Ransomware

Pwned Passwords, Version 5

Bodybuilding.com forces password reset after a security breach

Webinars

Trending Sources

National Safety Council data leak: Credentials of NASA, Tesla, DoJ, Verizon, and 2K others leaked by workplace safety organization

Webinars

When Accounts are "Hacked" Due to Poor Passwords, Victims Must Share the Blame

GUEST ESSAY: NewsCorp hack shows cyber espionage, squelching of press freedom on the rise

GUEST ESSAY: Defending ransomware boils down to this: make it very costly for cybercriminals

CISA analyzed stealthy malware found on compromised Pulse Secure devices

FBI’s alert warns about using Windows 7 and TeamViewer

Ransomware realities in 2023: one employee mistake can cost a company millions

Weekly Update 247

World Backup Day 2023: Five Essential Cyber Hygiene Tips

Phish Leads to Breach at Calif. State Controller

US govt agencies share details of the China-linked espionage malware Taidoor

US Govt agencies detail North Korea-linked HIDDEN COBRA malware

Weekly Update 186

Work from Home: 7 Best Security Practices for Remote Teams

CISA’s advisory warns of notable increase in LokiBot malware

New York City Council Passes Tenant Data Privacy Act

FBI: Millions in Losses resulted from attacks against Healthcare payment processors

100,000 ChatGPT Accounts Hacked in Malware Attack

NYDFS proposes significant cybersecurity regulation amendments

US govt warns critical infrastructure of ransomware attacks during holidays

Nearly a Million Kubernetes Instances Exposed on Internet

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

First Multistate HIPAA Data Breach Lawsuit May Signal Increased State Interest in Data Security Enforcement

German BSI agency warns of ransomware attacks over Christmas holidays

Hackers breached one of Comodo Forums, 245,000 users impacted

CISA, FBI, NSA warn of the increased globalized threat of ransomware

Five Eyes agencies warn of attacks on MSPs

Red Team vs Blue Team: What’s the Difference?

Secure Together: video conferencing, credential stuffing and eye strain

UK NCSC warns of spear-phishing attacks from Russia-linked and Iran-linked groups

Security Affairs newsletter Round 418 by Pierluigi Paganini – International edition

New SEC Cybersecurity Rules Could Affect Private Companies Too

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

UPDATE: FTC Announces Record-Breaking Facebook Settlement Order

What Is Penetration Testing? Complete Guide & Steps

Podcast Episode 113: SAP CSO Justin Somaini and Election Hacks – No Voting Machines Required!

Weekly podcast: Bank of England, the OPM, Patch Tuesday and Japanese minister

How FIDO 2 authentication can help achieve regulatory compliance

Vulnerability Recap 4/15/24 – Palo Alto, Microsoft, Ivanti Exploits

The Evolving Cybersecurity Threats to Critical National Infrastructure

VulnRecap 2/26/24 – VMWare, Apple, ScreenConnect Face Risks

Stay Connected