Ukraine Nabs Suspect in 773M Password ?Megabreach?

Krebs on Security

In January 2019, dozens of media outlets raised the alarm about a new “megabreach” involving the release of some 773 million stolen usernames and passwords that was breathlessly labeled “the largest collection of stolen data in history.”

Home Assistant, Pwned Passwords and Security Misconceptions

Troy Hunt

Pwned Passwords is a repository of 613M passwords exposed in previous data breaches, which makes them very poor choices for future use. Then there's all the occasions where hackers end up controlling devices in the home network again, due to password reuse.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

‘War Dialing’ Tool Exposes Zoom’s Password Problems

Krebs on Security

But without the protection of a password, there’s a decent chance your next Zoom meeting could be “Zoom bombed” — attended or disrupted by someone who doesn’t belong. zWarDial, an automated tool for finding non-password protected Zoom meetings.

The SolarWinds Perfect Storm: Default Password, Access Sales and More

Threatpost

Critical Infrastructure Government Hacks Malware Vulnerabilities antivirus disabled cyberattack default password DHS FireEye fxmsp Microsoft network access solarwinds solarwinds123 solorigate supply chain hack u.s. government agencies

Intern caused ‘solarwinds123’ password leak, former SolarWinds CEO says

Security Affairs

Top executives of the software firm SolarWinds blamed an intern for having used a weak password for several years, exposing the company to hack. Then realized their password was **123 #FireEye #SolarWinds pic.twitter.com/foGzEOdytG — Vinoth Kumar (@vinodsparrow) December 14, 2020.

Government Software Supplier Hit By Ransomware

Data Breach Today

Password Expiration

Roger's Information Security

FTC Chief Technologist Lorrie Cranor wrote in March it is time to reconsider mandatory password changes. Unless there is reason to believe a password has been compromised or shared, requiring regular password changes may actually do more harm than good in some cases. And even if a password has been compromised, changing the password may be ineffective, especially if other steps aren’t taken to correct security problems.). I like to use a password manager.

UK Government Proposes IoT Security Measures

Data Breach Today

Rules Would Strengthen Password Protection and Vulnerability Reporting With the number of installed internet of things devices expected to surpass 75 billion by 2025, the U.K.

IoT 147

Goodbye Passwords: Hello Identity Management

Threatpost

As passwords are increasingly viewed as security liabilities, Identity Management solutions are picking up the slack. Breach Cloud Security Featured Government IoT Privacy Credential and Access Management forecast forrester research gartner IAM ICAM IDaaS identity and access management identity as a service Identity Management and Governance IMG PAM Privileged Access Management

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

Security Affairs

ZDNet reported in exclusive that a list of passwords for 900+ enterprise VPN servers has been shared on a Russian-speaking hacker forum. Companies on the list have to update their Pulse Secure servers and of course, change their passwords.

What Government Contractors Need to Know About NIST, DFARS Password Reqs

Dark Reading

Organizations that fail to comply with these rules can get hit with backbreaking fines and class-action lawsuits

15% of Brits use their pet’s name as a password

IT Governance

A strong, unique password is one of the simplest ways we can thwart cyber criminals, but millions of us are making basic mistakes, according to an NCSC (National Cyber Security Centre) survey. Similarly, using personal details for your password exposes you to a breach from someone you know.

Japanese Government Will Hack Citizens' IoT Devices

Schneier on Security

The Japanese government is going to run penetration tests against all the IoT devices in their country, in an effort to (1) figure out what's insecure, and (2) help consumers secure them: The survey is scheduled to kick off next month, when authorities plan to test the password security of over 200 million IoT devices, beginning with routers and web cameras. The Japanese government's decision to log into users' IoT devices has sparked outrage in Japan.

IoT 87

Password Security: Single Factor, 2FA and Multi-Factor Authentication

Rocket Software

On May 7, IT and technology businesses around the world celebrated World Password Day, a day meant to remind everyone of the importance of keeping personal and business data protected and secure. Don’t use personal passwords for work accounts. .

Norway blames China-linked APT31 for 2018 government hack

Security Affairs

Norway police secret service states said that China-linked APT31 group was behind the 2018 cyberattack on the government’s IT network. The post Norway blames China-linked APT31 for 2018 government hack appeared first on Security Affairs.

Calif. Law Takes Aim at Weak IoT Passwords

Threatpost

Government IoT Vulnerabilities Web Security AB-1906 admin California California Consumer Privacy Act CCPA GDPR General Data Protection Regulation Passwords SB-327 ShodanConcerns over data privacy and security push California to roll out the first legislation on connected devices.

14 Ways to Create a Secure Password in 2019 (That you’ll Remember)

IG Guru

There is a mounting requirement to be able to create and safely memorize 100’s of passwords. Over the years, there have been many password tricks that have been invented, such as using a formula or mashing […]. The post 14 Ways to Create a Secure Password in 2019 (That you’ll Remember) appeared first on IG GURU. Information Governance information privacy information security #infosec Passwords Security VPN Geeks

Time to Change Your Password!

The Texas Record

Isn’t it fun to use different passwords for all of the dozens of accounts you use and just when you think you’ve got them memorized you’re forced to change them every few months? The standards on password usage are changing. Government offices are increasingly providing more services online such as bill payment and access to information, so it’s important for us to be familiar with and share best practices for securing information and protecting identity.

Military, Government Users Just as Bad About Password Hygiene as Civilians

Dark Reading

New report comes out just as group of US senators chastise Secretary of State Mike Pompeo for not using multifactor authentication

Nation-state actors target Australia, Government warns

Security Affairs

A state-based actor is launching cyber attacks against government, public services and businesses, Australia ‘s prime minister said. Australia ‘s prime minister Scott Morrison said that a “state-based actor” is targeting government, public services, and businesses.

Thousands of Canadian government accounts hacked, Treasury Board of Canada Secretariat say

Security Affairs

The Treasury Board of Canada Secretariat confirmed that thousands of user accounts for online Canadian government services were recently hacked. Threat actors fraudulently acquired login credentials of 9,041 GCKey account holders and used them to try and access government services.

New York State Confirms Breach of Government Network

Dark Reading

The January incident led state officials to hire an external forensics firm and change thousands of employee passwords

COVID-19 Vaccine Cyberattacks Steal Credentials, Spread Zebrocy Malware

Threatpost

Cybercriminals are leveraging the recent rollout of the COVID-19 vaccines globally in various cyberattacks - from stealing email passwords to distributing the Zebrocy malware.

Proposed government Coronavirus contact tracing app leaked data

Security Affairs

A contact tracking app for the Coronavirus proposed to the government of the Netherlands is affected by security issues that could expose user data. ” The app was found containing close to 200 users’ records, including full names, email addresses, and hashed user passwords. .

CERT France – Pysa ransomware is targeting local governments

Security Affairs

CERT France is warning of a new wave of attacks using Pysa ransomware (Mespinoza) that is targeting local governments. CERT France cyber-security agency is warning about a new wave of ransomware attack that is targeting the networks of local government authorities.

MPs admit to sharing passwords

IT Governance

It only takes one password to fall into the wrong hands for cyber criminals to be able to access your systems and networks and cause harm. Sharing passwords often occurs because team members trust one another and share the workload, but what would happen if one of those employees turned rogue? Dorries also said that she doesn’t have access to government documents and insisted that there is a ‘shared email account’ on her computer that her staff need to access.

Thinkful forces a password reset for all users after a data breach

Security Affairs

The online education platform for developers Thinkful suffered a security breach and is notifying the incident to its customers requiring them to reset their passwords. The company is notifying the incident to its users via email and is forcing a password reset in response to the incident. Hackers had access to certain information, such as government-issued IDs and Social Security numbers, or financial information.

Episode 163: Cyber Risk has a Dunning-Kruger Problem also: Bad Password Habits start at Home

The Security Ledger

authentication Companies Governance Risk and Compliance identity management LastPass multi-factor authentication Passwords Podcasts Reports Risk risk management risk rating survey Technologies two-factor authenticationIn this episode of Security Ledger Podcast (#163) sponsored by LastPass: companies are spending more than ever on cyber security, but feel less secure. Kevin Richards of the insurer Marsh joins us to talk about that company's Cyber Risk Perceptions Survey.

Mandatory IoT Security in the Offing with U.K. Proposal

Threatpost

Government IoT default password Device security Internet of things iot legislation iot manufacturers IoT security Password regulation Security Updates tech law Uk gov law uk lawThe new U.K.

IoT 98

Weekly podcast: Password managers, unpatched vulnerabilities, formjacking and Wendy’s

IT Governance

Hello, and welcome to the IT Governance podcast for Thursday, 21 February 2019. Researchers at ISE have identified security flaws affecting four popular password managers on the Windows 10 platform, which could allow malware to access the master password and/or the individual passwords stored in them, even when the password managers are locked. Each password manager also attempted to scrub secrets from memory.

FBI and CISA joint alert blames Russia’s Energetic Bear APT for US government networks hack

Security Affairs

The US government declared that Russia-linked APT group Energetic Bear has breached US government networks and exfiltrated data. state, local, territorial, and tribal (SLTT) government networks, as well as aviation networks. .

Survey reveals just how bad the UK is at creating passwords

IT Governance

There are more than 171,000 words in the English language, and yet millions of us can’t look beyond the word that’s right in front of us when selecting a password. million Britons use ‘password’ as their password. Other common passwords include people’s names (‘ashley’, ‘michael’, ‘daniel’, ‘jessica’ and ‘charlie’ were the most used), football teams and, bizarrely, the pop punk act ‘blink-182’. How to make your passwords stronger.

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

Security Affairs

US government networks are under attack, threat actors chained VPN and Windows Zerologon flaws to gain unauthorized access to elections support systems. The agencies warn of risk to elections information housed on government networks.

Governments on alert after FireEye’s hacking tools stolen in cyber attack

IT Governance

FireEye uses these tools to test the defences of its clients, which include an array of government and US national security agencies. The post Governments on alert after FireEye’s hacking tools stolen in cyber attack appeared first on IT Governance UK Blog.

Cyberattacks Hit Thousands of Canadian Tax, Benefit Accounts

Threatpost

The Canada Revenue Agency (CRA) suspended online services after accounts were hit in a third wave of credential stuffing attacks this weekend - giving bad actors access to various government services.

23 million people use ‘123456’ as their password

IT Governance

One of cyber criminals’ favourite ways of hacking organisations is through brute-force or ‘password spraying’ attacks, which bombard targets with login attempts using lists of common passwords. million people in the UK use ‘123456’ as their password. million are securing their accounts with ‘password’ and 3.8 With such predictable passwords, it’s no surprise that every month there are dozens of breaches caused by basic account hacks.

Hackers targeted ICS/SCADA systems at water facilities, Israeli government warns

Security Affairs

The Israeli government has issued an alert to organizations in the water sector following a series of cyberattacks that targeted the water facilities. ” reads the alert issued by the Israeli government.

Lax Security Exposes Smart-Irrigation Systems to Attack Across the Globe  

Threatpost

Systems designed by Mottech Water Management were misconfigured and put in place and connected to the internet without password protections.

Utter Zuck-up: 600 million passwords exposed in Facebook data breach

IT Governance

Up to 600 million Facebook users have had their passwords leaked in an internal data breach. Security researcher Brian Krebs broke the news on 21 March 2019, explaining that the social network’s internal company servers contained passwords stored in plaintext. Krebs went on to reveal that said that some passwords have been exposed since 2012. ‘No First, don’t ever store passwords (or any sensitive information) in plaintext.

LibSSH Flaw Allows Hackers to Take Over Servers Without Password

IG Guru

October 16, 2018Mohit Kumar A four-year-old severe vulnerability has been discovered in the Secure Shell (SSH) implementation library known as Libssh that could allow anyone to completely bypass authentication and gain unfettered administrative control over a vulnerable server without requiring a password. The post LibSSH Flaw Allows Hackers to Take Over Servers Without Password appeared first on IG GURU.