Ukraine Nabs Suspect in 773M Password ?Megabreach?

Krebs on Security

In January 2019, dozens of media outlets raised the alarm about a new “megabreach” involving the release of some 773 million stolen usernames and passwords that was breathlessly labeled “the largest collection of stolen data in history.”

‘War Dialing’ Tool Exposes Zoom’s Password Problems

Krebs on Security

But without the protection of a password, there’s a decent chance your next Zoom meeting could be “Zoom bombed” — attended or disrupted by someone who doesn’t belong. zWarDial, an automated tool for finding non-password protected Zoom meetings.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The Hidden Cost of Ransomware: Wholesale Password Theft

Krebs on Security

Organizations in the throes of cleaning up after a ransomware outbreak typically will change passwords for all user accounts that have access to any email systems, servers and desktop workstations within their network. ” WHOLESALE PASSWORD THEFT.

UK Government Proposes IoT Security Measures

Data Breach Today

Rules Would Strengthen Password Protection and Vulnerability Reporting With the number of installed internet of things devices expected to surpass 75 billion by 2025, the U.K.

IoT 153

What Government Contractors Need to Know About NIST, DFARS Password Reqs

Dark Reading

Organizations that fail to comply with these rules can get hit with backbreaking fines and class-action lawsuits

Goodbye Passwords: Hello Identity Management


As passwords are increasingly viewed as security liabilities, Identity Management solutions are picking up the slack.

Japanese Government Will Hack Citizens' IoT Devices

Schneier on Security

The Japanese government's decision to log into users' IoT devices has sparked outrage in Japan. However, the government's plan has its technical merits. Many of today's IoT and router botnets are being built by hackers who take over devices with default or easy-to-guess passwords.

IoT 109

Password Expiration

Roger's Information Security

FTC Chief Technologist Lorrie Cranor wrote in March it is time to reconsider mandatory password changes. Unless there is reason to believe a password has been compromised or shared, requiring regular password changes may actually do more harm than good in some cases. And even if a password has been compromised, changing the password may be ineffective, especially if other steps aren’t taken to correct security problems.). I like to use a password manager.

14 Ways to Create a Secure Password in 2019 (That you’ll Remember)

IG Guru

There is a mounting requirement to be able to create and safely memorize 100’s of passwords. Over the years, there have been many password tricks that have been invented, such as using a formula or mashing […].

Time to Change Your Password!

The Texas Record

Isn’t it fun to use different passwords for all of the dozens of accounts you use and just when you think you’ve got them memorized you’re forced to change them every few months? The standards on password usage are changing.

Nation-state actors target Australia, Government warns

Security Affairs

A state-based actor is launching cyber attacks against government, public services and businesses, Australia ‘s prime minister said. Australia ‘s prime minister Scott Morrison said that a “state-based actor” is targeting government, public services, and businesses.

New York State Confirms Breach of Government Network

Dark Reading

The January incident led state officials to hire an external forensics firm and change thousands of employee passwords

Calif. Law Takes Aim at Weak IoT Passwords


Government IoT Vulnerabilities Web Security AB-1906 admin California California Consumer Privacy Act CCPA GDPR General Data Protection Regulation Passwords SB-327 ShodanConcerns over data privacy and security push California to roll out the first legislation on connected devices.

Military, Government Users Just as Bad About Password Hygiene as Civilians

Dark Reading

New report comes out just as group of US senators chastise Secretary of State Mike Pompeo for not using multifactor authentication

Episode 163: Cyber Risk has a Dunning-Kruger Problem also: Bad Password Habits start at Home

The Security Ledger

authentication Companies Governance Risk and Compliance identity management LastPass multi-factor authentication Passwords Podcasts Reports Risk risk management risk rating survey Technologies two-factor authentication

Proposed government Coronavirus contact tracing app leaked data

Security Affairs

A contact tracking app for the Coronavirus proposed to the government of the Netherlands is affected by security issues that could expose user data. ” The app was found containing close to 200 users’ records, including full names, email addresses, and hashed user passwords. .

23 million people use ‘123456’ as their password

IT Governance

One of cyber criminals’ favourite ways of hacking organisations is through brute-force or ‘password spraying’ attacks, which bombard targets with login attempts using lists of common passwords. million people in the UK use ‘123456’ as their password.

Thinkful forces a password reset for all users after a data breach

Security Affairs

The online education platform for developers Thinkful suffered a security breach and is notifying the incident to its customers requiring them to reset their passwords. The company is notifying the incident to its users via email and is forcing a password reset in response to the incident.

MPs admit to sharing passwords

IT Governance

It only takes one password to fall into the wrong hands for cyber criminals to be able to access your systems and networks and cause harm. Sharing passwords often occurs because team members trust one another and share the workload, but what would happen if one of those employees turned rogue?

Survey reveals just how bad the UK is at creating passwords

IT Governance

There are more than 171,000 words in the English language, and yet millions of us can’t look beyond the word that’s right in front of us when selecting a password. million Britons use ‘password’ as their password. How to make your passwords stronger.

CERT France – Pysa ransomware is targeting local governments

Security Affairs

CERT France is warning of a new wave of attacks using Pysa ransomware (Mespinoza) that is targeting local governments. CERT France cyber-security agency is warning about a new wave of ransomware attack that is targeting the networks of local government authorities.

Hackers targeted ICS/SCADA systems at water facilities, Israeli government warns

Security Affairs

The Israeli government has issued an alert to organizations in the water sector following a series of cyberattacks that targeted the water facilities. ” reads the alert issued by the Israeli government.

LibSSH Flaw Allows Hackers to Take Over Servers Without Password

IG Guru

The post LibSSH Flaw Allows Hackers to Take Over Servers Without Password appeared first on IG GURU. Breach IG News Information Governance information security Risk News flaw LibSSH Security

Utter Zuck-up: 600 million passwords exposed in Facebook data breach

IT Governance

Up to 600 million Facebook users have had their passwords leaked in an internal data breach. Security researcher Brian Krebs broke the news on 21 March 2019, explaining that the social network’s internal company servers contained passwords stored in plaintext.

Mandatory IoT Security in the Offing with U.K. Proposal


Government IoT default password Device security Internet of things iot legislation iot manufacturers IoT security Password regulation Security Updates tech law Uk gov law uk lawThe new U.K.

IoT 91

Japan’s government hacks citizens’ IoT devices

IT Governance

Earlier this year, the Japanese government launched a campaign in which it hacked into citizens’ IoT (Internet of Things) devices to see how secure the technology is. There are several things to be concerned about with the Japanese government’s plan.

IoT 68

Weekly podcast: Password managers, unpatched vulnerabilities, formjacking and Wendy’s

IT Governance

Hello, and welcome to the IT Governance podcast for Thursday, 21 February 2019. Researchers at ISE have identified security flaws affecting four popular password managers on the Windows 10 platform, which could allow malware to access the master password and/or the individual passwords stored in them, even when the password managers are locked. Each password manager also attempted to scrub secrets from memory.

ObliqueRAT, a new malware employed in attacks on government targets in Southeast Asia

Security Affairs

Experts from Cisco Talos discovered a new malware, tracked as ObliqueRAT, that appears a custom malware developed by a threat actor focused on government and diplomatic targets. . “CrimsonRAT has been known to target diplomatic and government organizations in Southeast Asia.”

Cellebrite Unlocks iPhones for the US Government

Schneier on Security

government's company of choice when it comes to unlocking mobile devices, is this month telling customers its engineers currently have the ability to get around the security of devices running iOS 11. If this is true, then strong passwords are still secure.

Can two-factor authentication save us from our inability to create good passwords?

IT Governance

An advert is currently running in which a man gets his password hacked because, the ad implies, he wasn’t using a VPN (virtual private network). The man’s password? Sooner rather than later, someone will guess your password and stumble into a wealth of sensitive information.

Episode 164: Who owns the Data Smart Cars collect? Also: making Passwords work.

The Security Ledger

Also: LastPass’s Dan DeMichele joins us to talk about why password security is still so hard. Also: LastPass’s Dan DeMichele joins us to talk about why password security is still so hard. Aaron Lowe is a Senior Vice President for Government Affairs at The Auto Care Association.

Cybersecurity Resources for Texas Local Governments

The Texas Record

On Friday, August 16, over twenty local government entities in Texas were targeted by a coordinated ransomware attack. This incident is the most recent in a year marked by cyberattacks on state and local governments across the country. August 20, 2019 – Update on August 2019 Texas Cyber Incident August 17, 2019 – Update on August 2019 Texas Cyber Incident August 16, 2019 – Ransomware Attack Hits Texas Government Entities.

The Trouble with Politicians Sharing Passwords

Troy Hunt

In this case, that secret is her password and, well, just read it: My staff log onto my computer on my desk with my login everyday. I read this while wandering around in LA on my way home from sitting in front of US Congress and explaining security principles to a government so it felt like a timely opportunity to share my own view on the matter: This illustrates a fundamental lack of privacy and security education. Passwords are regularly changed.

MY TAKE: Identity ‘access’ and ‘governance’ tech converge to meet data protection challenges

The Last Watchdog

based supplier of identity access management (IAM) systems, which recently announced a partnership with Omada, a Copenhagen-based provider of identity governance administration (IGA) solutions. These vendors drilled down on “governance and attestation,” coming up with advanced ways to enable companies to monitor and report cyber risk profiles to government and industry auditors. Governance and attestation quickly became a very big deal.

Access 143

Weekly podcast: ICANN, DNS and DNSSEC; credential stuffing; passwords managers; and EDPS report

IT Governance

This week, we discuss ICANN’s warning about DNS attacks, the extent of credential stuffing attacks on the retail sector, password managers’ responses to recent research into security flaws, and the European Data Protection Supervisor’s annual report for 2018.

A Good Password Law, Hardware Hacks, and More Security News This Week

WIRED Threat Level

Hardware hacks, the government gets two-factor, and more security news this week. Security

Hacker broke into super secure French Government’s Messaging App Tchap hours after release

Security Affairs

A white hat hacker discovered how to break Tchap, a new secure messaging app launched by the French government for officials and politicians. It aims at replacing popular instant messaging services like Telegram and WhatsApp for government people.

Data Breach: Air Canada Tells 1.7 Million Customers to Reset App Passwords

Adam Levin

Air Canada is advising customers to reset their passwords on their mobile application after detecting a potential data breach of customer records. million users to reset their passwords. “We Million Customers to Reset App Passwords appeared first on Adam Levin.

Pennsylvania Supreme Court Rules that Forcing Provision of Computer Password Violates the Fifth Amendment: eDiscovery Case Law

eDiscovery Daily

At Appellant’s apartment, after the agents discovered a single computer, an HP Envy 700 desktop, which was encrypted with TrueCrypt, Appellant informed the agents that he lived alone, that he was the sole user of the computer, and that only he knew the password to his computer.

CVE-2019-1132 Windows Zero-Day exploited by Buhtrap Group in government attack

Security Affairs

The CVE-2019-1132 flaw addressed by Microsoft this month was exploited by Buhtrap threat actor to target a government organization in Eastern Europe. “ ESET researchers discovered that the flaw was exploited in an attack aimed at a government institution in Eastern Europe in June.