article thumbnail

GitLab Hackers Use 'Forgot Your Password' to Hijack Accounts

Data Breach Today

The vulnerability allows hackers to use the "forgot your password" function to send a reset link to an attacker-controlled inbox. US CISA Orders Federal Agencies to Apply January Patch The U.S. federal government's cybersecurity agency warned that hackers are exploiting a vulnerability in DevOps platform GitLab that was patched in January.

Passwords 287
article thumbnail

Breach Roundup: Google Phases out Passwords

Data Breach Today

Also: Microsoft Will Bid VBSript Goodbye and A Novel Magecart Attack This week: Google began phasing out passwords, Microsoft will bid VBSript goodbye, payment card information exposed in Air Europa hack, Magecart attack uses sneaky 404 page tactic, U.S.

Passwords 279
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Okta Buys Personal Password Manager Uno to Service Consumers

Data Breach Today

Uno's Design Wisdom Will Accelerate Rollout of Okta's First-Ever Consumer Product Okta bought a password manager founded by a former Google engineer and backed by Andreessen Horowitz to get a foothold in the consumer identity market.

Passwords 297
article thumbnail

The UK Bans Default Passwords

Schneier on Security

The UK is the first country to ban default passwords on IoT devices. On Monday, the United Kingdom became the first country in the world to ban default guessable usernames and passwords from these IoT devices. Unique passwords installed by default are still permitted. This sort of thing benefits all of us everywhere.

Passwords 109
article thumbnail

Breach Roundup: Google Phases Out Passwords for Passkeys

Data Breach Today

Also: Microsoft Will Bid VBScript Goodbye; Magecart's Novel Page-Not-Found Attack This week: Google began phasing out passwords, Microsoft to bid VBScript goodbye, payment card information exposed in Air Europa hack, Magecart attack uses sneaky 404 page tactic, U.S.

Passwords 285
article thumbnail

Microsoft Fully Ditches the Password

Data Breach Today

Windows Users Can Now Use Other Methods to Access Microsoft Products Microsoft has officially gone fully passwordless, allowing Windows users to replace their alphanumeric passwords with one of several substitute sign-in technologies to gain entry into a Microsoft product - a move received positively by industry insiders.

Passwords 345
article thumbnail

How Coinbase Phishers Steal One-Time Passwords

Krebs on Security

A recent phishing campaign targeting Coinbase users shows thieves are getting cleverer about phishing one-time passwords (OTPs) needed to complete the login process. In each case, the phishers manually would push a button that caused the phishing site to ask visitors for more information, such as the one-time password from their mobile app.

Passwords 345