Krebs on Security

JANUARY 11, 2021

Ubiquiti , a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. Change your password. Click on ‘Security’ from the left-hand menu.

Passwords 338

Passwords Authentication Cloud IoT 338

Data Breach Today

JUNE 27, 2022

FIDO Alliance Leader Andrew Shikiar on New Deal With Google, Apple and Microsoft Tired of keeping track of passwords?

Passwords 264

Passwords 264

Krebs on Security

SEPTEMBER 29, 2021

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. An ad for the OTP interception service/bot “SMSRanger.”

Passwords 330

Passwords Authentication Phishing Access 330

The Last Watchdog

NOVEMBER 22, 2021

Until biometrics or a quantum solution change our everyday approach to encryption, passwords remain our first line of defense against data breaches, hackers, and thieves. Proper password hygiene doesn’t require a degree in rocket science. 1) Create sufficiently-complex passwords. But simpler passwords are much easier to hack.

Passwords 218

Passwords Data breaches Security Encryption 218

Data Breach Today

JUNE 11, 2021

Million Facebook Passwords Among Leaked Data; Raccoon Infostealer Suspected Some 26 million passwords were exposed in a 1.2 terabyte batch of data found by NordLocker, a security company. It's workaday botnet data, but it highlights a hostile malware landscape, particularly for people still inclined to download pirated software.

Passwords 290

Passwords Security IT 290

Data Breach Today

OCTOBER 21, 2022

Poor Credential Hygiene Leaves Remote Services at Risk of Brute Force Attacks If remote access to corporate networks is only as secure as the weakest link, only some dreadfully weak passwords now stand between hackers and many organizations' most sensitive data, according to new research from Rapid7 into the two most widely used remote access protocols (..)

Passwords 274

Passwords Risk Access Security 274

Data Breach Today

NOVEMBER 28, 2020

Agency Says Hackers Can Use a Known Bug for Further Exploitation CISA is warning about a possible password leak that could affect vulnerable Fortinet VPNs and lead to further exploitation.

Passwords 363

Passwords 363

Krebs on Security

APRIL 2, 2020

But without the protection of a password, there’s a decent chance your next Zoom meeting could be “Zoom bombed” — attended or disrupted by someone who doesn’t belong. zWarDial, an automated tool for finding non-password protected Zoom meetings.

Passwords 363

Passwords Security Privacy Access 363

Krebs on Security

MAY 4, 2021

When normal computer users fall into the nasty habit of recycling passwords, the result is most often some type of financial loss. Our passwords can say a lot about us, and much of what they have to say is unflattering. Interestingly, one of the more common connections involves re-using or recycling passwords across multiple accounts.

Passwords 319

Passwords Security Ransomware Access 319

Krebs on Security

MAY 7, 2022

Apple , Google and Microsoft announced this week they will soon support an approach to authentication that avoids passwords altogether, and instead requires users to merely unlock their smartphones to sign in to websites or online services. “I worry about forgotten password recovery for cloud accounts.” Image: Blog.google.

Passwords 234

Passwords Phishing Authentication Data breaches 234

Data Breach Today

DECEMBER 23, 2022

While Unencrypted Data Also Stolen, Experts Urge Continued Use of Password Managers The attack earlier this year that compromised systems and data at LastPass is more extensive than the password management software provider previously revealed.

Passwords 130

Passwords Encryption Cloud 130

Dark Reading

MAY 5, 2023

KnowBe4 is offering a no-cost password kit to help end users practice good password hygiene and strengthen their defenses against social engineering.

Passwords 90

Passwords 90

Data Breach Today

JUNE 2, 2022

Lookout Plans to Expand SaferPass Beyond Consumers and SMBs and Into the Enterprise Lookout has bought password management provider SaferPass to provide carriers distributing the company's consumer app with more capabilities in a single place.

Passwords 240

Passwords IT 240

Dark Reading

APRIL 11, 2023

Password managers aren't foolproof, but they do help mitigate risks from weak credentials and password reuse. Following best practices can contribute to a company's defenses.

Passwords 122

Passwords Risk 122

KnowBe4

MAY 4, 2023

It's World Password Day! This holiday is to ensure everyone always practices good password hygiene. This year, we wanted to share the best password resources with you to share with your users.

Passwords 80

Passwords Security IT 80

Data Breach Today

JANUARY 16, 2023

Password Managers Remain Attractive Targets for Hackers Gen Digital, owner of the Norton LifeLock brand, is notifying more than 6,000 U.S. individuals that hackers might have the valid credentials for logging onto their Norton Password Manager after the company detected a credential stuffing attack in December.

Passwords 130

Passwords Risk 130

Data Breach Today

APRIL 26, 2021

Malware Installed in Update Mechanism Enabled Data Exfiltration Attackers implanted malware into Click Studios' Passwordstate password manager update process, potentially exposing 29,000 users to exfiltration of passwords and other data, the company reports.

Passwords 227

Passwords 227

Krebs on Security

MAY 10, 2021

One financial startup that’s targeting the gig worker market is offering up to $500 to anyone willing to hand over the payroll account username and password given to them by their employer, plus a regular payment for each month afterwards in which those credentials still work. This ad, from workplaceunited[.]com, Click to enlarge.

Passwords 262

Passwords Access Phishing Security 262

Data Breach Today

APRIL 9, 2021

Pets, Sports Teams, Notable Dates and Family Member Names Predominate, Experts Warn Loving your pet and creating tough-to-crack passwords should remain two distinctly separate activities. Unfortunately, Britain's National Cyber Security Center reports that more than 1 in 6 Brits admit to using the name of a pet as their password.

Passwords 293

Passwords Security 293

Schneier on Security

FEBRUARY 1, 2023

This is the result of a security audit: More than a fifth of the passwords protecting network accounts at the US Department of the Interior—including Password1234, Password1234!, and ChangeItN0w!—were

Passwords 106

Passwords Security Authentication Government 106

Data Breach Today

JUNE 2, 2020

Researchers Call on Breached Companies to Revamp Notification Even after being notified that their personal data has been compromised in a breach, only about a third of users change their passwords - and most are not strong or unique, according to a study by researchers at Carnegie Mellon University, who call for changes in breach notification procedures. (..)

Passwords 281

Passwords Personal data 281

Dark Reading

MARCH 23, 2023

Accidentally typing a password in the username field of the platform saves them to audit logs, to which threat actors can gain access and use to compromise enterprise services.

Passwords 126

Passwords Access 126

Troy Hunt

FEBRUARY 9, 2023

I think I've pretty much captured it all in the title of this post but as of about a day ago, Pwned Passwords now has full parity between the SHA-1 hashes that have been there since day 1 and NTLM hashes. So, Chief Pwned Passwords Wrangler Stefán Jökull Sigurðarson got to work and just went ahead and built it all for you.

Passwords 121

Passwords IT 121

Dark Reading

MAY 25, 2023

The streaming giant is looking to bolster flagging subscription growth and profits, but security researchers say the move offers a perfect opportunity to encourage better password hygiene and account safety.

Passwords 83

Passwords Security 83

Data Breach Today

JULY 6, 2020

Andrew Shikiar Describes Alliance's Latest Initiatives and How to Overcome Barriers Andrew Shikiar, executive director at the FIDO Alliance, offers an update on the group's efforts to reduce reliance on passwords and discusses how to overcome barriers.

Passwords 276

Passwords 276

Security Affairs

MAY 29, 2021

The FBI is going to share compromised passwords discovered during investigations with Have I Been Pwned (HIBP)’s ‘Pwned Passwords’ service. The Pwned Passwords service allows users to search for known compromised passwords and discover how many times they have been found in past data breaches.

Passwords 132

Passwords Data breaches Mining Security 132

Troy Hunt

DECEMBER 19, 2021

In the last month, there were 1,260,000,000 occasions where a service somewhere checked a password against Have I Been Pwned's (HIBP's) Pwned Password API. It looks like this: There are all sorts of amazing Pwned Passwords use cases out there. Fast forward to now and that ingestion pipeline is finally live.

Passwords 144

Passwords Privacy Risk Cloud 144

Data Breach Today

MAY 7, 2020

Ransomware Gangs Keep Pwning Poorly Secured Remote Desktop Protocol Endpoints In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique.

Passwords 255

Passwords Ransomware Security IT 255

Schneier on Security

OCTOBER 12, 2022

Researchers have used thermal cameras and ML guessing techniques to recover passwords from measuring the residual heat left by fingers on keyboards. From the abstract: We detail the implementation of ThermoSecure and make a dataset of 1,500 thermal images of keyboards with heat traces resulting from input publicly available.

Passwords 132

Passwords Security 132

KnowBe4

JUNE 9, 2022

In KnowBe4’s new Password Policy ebook, What Your Password Policy Should Be , we recommend that all users use a password manager to create and use perfectly random passwords. A perfectly random 12-character or longer password is impervious to all known password guessing and cracking attacks.

Passwords 111

Passwords Risk Security 111

Data Breach Today

OCTOBER 4, 2022

Passwords are supported everywhere. In this episode of "Cybersecurity Unplugged," Shikiar discusses how to move beyond passwords. But, says Andrew Shikiar, executive director of the FIDO Alliance, "they have been proven time and time again to simply be unfit for today's networked economy."

Passwords 130

Passwords Cybersecurity 130

The Last Watchdog

APRIL 28, 2022

Passwords have become ubiquitous with digital. The humble password is nothing more than a digital key that opens a door. And they use passwords to open a device, a system, an account, a file and so on. Which begs the question: why do people create their own passwords? Yet most people don’t know how to use them properly.

Passwords 186

Passwords Phishing Encryption Cybersecurity 186

eSecurity Planet

NOVEMBER 29, 2022

Group-IB cybersecurity researchers recently identified several Russian-speaking cybercrime groups offering infostealing malware-as-a-service (MaaS), resulting in the theft of more than 50 million passwords thus far. Don’t save passwords in browser. Read next: Best Password Management Software & Tools.

Passwords 112

Passwords Phishing Cybersecurity Mining 112

Schneier on Security

SEPTEMBER 26, 2022

Sometimes browser spellcheckers leak passwords : When using major web browsers like Chrome and Edge, your form data is transmitted to Google and Microsoft, respectively, should enhanced spellcheck features be enabled.

Passwords 124

Passwords Insurance Cloud Security 124

Dark Reading

JANUARY 13, 2023

Password manager accounts may have, ironically, been compromised via simple credential stuffing, thanks to password reuse.

Passwords 135

Passwords 135

Pwnie Express

MARCH 14, 2022

Weak password report reveals password reuse problem. Password security. New data recently released shows that setting strong passwords might not be enough in an increasingly volatile cybersecurity landscape. Find out why you need to prioritize user password security. Florian Barre. Mon, 03/14/2022 - 10:54.

Passwords 98

Passwords Data breaches Cybersecurity Security 98

Schneier on Security

JULY 6, 2021

A vulnerability (just patched) in the random number generator used in the Kaspersky Password Manager resulted in easily guessable passwords: The password generator included in Kaspersky Password Manager had several problems. All the passwords it created could be bruteforced in seconds. We don’t know.

Passwords 143

Passwords Security IT 143