Data Breach Today

APRIL 29, 2024

Law Bans Universal Default Passwords; Requires Bug-Reporting Channels, Update Plan Say goodbye to buying internet of things devices in Britain with a default or hardcoded password set to "12345," as the country has banned manufacturers from shipping internet-connected and network-connected devices that don't comply with minimum cybersecurity standards. (..)

Cybersecurity 301

Cybersecurity IoT Manufacturing Passwords 301

KnowBe4

JANUARY 29, 2024

Passwords are part of every organization’s security risk profile. Just one weak password with access to an organization’s critical systems can cause a breach, take down a network or worse. Whether we like it or not, passwords are here to stay as a form of authentication.

Passwords 96

Passwords Authentication Risk Access 96

Data Breach Today

JUNE 11, 2021

Million Facebook Passwords Among Leaked Data; Raccoon Infostealer Suspected Some 26 million passwords were exposed in a 1.2 terabyte batch of data found by NordLocker, a security company.

Passwords 284

Passwords Security IT 284

Krebs on Security

MAY 7, 2022

Apple , Google and Microsoft announced this week they will soon support an approach to authentication that avoids passwords altogether, and instead requires users to merely unlock their smartphones to sign in to websites or online services. “I worry about forgotten password recovery for cloud accounts.” Image: Blog.google.

Passwords 240

Passwords Authentication Phishing Cloud 240

Security Affairs

APRIL 30, 2024

The UK National Cyber Security Centre (NCSC) orders smart device manufacturers to ban default passwords starting from April 29, 2024. National Cyber Security Centre (NCSC) is urging manufacturers of smart devices to comply with new legislation that bans default passwords. ” reads the announcement published by NCSC.

Passwords 105

Passwords Manufacturing IoT Retail 105

Security Affairs

MARCH 20, 2024

The Pokemon Company resets some users’ passwords in response to hacking attempts against some of its users. The Pokemon Company announced it had reset the passwords for some accounts after it had detected hacking attempts, Techcrunch first reported. The company was likely the target of credential stuffing attacks.

Passwords 106

Passwords Authentication IT Security 106

Krebs on Security

SEPTEMBER 29, 2021

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. An ad for the OTP interception service/bot “SMSRanger.”

Passwords 321

Passwords Authentication Phishing Access 321

Data Breach Today

OCTOBER 21, 2022

Poor Credential Hygiene Leaves Remote Services at Risk of Brute Force Attacks If remote access to corporate networks is only as secure as the weakest link, only some dreadfully weak passwords now stand between hackers and many organizations' most sensitive data, according to new research from Rapid7 into the two most widely used remote access protocols (..)

Passwords 269

Passwords Risk Access Security 269

Data Breach Today

FEBRUARY 5, 2024

Company Says Problem Remediated, All Security-Related Certificates Revoked Remote desktop application provider AnyDesk acknowledged hackers recently gained unauthorized access to the company's production systems in a cyberattack.

Passwords 261

Passwords Access Security IT 261

Data Breach Today

FEBRUARY 20, 2024

1Password CEO Says Acquisition Will Help Customers Achieve Zero Trust Objectives Jeff Shiner, CEO of the popular password management company 1Password, said Monday that the company is acquiring leading device security platform Kolide in response to the "historic transformation of the workplace that demands transformative and intuitive new security (..)

Security 243

Security Passwords 243

Data Breach Today

APRIL 9, 2021

Pets, Sports Teams, Notable Dates and Family Member Names Predominate, Experts Warn Loving your pet and creating tough-to-crack passwords should remain two distinctly separate activities. Unfortunately, Britain's National Cyber Security Center reports that more than 1 in 6 Brits admit to using the name of a pet as their password.

Passwords 290

Passwords Security 290

Data Breach Today

FEBRUARY 4, 2024

Company Says Problem Remediated, All Security-Related Certificates Revoked Remote desktop application provider AnyDesk acknowledged hackers recently gained unauthorized access to the company's production systems in a cyberattack.

Passwords 271

Passwords Access Security IT 271

Troy Hunt

MARCH 10, 2021

Pwned Passwords is a repository of 613M passwords exposed in previous data breaches, which makes them very poor choices for future use. They're totally free and they have a really cool anonymity API that ensures no useful information about the password being searched for is ever exposed.

Passwords 139

Passwords Security IoT Data breaches 139

KnowBe4

OCTOBER 11, 2023

Our login credentials of a username and password are sometimes all that stands between our personal identifiable information and cybercriminals. Count Hackula could be waiting in the shadows to bite on your weak or reused password.

Passwords 108

Passwords Cybersecurity Security IT 108

Security Affairs

SEPTEMBER 27, 2023

DarkBeam, a digital risk protection firm, left an Elasticsearch and Kibana interface unprotected, exposing records with user emails and passwords from previously reported and non-reported data breaches. Similar databases – large combinations of email and password pairs – have been leaked in the past. billion records.

Passwords 140

Passwords Data breaches Phishing Risk 140

Data Breach Today

MAY 7, 2020

Ransomware Gangs Keep Pwning Poorly Secured Remote Desktop Protocol Endpoints In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique.

Passwords 254

Passwords Ransomware Security IT 254

Data Breach Today

OCTOBER 19, 2022

KnowBe4, Visa Execs Call for Change at FIDO Alliance's Authenticate Conference Multifactor authentication needs to move away from one-time passwords sent via text message and embrace modern standards that prevent man-in-the-middle attacks.

Passwords 130

Passwords Authentication Security 130

KnowBe4

MAY 4, 2023

It's World Password Day! This holiday is to ensure everyone always practices good password hygiene. This year, we wanted to share the best password resources with you to share with your users.

Passwords 80

Passwords Security IT 80

Security Affairs

MAY 18, 2023

A researcher published a PoC tool to retrieve the master password from KeePass by exploiting the CVE-2023-32784 vulnerability. Security researcher Vdohney released a PoC tool called KeePass 2.X X Master Password Dumper that allows retrieving the master password for KeePass. x versions. “In KeePass 2.x x versions.

Passwords 98

Passwords Encryption Security Access 98

Dark Reading

MAY 25, 2023

The streaming giant is looking to bolster flagging subscription growth and profits, but security researchers say the move offers a perfect opportunity to encourage better password hygiene and account safety.

Passwords 77

Passwords Security 77

Schneier on Security

OCTOBER 11, 2023

This is not the first time Cisco products have had hard-coded passwords made public. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user. You’d think it would learn.

Passwords 137

Passwords IT 137

Krebs on Security

AUGUST 5, 2019

If you bank online and choose weak or re-used passwords, there’s a decent chance your account could be pilfered by cyberthieves — even if your bank offers multi-factor authentication as part of its login process. Crooks are constantly probing bank Web sites for customer accounts protected by weak or recycled passwords.

Passwords 250

Passwords Risk Authentication Phishing 250

Security Affairs

JANUARY 5, 2024

The MyEstatePoint Property Search app leaked data on nearly half a million of its users, exposing their names and plain-text passwords, the Cybernews research team has found. Scammers can use email addresses and plain text passwords for various attacks.

Passwords 103

Passwords Marketing Privacy Access 103

Schneier on Security

FEBRUARY 1, 2023

This is the result of a security audit: More than a fifth of the passwords protecting network accounts at the US Department of the Interior—including Password1234, Password1234!, The audit uncovered another security weakness—the failure to consistently implement multi-factor authentication (MFA). and ChangeItN0w!—were

Passwords 100

Passwords Authentication Government Security 100

Data Breach Today

APRIL 19, 2019

Millions of Instagram Users Affected by Plain-Text Password Storage Two security issues disclosed by Facebook over the past month are worse than first thought, adding to a harrowing series of data-handling mishaps by the social network. Millions of Instagram users had their plain-text passwords stored, and 1.5

Passwords 246

Passwords Security 246

eSecurity Planet

MARCH 8, 2022

The average internet user has somewhere around 100 accounts, according to NordPass research, meaning they have to track 100 different passwords or risk using the same one over and over. Users can share password files securely with encrypted transmissions. Vault health reports Directory sync Secure password sharing.

Passwords 131

Passwords Encryption GDPR Compliance 131

Outpost24

MARCH 14, 2022

Weak password report reveals password reuse problem. Password security. New data recently released shows that setting strong passwords might not be enough in an increasingly volatile cybersecurity landscape. Find out why you need to prioritize user password security. Florian Barre.

Passwords 98

Passwords Data breaches Cybersecurity Security 98

Data Breach Today

FEBRUARY 20, 2019

Popular Password Managers for Windows Fail to Tidy Up Before Locking Up Shop A security audit of popular password manager has revealed some concerning weaknesses. But the research shows that some password managers need to more thoroughly scrub data left in memory.

Passwords 259

Passwords Security 259

Data Breach Today

SEPTEMBER 14, 2021

Use of LOLBins, GitHub Tools and Cobalt Strike Also Widespread, Researchers Say The top three tactics attackers have been using to break into corporate and government networks are brute-forcing passwords, exploiting unpatched vulnerabilities, and social engineering via malicious emails, says security firm Kaspersky in a roundup of its 2020 incident (..)

Passwords 167

Passwords Government Security IT 167

Data Breach Today

MARCH 21, 2019

Facebook Under Fresh Scrutiny Over How It Stored User Passwords Facebook has corrected an internal security issue that allowed the company to store millions of user passwords in plaintext that were then available to employees through an internal search tool.

Passwords 261

Passwords Security IT 261

Schneier on Security

JULY 4, 2023

Amusing parody of password rules. BoingBoing : For example, at a certain level, your password must include today’s Wordle answer. And then there’s rule #27: “At least 50% of your password must be in the Wingdings font.”

Passwords 78

Passwords 78

Security Affairs

JANUARY 29, 2024

A flaw in Microsoft Outlook can be exploited to access NTLM v2 hashed passwords by tricking users into opening a specially crafted file. The vulnerability CVE-2023-35636 impacting Microsoft Outlook is a Microsoft Outlook information disclosure issue that could be exploited by threat actors to access NT LAN Manager (NTLM) v2 hashed passwords.

Passwords 113

Passwords Authentication Access Security 113

Security Affairs

MAY 29, 2021

The FBI is going to share compromised passwords discovered during investigations with Have I Been Pwned (HIBP)’s ‘Pwned Passwords’ service. The Pwned Passwords service allows users to search for known compromised passwords and discover how many times they have been found in past data breaches.

Passwords 111

Passwords Data breaches Mining IT 111

KnowBe4

JANUARY 11, 2023

An internal US Government agency audit audit showed that a fifth of passwords were easy to crack. Their recently published study showed that hashes for well over 80,000 AD accounts included passwords like Password1234, Password1234!, Some excellent work here. and ChangeItN0w!

Passwords 88

Passwords Security Government 88

Security Affairs

AUGUST 5, 2020

ZDNet reported in exclusive that a list of passwords for 900+ enterprise VPN servers has been shared on a Russian-speaking hacker forum. ZDNet has reported in exclusive that a list of plaintext usernames and passwords for 900 Pulse Secure VPN enterprise servers, along with IP addresses, has been shared on a Russian-speaking hacker forum.

Passwords 135

Passwords Security Ransomware Military 135

Data Breach Today

FEBRUARY 22, 2019

The latest edition of the ISMG Security Report describes vulnerabilities found in popular password generator apps. Plus, the evolution of blockchain as a utility and a new decryptor for GandCrab ransomware.

Passwords 196

Passwords Blockchain Ransomware Security 196

Krebs on Security

MAY 6, 2024

But researchers at Leviathan Security say they’ve discovered it’s possible to abuse an obscure feature built into the DHCP protocol so that other users on the local network are forced to connect to a rogue DHCP server. VPNs work by creating a virtual network interface that serves as an encrypted tunnel for communications.

IT 263

IT Security Encryption Passwords 263