Passwords - Information Management Today

Chinese threat actors use Quad7 botnet in password-spray attacks

Security Affairs

NOVEMBER 3, 2024

Microsoft warns Chinese threat actors are using the Quad7 botnet to carry out password-spray attacks and steal credentials. Chinese threat actors use the Quad7 botnet in password-spray attacks to steal credentials, Microsoft warns. ” concludes Microsoft.

Passwords

Passwords Access Cloud Government

A large botnet targets M365 accounts with password spraying attacks

Security Affairs

FEBRUARY 24, 2025

A botnet of 130,000+ devices is attacking Microsoft 365 accounts via password-spraying, bypassing MFA by exploiting basic authentication. SecurityScorecard researchers discovered a botnet of over 130,000 devices that is conducting password-spray attacks against Microsoft 365 (M365) accounts worldwide. ” concludes the report.

Passwords

Passwords Authentication Access Cybersecurity

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

Security Affairs

JANUARY 15, 2025

A previously unknown threat actor released config files and VPN passwords for Fortinet FortiGate devices on a popular cybercrime forum. A previously unknown threat actor named Belsen Group published configuration files and VPN passwords for over 15,000 Fortinet FortiGate appliances. “2025 will be a fortunate year for the world.

Passwords

Passwords Security IT Data breaches

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

A bug in Chrome Password Manager caused user credentials to disappear

Security Affairs

JULY 26, 2024

Google addressed a Chrome’s Password Manager bug that caused user credentials to disappear temporarily for more than 18 hours. Google has addressed a bug in Chrome’s Password Manager that caused user credentials to disappear temporarily. Users can save passwords, however it was not visible to them.

Passwords

Passwords IT Information Security Security

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Trusted by millions of individuals and thousands of organizations, Keeper is the leader for best-in-class password and passkey management, secrets management, privileged access, secure remote access and encrypted messaging.

Passwords

National Public Data Published Its Own Passwords

Krebs on Security

AUGUST 19, 2024

KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available from its homepage until today. In April, a cybercriminal named USDoD began selling data stolen from NPD.

Passwords

Passwords IT Archiving Data breaches

How to generate random passwords from the Linux command line

Collaboration 2.0

MARCH 4, 2025

Need a strong, random password? Linux makes it incredibly easy to generate one - no password manager required.

Passwords

Passwords IT

DarkBeam leaks billions of email and password combinations

Security Affairs

SEPTEMBER 27, 2023

DarkBeam, a digital risk protection firm, left an Elasticsearch and Kibana interface unprotected, exposing records with user emails and passwords from previously reported and non-reported data breaches. Similar databases – large combinations of email and password pairs – have been leaked in the past. billion records.

Passwords

Passwords Data breaches Phishing Risk

RockYou2024 compilation containing 10 billion passwords was leaked online

Security Affairs

JULY 8, 2024

Threat actors leaked the largest password compilation ever, known as RockYou2024, on a popular hacking forum. The Cybernews researchers reported that threat actors leaked the largest password compilation ever, known as RockYou2024, on a popular hacking forum. billion passwords from various internet data leaks. RockYou2021 had 8.4

Passwords

Passwords Data breaches Risk IT

Pokemon Company resets some users’ passwords

Security Affairs

MARCH 20, 2024

The Pokemon Company resets some users’ passwords in response to hacking attempts against some of its users. The Pokemon Company announced it had reset the passwords for some accounts after it had detected hacking attempts, Techcrunch first reported. The company was likely the target of credential stuffing attacks.

Passwords

Passwords Authentication IT Security

Cisco warns of password-spraying attacks targeting Secure Firewall devices

Security Affairs

MARCH 29, 2024

Cisco warns customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services of Cisco Secure Firewall devices. Cisco is warning customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services configured on Cisco Secure Firewall devices. ” reads the report.

Passwords

Passwords Security Authentication Access

MyEstatePoint Property Search Android app leaks user passwords

Security Affairs

JANUARY 5, 2024

The MyEstatePoint Property Search app leaked data on nearly half a million of its users, exposing their names and plain-text passwords, the Cybernews research team has found. Scammers can use email addresses and plain text passwords for various attacks. However, the instance has been closed off since.

Passwords

Passwords Marketing Privacy Access

NCSC: New UK law bans default passwords on smart devices

Security Affairs

APRIL 30, 2024

The UK National Cyber Security Centre (NCSC) orders smart device manufacturers to ban default passwords starting from April 29, 2024. National Cyber Security Centre (NCSC) is urging manufacturers of smart devices to comply with new legislation that bans default passwords. ” reads the announcement published by NCSC.

Passwords

Passwords Manufacturing IoT Retail

A critical flaw in Cisco SSM On-Prem allows attackers to change any user’s password

Security Affairs

JULY 17, 2024

A vulnerability in Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers allows threat actors to change any user’s password. The issue is due to an improper implementation in the password-change process. “This vulnerability is due to improper implementation of the password-change process. .

Passwords

Passwords Authentication Access Security

Anyone Can Trick AI Bots into Spilling Passwords

Data Breach Today

MAY 22, 2024

Thousands of People Tricked Bots into Revealing Sensitive Data in Lab Setting It doesn't take a skilled hacker to glean sensitive information anymore: all you need to trick a chatbot into spilling someone else's passwords is "creativity."

Passwords

Passwords IT

These 10 weak passwords can leave you vulnerable to remote desktop attacks

Collaboration 2.0

MARCH 19, 2025

Is your password on the list? If so - tsk, tsk.

Passwords

NIST Calls for Major Overhaul in Typical Password Practices

Data Breach Today

SEPTEMBER 26, 2024

Draft Guidelines Call for Longer, Randomized Passwords Instead of Memorized Phrases The National Institute of Standards and Technology is calling for longer, randomized passwords instead of memorized phrases containing combinations of upper and lowercase letters in new guidance that aims to modernize current password practices across the public and (..)

Passwords

Apple iOS 18.0.1 and iPadOS 18.0.1 fix media session and passwords bugs

Security Affairs

OCTOBER 4, 2024

update that addressed two vulnerabilities that exposed passwords and audio snippets to attackers. The vulnerability CVE-2024-44204 is a logic issue that could potentially enable VoiceOver to read aloud users’ saved passwords. Apple released iOS 18.0.1 Apple released iOS 18.0.1 and iPadOS 18.0.1

Passwords

Passwords IT Information Security Security

Bitwarden vs. 1Password: Which password manager is best?

Collaboration 2.0

NOVEMBER 12, 2024

Bitwarden offers secure, budget-friendly password management, while 1Password puts a premium on user experience. Here's how to decide between the two.

Passwords

Passwords Security

Internet Archive data breach impacted 31M users

Security Affairs

OCTOBER 11, 2024

31M records breached The breach exposed user records including email addresses, screen names and bcrypt password hashes. HIBP confirmed that the stolen archive had 31M records, including email address, screen name, bcrypt password hash, and timestamps for password changes. Internet Archive hacked.

Archiving

Archiving Data breaches Passwords File names

How Researchers Cracked an 11-Year-Old Password to a $3 Million Crypto Wallet

WIRED Threat Level

MAY 28, 2024

Thanks to a flaw in a decade-old version of the RoboForm password manager and a bit of luck, researchers were able to unearth the password to a crypto wallet containing a fortune.

Passwords

Passwords Blockchain Security

Experts detailed Microsoft Outlook flaw that can leak NTLM v2 hashed passwords

Security Affairs

JANUARY 29, 2024

A flaw in Microsoft Outlook can be exploited to access NTLM v2 hashed passwords by tricking users into opening a specially crafted file. The vulnerability CVE-2023-35636 impacting Microsoft Outlook is a Microsoft Outlook information disclosure issue that could be exploited by threat actors to access NT LAN Manager (NTLM) v2 hashed passwords.

Passwords

Passwords Authentication Access Security

FBI warns of malicious free online document converters spreading malware

Security Affairs

MARCH 24, 2025

They can also steal personal data, banking details, cryptocurrency info, emails, and passwords by scraping the files the users upload. If users fall victim to this scam, immediately contact their financial institutions, secure their accounts, and change all passwords using a trusted device. Reporting the incident to IC3.gov

Passwords

Passwords Ransomware Personal data Risk

Bitdefender released a decryptor for the ShrinkLocker ransomware

Security Affairs

NOVEMBER 13, 2024

Then, it re-encrypts the system using a randomly generated password. This unique password is uploaded to a server controlled by the attacker. The random password is generated from network traffic and memory data, making brute-forcing difficult.

Ransomware

Ransomware Encryption Passwords Authentication

7 essential password rules to follow in 2024, according to security experts

Collaboration 2.0

OCTOBER 25, 2024

What makes a password strong now? How long should it be? How often should you change it? Here's what the cybersecurity pros at NIST recommend - some of which may surprise you.

Passwords

Passwords Cybersecurity Security IT

Zello urges users to reset passwords following a cyber attack

Security Affairs

NOVEMBER 28, 2024

Zello urges customers with accounts created before November 2 to reset passwords following a potential security breach. Zello is warning customers who have an account created before November 2 to reset their passwords, a circumstance that suggests that the incident took place on November 2. ” reads the security notice.

Passwords

Passwords Data breaches Security IT

The best password manager for families in 2025: Expert tested and reviewed

Collaboration 2.0

JANUARY 16, 2025

The best password managers provide security, privacy, and ease of use for a reasonable price. We tested the best ones to help you find what's best for your family.

Passwords

Passwords Privacy Security

7 ways to get more out of your Bitwarden password manager

Collaboration 2.0

JANUARY 16, 2025

Bitwarden is one of the best password managers on the market, but are you using it effectively? Here are a few tips to ensure you are.

Passwords

Passwords Marketing IT

The best password generator of 2025: Expert tested

Collaboration 2.0

FEBRUARY 24, 2025

Password generators help you create secure and formidable passwords to keep your information safe online. Our top picks include features with passcode creators, long character limits, and passphrase generators.

Passwords

Passwords Security

Proton Pass vs. 1Password: Which password manager is right for you?

Collaboration 2.0

FEBRUARY 5, 2025

Proton Pass and 1Password offer secure password safekeeping with similarly priced plans. Still, one service may suit your needs better than the other. Here's how to pick the right one.

Passwords

Passwords Security

The best password managers for Android of 2025: Expert tested

Collaboration 2.0

MARCH 28, 2025

A password manager compatible with your smartphone is a must-have. We tested the best password managers for Android, with features like encrypted sharing, passkey support, and more.

Passwords

Passwords Encryption

The best password managers for businesses in 2025: Expert tested

Collaboration 2.0

JANUARY 24, 2025

These are the best password managers for businesses on the market, whether you own a small business or need an enterprise-grade security solution.

Passwords

Passwords Marketing Security

Threat actor says Interbank refused to pay the ransom after a two-week negotiation

Security Affairs

OCTOBER 31, 2024

Alleged stolen data includes personal info, credit card details, CVVs, passwords, and API credentials. A threat actor that uses the moniker ‘kzoldyck’ claims the leak of 3.7 TB of company data related to 3 million customers.

Data breaches

Data breaches Financial Services Passwords Security

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

Security Affairs

NOVEMBER 15, 2024

The malware could harvest a huge trove of data from infected systems, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information. Glove Stealer is a.NET-based information stealer that targets browser extensions and locally installed software to steal sensitive data.

Encryption

Encryption File names Phishing Passwords

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

Security Affairs

JANUARY 15, 2025

A previously unknown threat actor released config files and VPN passwords for Fortinet FortiGate devices on a popular cybercrime forum. A previously unknown threat actor named Belsen Group published configuration files and VPN passwords for over 15,000 Fortinet FortiGate appliances. “2025 will be a fortunate year for the world.

Passwords

Passwords Security IT

Around 3.3 million POP3 and IMAP mail servers lack TLS encryption

Security Affairs

JANUARY 3, 2025

Passwords for mail access could be intercepted, and exposed services may allow password guessing attacks on the server. “This means that passwords used for mail access may be intercepted. Additionally, service exposure may enable password guessing attacks against the server.” We see around 3.3M

Encryption

Encryption Passwords Access Communications

News alert: INE Security shares cyber hygiene guidance for small- and medium-sized businesses

The Last Watchdog

OCTOBER 23, 2024

Tip 2: Implementing Strong Password Policies Weak passwords can be easily compromised, giving attackers access to sensitive systems and data. LastPass reports that 80% of all hacking-related breaches leveraged either stolen and/or weak passwords.

Security

Security Data breaches Passwords Cybersecurity

Banshee macOS stealer supports new evasion mechanisms

Security Affairs

JANUARY 10, 2025

Researchers at Elastic Security Labs who first analyzed the malware confirmed it can steal keychain passwords and data from multiple browsers. Additionally, the malware was avoiding targeting systems where Russian is the primary language.

Archiving

Archiving Phishing Encryption Passwords

A critical flaw in Kubernetes Image Builder could allow attackers to gain root access

Security Affairs

OCTOBER 17, 2024

The fixed version sets a randomly-generated password for the duration of the image build and it disables the builder account at the conclusion of the image build. .” The vulnerability was discovered by the cybersecurity researcher Nicolai Rybnikar Rybnikar Enterprises GmbH. The flaw has been fixed in version 0.1.38.

Access

Access Passwords Cybersecurity Security

Proton Pass review: A highly secure password manager with easy to overlook flaws

Collaboration 2.0

JANUARY 13, 2025

Proton Pass offers interoperability with Proton VPN and Proton Mail, along with a host of security features compatible with most devices and operating systems.

Passwords

Passwords Security

Mirai botnet targets SSR devices, Juniper Networks warns

Security Affairs

DECEMBER 19, 2024

Juniper Networks warns that a Mirai botnet is targeting SSR devices with default passwords after unusual activity was reported on December 11, 2024. Juniper Networks is warning that a Mirai botnet is targeting Session Smart Router (SSR) products with default passwords. “The impacted systems were all using default passwords.”

Passwords

Passwords Access Risk Security

The source code of Banshee Stealer leaked online

Security Affairs

NOVEMBER 26, 2024

Researchers at Elastic Security Labs analyzed the malware and confirmed it can steal keychain passwords and data from multiple browsers. The discovery of the malware highlights the growing focus on macOS-specific malware as the platform becomes a more frequent target for cybercriminals.

Archiving

Archiving Encryption Passwords IT

Iran and China-linked actors used ChatGPT for preparing attacks

Security Affairs

OCTOBER 11, 2024

Attackers also used it for code debugging assistance. “The tasks the CyberAv3ngers asked our models in some cases focused on asking for default username and password combinations for various PLCs. In some cases, the details of these requests suggested an interest in, or targeting of, Jordan and Central Europe.

Phishing

Phishing Passwords Security IT

DeepSeek database exposed highly sensitive information

Security Affairs

JANUARY 30, 2025

Not only an attacker could retrieve sensitive logs and actual plain-text chat messages, but they could also potentially exfiltrate plaintext passwords and local files along propriety information directly from the server using queries like:SELECT * FROM file(‘filename’) depending ontheirClickHouse configuration.”

Metadata

Metadata Authentication Access Passwords

Chinese threat actors use Quad7 botnet in password-spray attacks

A large botnet targets M365 accounts with password spraying attacks

Webinars

Trending Sources

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

Webinars

A bug in Chrome Password Manager caused user credentials to disappear

Prevent Data Breaches With Zero-Trust Enterprise Password Management

National Public Data Published Its Own Passwords

How to generate random passwords from the Linux command line

DarkBeam leaks billions of email and password combinations

RockYou2024 compilation containing 10 billion passwords was leaked online

Pokemon Company resets some users’ passwords

Cisco warns of password-spraying attacks targeting Secure Firewall devices

MyEstatePoint Property Search Android app leaks user passwords

NCSC: New UK law bans default passwords on smart devices

A critical flaw in Cisco SSM On-Prem allows attackers to change any user’s password

Anyone Can Trick AI Bots into Spilling Passwords

These 10 weak passwords can leave you vulnerable to remote desktop attacks

NIST Calls for Major Overhaul in Typical Password Practices

Apple iOS 18.0.1 and iPadOS 18.0.1 fix media session and passwords bugs

Bitwarden vs. 1Password: Which password manager is best?

Internet Archive data breach impacted 31M users

How Researchers Cracked an 11-Year-Old Password to a $3 Million Crypto Wallet

Experts detailed Microsoft Outlook flaw that can leak NTLM v2 hashed passwords

FBI warns of malicious free online document converters spreading malware

Bitdefender released a decryptor for the ShrinkLocker ransomware

7 essential password rules to follow in 2024, according to security experts

Zello urges users to reset passwords following a cyber attack

The best password manager for families in 2025: Expert tested and reviewed

7 ways to get more out of your Bitwarden password manager

The best password generator of 2025: Expert tested

Proton Pass vs. 1Password: Which password manager is right for you?

The best password managers for Android of 2025: Expert tested

The best password managers for businesses in 2025: Expert tested

Threat actor says Interbank refused to pay the ransom after a two-week negotiation

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

Around 3.3 million POP3 and IMAP mail servers lack TLS encryption

News alert: INE Security shares cyber hygiene guidance for small- and medium-sized businesses

Banshee macOS stealer supports new evasion mechanisms

A critical flaw in Kubernetes Image Builder could allow attackers to gain root access

Proton Pass review: A highly secure password manager with easy to overlook flaws

Mirai botnet targets SSR devices, Juniper Networks warns

The source code of Banshee Stealer leaked online

Iran and China-linked actors used ChatGPT for preparing attacks

DeepSeek database exposed highly sensitive information

Stay Connected