Data Breach Today

MAY 1, 2024

The vulnerability allows hackers to use the "forgot your password" function to send a reset link to an attacker-controlled inbox. US CISA Orders Federal Agencies to Apply January Patch The U.S. federal government's cybersecurity agency warned that hackers are exploiting a vulnerability in DevOps platform GitLab that was patched in January.

Passwords 281

Passwords Cybersecurity Government 281

Schneier on Security

SEPTEMBER 27, 2024

Verifiers and CSPs SHOULD permit a maximum password length of at least 64 characters. Verifiers and CSPs SHOULD accept all printing ASCII [RFC20] characters and the space character in passwords. Verifiers and CSPs SHOULD accept all printing ASCII [RFC20] characters and the space character in passwords. not truncate it).

Passwords 114

Passwords Authentication Access IT 114

Data Breach Today

OCTOBER 4, 2023

Uno's Design Wisdom Will Accelerate Rollout of Okta's First-Ever Consumer Product Okta bought a password manager founded by a former Google engineer and backed by Andreessen Horowitz to get a foothold in the consumer identity market.

Passwords 295

Passwords Marketing 295

Schneier on Security

JUNE 4, 2024

Interesting story of breaking the security of the RoboForm password manager in order to recover a cryptocurrency wallet password. If you knew the date and time and other parameters, you could compute any password that would have been generated on a certain date and time in the past.

Passwords 120

Passwords IT Security 120

Data Breach Today

JULY 10, 2024

Monetary Authority Responds to Surge in Phishing Scams That Impersonate Banks The Monetary Authority of Singapore said banks will phase out one-time passwords for bank account logins over the next three months for customers who use digital tokens to authenticate their identity.

Passwords 224

Passwords Phishing Authentication 224

Data Breach Today

SEPTEMBER 16, 2024

New Security Measures Follow High-Profile Hacks of Snowflake Customers Data warehousing platform Snowflake rolled out default MFA - as well as a 14-character password minimum - to shore up security in the wake of a series of cyberattacks in June that hit high-profile customers including Santander Bank, Advance Auto Parts, LA Unified School District (..)

Passwords 162

Passwords Security 162

Data Breach Today

OCTOBER 12, 2023

Also: Microsoft Will Bid VBSript Goodbye and A Novel Magecart Attack This week: Google began phasing out passwords, Microsoft will bid VBSript goodbye, payment card information exposed in Air Europa hack, Magecart attack uses sneaky 404 page tactic, U.S.

Passwords 264

Passwords 264

Collaboration 2.0

NOVEMBER 12, 2024

Bitwarden offers secure, budget-friendly password management, while 1Password puts a premium on user experience. Here's how to decide between the two.

Passwords 115

Passwords Security 115

Krebs on Security

OCTOBER 13, 2021

A recent phishing campaign targeting Coinbase users shows thieves are getting cleverer about phishing one-time passwords (OTPs) needed to complete the login process. In each case, the phishers manually would push a button that caused the phishing site to ask visitors for more information, such as the one-time password from their mobile app.

Passwords 351

Passwords Phishing Authentication Access 351

Krebs on Security

MAY 19, 2020

In January 2019, dozens of media outlets raised the alarm about a new “megabreach” involving the release of some 773 million stolen usernames and passwords that was breathlessly labeled “the largest collection of stolen data in history.” By far the most important passwords are those protecting our email inbox(es).

Passwords 351

Passwords Authentication Data breaches Archiving 351

Data Breach Today

SEPTEMBER 15, 2021

Windows Users Can Now Use Other Methods to Access Microsoft Products Microsoft has officially gone fully passwordless, allowing Windows users to replace their alphanumeric passwords with one of several substitute sign-in technologies to gain entry into a Microsoft product - a move received positively by industry insiders.

Passwords 344

Passwords Access 344

Data Breach Today

JUNE 10, 2021

Facebook Passwords, Valid Cookies Some 26 million passwords were exposed in a 1.2 Data Includes 1.5M terabyte batch of data found by NordLocker, a security company. It's workaday botnet data but highlights a hostile malware landscape, particularly for people still inclined to download pirated software.

Passwords 338

Passwords Security IT 338

Krebs on Security

JANUARY 11, 2021

Ubiquiti , a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. Change your password. Click on ‘Security’ from the left-hand menu.

Passwords 352

Passwords Authentication Cloud IoT 352

Data Breach Today

OCTOBER 13, 2023

Also: Microsoft Will Bid VBScript Goodbye; Magecart's Novel Page-Not-Found Attack This week: Google began phasing out passwords, Microsoft to bid VBScript goodbye, payment card information exposed in Air Europa hack, Magecart attack uses sneaky 404 page tactic, U.S.

Passwords 266

Passwords 266

Schneier on Security

MAY 2, 2024

The UK is the first country to ban default passwords on IoT devices. On Monday, the United Kingdom became the first country in the world to ban default guessable usernames and passwords from these IoT devices. Unique passwords installed by default are still permitted. This sort of thing benefits all of us everywhere.

Passwords 118

Passwords IoT Manufacturing Security 118

The Last Watchdog

NOVEMBER 22, 2021

Until biometrics or a quantum solution change our everyday approach to encryption, passwords remain our first line of defense against data breaches, hackers, and thieves. Proper password hygiene doesn’t require a degree in rocket science. 1) Create sufficiently-complex passwords. But simpler passwords are much easier to hack.

Passwords 244

Passwords Data breaches Personal data Encryption 244

Data Breach Today

SEPTEMBER 8, 2022

Vikas Malhotra of LastPass on Ways to Transition From Password to Passwordless Vikas Malhotra, country manager, LastPass, discusses establishing a password management program as the first line of defense in establishing user identity, followed by 2FA and MFA as the second step in the protection process.

Passwords 245

Passwords 245

Krebs on Security

APRIL 2, 2020

But without the protection of a password, there’s a decent chance your next Zoom meeting could be “Zoom bombed” — attended or disrupted by someone who doesn’t belong. zWarDial, an automated tool for finding non-password protected Zoom meetings.

Passwords 363

Passwords Privacy Security IT 363

Data Breach Today

JUNE 11, 2021

Million Facebook Passwords Among Leaked Data; Raccoon Infostealer Suspected Some 26 million passwords were exposed in a 1.2 terabyte batch of data found by NordLocker, a security company. It's workaday botnet data, but it highlights a hostile malware landscape, particularly for people still inclined to download pirated software.

Passwords 290

Passwords Security IT 290

Krebs on Security

MAY 4, 2021

When normal computer users fall into the nasty habit of recycling passwords, the result is most often some type of financial loss. Our passwords can say a lot about us, and much of what they have to say is unflattering. Interestingly, one of the more common connections involves re-using or recycling passwords across multiple accounts.

Passwords 334

Passwords Security IT Ransomware 334

KnowBe4

OCTOBER 3, 2024

This recent article on how a hacker used genealogy websites to help better guess victims' password reset answers made it a great time to share a suggestion: Don’t answer password reset questions with real answers!

Passwords 103

Passwords IT Security 103

Krebs on Security

SEPTEMBER 29, 2021

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. An ad for the OTP interception service/bot “SMSRanger.”

Passwords 341

Passwords Authentication Phishing Access 341

Data Breach Today

NOVEMBER 28, 2020

Agency Says Hackers Can Use a Known Bug for Further Exploitation CISA is warning about a possible password leak that could affect vulnerable Fortinet VPNs and lead to further exploitation.

Passwords 362

Passwords 362

Security Affairs

JULY 26, 2024

Google addressed a Chrome’s Password Manager bug that caused user credentials to disappear temporarily for more than 18 hours. Google has addressed a bug in Chrome’s Password Manager that caused user credentials to disappear temporarily. Users can save passwords, however it was not visible to them.

Passwords 139

Passwords IT Information Security Security 139

Security Affairs

JULY 8, 2024

Threat actors leaked the largest password compilation ever, known as RockYou2024, on a popular hacking forum. The Cybernews researchers reported that threat actors leaked the largest password compilation ever, known as RockYou2024, on a popular hacking forum. billion passwords from various internet data leaks. RockYou2021 had 8.4

Passwords 131

Passwords Data breaches Risk IT 131

Krebs on Security

MAY 7, 2022

Apple , Google and Microsoft announced this week they will soon support an approach to authentication that avoids passwords altogether, and instead requires users to merely unlock their smartphones to sign in to websites or online services. “I worry about forgotten password recovery for cloud accounts.” Image: Blog.google.

Passwords 253

Passwords Authentication Phishing Cloud 253

Data Breach Today

JUNE 27, 2022

FIDO Alliance Leader Andrew Shikiar on New Deal With Google, Apple and Microsoft Tired of keeping track of passwords?

Passwords 263

Passwords 263

KnowBe4

JANUARY 29, 2024

Passwords are part of every organization’s security risk profile. Just one weak password with access to an organization’s critical systems can cause a breach, take down a network or worse. Whether we like it or not, passwords are here to stay as a form of authentication.

Passwords 101

Passwords Authentication Risk Access 101

Krebs on Security

MAY 10, 2021

One financial startup that’s targeting the gig worker market is offering up to $500 to anyone willing to hand over the payroll account username and password given to them by their employer, plus a regular payment for each month afterwards in which those credentials still work. This ad, from workplaceunited[.]com, Click to enlarge.

Passwords 286

Passwords Access Marketing IT 286

Security Affairs

MARCH 29, 2024

Cisco warns customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services of Cisco Secure Firewall devices. Cisco is warning customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services configured on Cisco Secure Firewall devices. ” reads the report.

Passwords 131

Passwords Security Authentication Access 131

The Last Watchdog

MAY 26, 2021

We celebrated World Password Day on May 6, 2021. Every year, the first Thursday in May serves as a reminder for us to take control of our personal password strategies. Passwords are now an expected and typical part of our data-driven online lives. Passwords are now an expected and typical part of our data-driven online lives.

Passwords 182

Passwords Security Authentication Paper 182

Security Affairs

MARCH 20, 2024

The Pokemon Company resets some users’ passwords in response to hacking attempts against some of its users. The Pokemon Company announced it had reset the passwords for some accounts after it had detected hacking attempts, Techcrunch first reported. The company was likely the target of credential stuffing attacks.

Passwords 131

Passwords Authentication IT Security 131

IT Governance

JULY 10, 2024

A penetration tester’s take on the implications Cybernews researchers have found 9,948,575,739 unique plaintext passwords leaked on BreachForums, a popular hacking forum. On 4 July 2024, a threat actor called ‘ObamaCare’ leaked what is likely the largest password compilation to date, calling it “10 Billion Rockyou2024 Password Compilation”.

Passwords 101

Passwords Security Risk Data breaches 101

Security Affairs

SEPTEMBER 28, 2024

The Irish Data Protection Commission (DPC) fined Meta €91 million for storing the passwords of hundreds of millions of users in plaintext. In 2019, Meta disclosed that it had inadvertently stored some users’ passwords in plaintext on its internal systems, without encrypting them. ” reported Meta. ” reported Meta.

Passwords 131

Passwords Encryption GDPR Access 131

Security Affairs

OCTOBER 4, 2024

update that addressed two vulnerabilities that exposed passwords and audio snippets to attackers. The vulnerability CVE-2024-44204 is a logic issue that could potentially enable VoiceOver to read aloud users’ saved passwords. Apple released iOS 18.0.1 Apple released iOS 18.0.1 and iPadOS 18.0.1

Passwords 131

Passwords IT Information Security Security 131

Collaboration 2.0

NOVEMBER 20, 2024

Discover the best free password managers of 2024, tested for security and ease of use.

Passwords 75

Passwords Security 75

Collaboration 2.0

OCTOBER 25, 2024

What makes a password strong now? How long should it be? How often should you change it? Here's what the cybersecurity pros at NIST recommend - some of which may surprise you.

Passwords 141

Passwords Cybersecurity Security IT 141