Troy Hunt

JUNE 25, 2018

My relationship with 1Password stretches all the way back to 2011 when I came to the realisation that the only secure password is the one you can't remember. There's also a bunch of other ways 1Password can use the data to streamline how users protect their accounts and that's something we're actively discussing.

Passwords 272

Passwords Data breaches Password Management Accountability 272

Troy Hunt

JULY 12, 2019

So "Plan A" was to publish Pwned Passwords V5 on Tuesday but a last-minute check showed control characters had snuck in due to the quality (or lack thereof) of the source data. The Zhenai breach from 2011 added another 5M records to HIBP (I'm still working through a ridiculously long backlog of breaches.)

Data breaches 170

Data breaches Passwords Accountability Hacking 170

Troy Hunt

MARCH 27, 2018

It began with a visit to the local Telstra store earlier this month to upgrade a couple of phone plans which resulted in me sitting alone by this screen whilst the Telstra staffer disappeared into the back room for a few minutes: Is it normal for @Telstra to display customer passwords on publicly facing terminals in their stores?

Passwords 157

Passwords Banking Mobile Telecommunications 157

SecureWorld News

SEPTEMBER 17, 2021

Fast-forward a decade from now and imagine teaching emerging cybersecurity professionals about an obsolete thing called a password. Password problems because of the human factor. Manual and annoying for a long time, passwords were a key technology, beginning in the early digital age, to protect servers, accounts, and eventually email.

Passwords 61

Passwords Authentication Accountability Mobile 61

Security Affairs

MAY 22, 2021

26, 2011 and February. The airline pointed out that neither CVV/CVC numbers associated with the credit cards nor passwords were impacted. ” The company recommends passengers to change their passwords to prevent unauthorized access to their accounts and ensure their data security.

Data breaches 140

Data breaches Passwords Hacking Cyber Attacks 140

Security Affairs

OCTOBER 6, 2019

Microsoft has been tracking the threat actors at least since 2013, but experts believe that the cyberespionage group has been active since at least 2011. . “The targeted accounts are associated with a U.S. “The targeted accounts are associated with a U.S. ” reads the analysis published by Microsoft.

Accountability 106

Accountability Passwords Advertising Government 106

Malwarebytes

FEBRUARY 9, 2022

That leaves 78 percent that only require usernames and passwords to authenticate account users. billion account hijacking attempts using brute-forced stolen passwords. Google introduced 2FA to Gmail in 2011. Milka revealed that, at the time of his talk, less than 10 percent of Google accounts used 2FA.

Authentication 94

Authentication Social Engineering Passwords Accountability 94

SecureWorld News

MAY 26, 2022

Federal Trade Commission (FTC) and the Department of Justice (DOJ) charged Twitter with a $150 million penalty for " deceptively using account security data for targeted advertising.". Twitter, like many other social media websites, asks users to provide their phone number and email address to better protect their account.

Advertising 95

Advertising Media Accountability Account Security 95

Malwarebytes

APRIL 14, 2022

There are a lot of those because the ZeuS banking Trojan source code was leaked in 2011, and so there’s been plenty of time for several new variants to emerge. The primary goal of Zloader was originally financial theft, stealing account login IDs, passwords and other information to take money from people’s accounts.

Backups 141

Backups Banking Telecommunications Internet 141

Security Affairs

SEPTEMBER 5, 2019

New problems to Facebook , phone numbers associated with more than 400 million accounts of the social network giant were exposed online. A new privacy incident involved Facebook, according to TechCruch, phone numbers associated with 419 million accounts of the social network giant were exposed online. ” states Techcrunch.

Advertising 111

Advertising Accountability Mobile Passwords 111

Krebs on Security

DECEMBER 16, 2019

People who responded to recruitment messages were invited to create an account at one of these sites, enter personal and bank account data (mules were told they would be processing payments for their employer’s “programmers” based in Eastern Europe) and then log in each day to check for new messages. indep: Yeah.

Cybercrime 255

Cybercrime Banking Small Business Accountability 255

Security Affairs

MAY 5, 2019

Microsoft removes Password-Expiration Policy in security baseline for Windows 10. Over 23 million breached accounts were using ‘123456 as password. But it was 2011. Amnesty International Hong Kong Office hit by state-sponsored attack. New Emotet variant uses connected devices as proxy C2 servers.

Cyber Attacks 90

Cyber Attacks Wireless Advertising Passwords 90

Spinone

JANUARY 21, 2015

Here is the annual list of the 25 most frequently passwords found on the Internet appearing to be the Worst Passwords, that will expose anybody to being hacked or having their identities stolen. SplashData has released its annual list of the most common passwords compiled from more than 3.3

Passwords 40

Passwords Password Management Backups Hacking 40

Identity IQ

FEBRUARY 8, 2024

You probably use the deep web all the time — examples may include bank accounts, your email, and login-restricted content such as news or streaming entertainment. The hidden service gained traction in 2011 and then hit the mainstream when a Gawker article about the site was published. From 2011 to 2013, the Silk Road hosted 1.2

Identity Theft 98

Identity Theft Cryptocurrency Government Engineering 98

Security Affairs

FEBRUARY 7, 2020

Microsoft has been tracking the threat actors at least since 2013, but experts believe that the cyberespionage group has been active since at least 2011 targeting journalists and activists in the Middle East, as well as organizations in the United States, and entities in the U.K., Israel, Iraq, and Saudi Arabia.

Phishing 126

Phishing Advertising Malware Media 126

Pen Test Partners

JANUARY 29, 2024

It looks like similar techniques were used on Sir Grayson Perry’s stage show , where information was used to identify members of the audience and query details from their social media accounts live on stage. That does not mean it is not right sometimes, if the targets have not changed a password in a while, they can still be valid.

Scams 81

Scams Passwords Media Accountability 81

Thales Cloud Protection & Licensing

MARCH 29, 2023

First observed in 2011, the holiday stresses the importance of having extra copies of data in case of an attack or accident. Control Access Ensuring password security is one of the easiest steps you can take to protect your data, devices, and accounts. Using multi-factor authentication (MFA) when possible is also recommended.

Backups 71

Backups Encryption Passwords Ransomware 71

Thales Cloud Protection & Licensing

APRIL 7, 2022

The reputation is well-deserved when you consider that we (the cybersecurity team) tell users to create a unique password for each account to increase security. According to Gartner, 20 – 50% of help desk calls are for password reset – which is an expensive burden for any help desk.

Passwords 71

Passwords Password Management Authentication Social Engineering 71

SecureList

SEPTEMBER 26, 2022

The infection vector of NullMixer is based on a ‘User Execution’ (MITRE Technique: T1204) malicious link that requires the end user to click on and download a password-protected ZIP/RAR archive with a malicious file that is extracted and executed manually. The user extracts the archived file with the password. SmokeLoader.

Malware 133

Malware Cryptocurrency Passwords Software 133

Pen Test Partners

SEPTEMBER 9, 2024

Privacy and Passwords: Two-step verification is done by default, but multi-factor authentication (MFA) is recommended. Password security Ring requires two-step verification (2SV) by default, which adds an extra layer of security by requiring a second form of identification in addition to your password. Who is Ring?

Firmware 64

Firmware Encryption Passwords Authentication 64

Security Affairs

FEBRUARY 3, 2022

The decryption password is provided as a command-line argument (Base64 encoded string), and the xPack backdoor can run as a standalone application or as a service (xPackSvc variant). The threat actors were returning periodically in the compromised network to launch xPack again and steal account credentials from the compromised organizations.

Manufacturing 98

Manufacturing Malware Data collection Encryption 98

Thales Cloud Protection & Licensing

MAY 9, 2022

With passwords destined to be around for a foreseeable amount of time with all their weaknesses, businesses were always seeking for ways to verify the identity of people and services accessing sensitive data beyond any doubt. SIM swapping attacks were the key reason that back in 2011, NIST deprecated SMS-based OTP authentication.

Authentication 71

Authentication Social Engineering Mobile Digital transformation 71

Security Affairs

DECEMBER 23, 2019

The APT20 group has been active since at least 2011, but experts did not associate any campaign with this threat actors between 2016 and 2017. In order to move laterally within the target networks, hackers used well-known techniques, such as dumping credentials from memory and accessing password managers on compromised systems.

VPN 97

VPN Hacking Software Advertising 97

Webroot

MAY 12, 2021

“What Bitcoin was to 2011, NFTs are to 2021.”. But naturally, at Carbonite + Webroot, we just wonder how they’ll be used and abused by cybercriminals or if they can be irrevocably lost like the password to a crypto wallet. It seems phishing for users’ passwords to the sites used to buy and sell NFTs is the main method of compromise.

Cryptocurrency 95

Cryptocurrency Marketing Phishing Authentication 95

eSecurity Planet

SEPTEMBER 14, 2022

To this end, some impressive technology has been created to combat the technological side of the issue, to keep hackers and similar bad actors from accessing data and account privileges they shouldn’t.

Social Engineering 121

Social Engineering Energy and Utilities Phishing Internet 121

Malwarebytes

JANUARY 15, 2023

According to the BBC, the data includes: Passport scans of both pupils and parents which date back to 2011. Ensure your RDP points are locked down with a good password and multi-factor authentication. There’s going to be quite a bit of concern for parents and teachers alike, with sensitive data being thrown into the mix.

Ransomware 97

Ransomware Backups Education VPN 97

Adam Levin

JUNE 3, 2019

Case in point: the hacking group Lulzsec’s 2011 hack of the U.S. Every access point has the potential for a breach, be it from an unprotected drive , a re-used password , an irresponsible click, a compromised cell phone or a bad player. Like a severed head, stolen data is the proof of success in this arena.

Data breaches 119

Data breaches Marketing Firewall Hacking 119

Elie

DECEMBER 20, 2018

Performing a longitudinal analysis highlights that the adoption rate of 2FA (two-factor authentication) has been mostly stagnant over the last five years, despite the ever increasing number of accounts hijacked due to the. reuse of passwords found in data breaches and phishing attacks. in 2011 almost 10 years ago.

Authentication 90

Authentication Internet Internet Software 90

Spinone

JANUARY 25, 2017

We also (hopefully everyone) make sure that we change our password every 2-3 months. Just remember your login and password, and you can access your information from anywhere in the World and from any device. For example, in 2011 Amazon had a Cloud Crash and lost customer data. We run virus checks on our computers, right?

Backups 40

Backups Passwords Accountability Mobile 40

eSecurity Planet

JUNE 17, 2021

With the EDB PostgreSQL Advanced Server, clients gain features like password profiles, enhanced audit logging, and data redaction. In 2011, McAfee added to their database security lineup with the acquisition of Sentrigo, which approached database security with an emphasis on privileged user activity and access. Microsoft Azure.

Firewall 114

Firewall Encryption Computers and Electronics Software 114

Kali Linux

DECEMBER 30, 2019

That moved us to basing BackTrack 5 off of Ubuntu instead of Slackware live (February 2011). Many Applications Require Non Root Accounts On the opposite direction, over the years a number of applications and services have been configured to forbid their usage as the root user. No more root / toor.

Penetration Testing 52

Penetration Testing Passwords Accountability 52

Security Affairs

MARCH 27, 2023

The threat actor abused Bitly shortener and an ad hoc BlogSpot account to protect the malicious code, lastly stored in an encrypted zip archive hosted on Mega.nz. He is a former member of the ANeSeC CTF team, one of the firsts Italian cyber wargame teams born back in 2011.

Malware 98

Malware Social Engineering Encryption Marketing 98

NopSec

OCTOBER 28, 2022

The vulnerability traces back to code released in 2011, which is a significant amount of time for a hashing algorithm to find its way into hundreds if not thousands of projects. I can still recall dumping clear-text passwords from “yahoo.com” (like I said, it was 2014). November Preview: Critical Vulnerability in OpenSSL 3.0.x

DNS 52

DNS Risk Passwords Authentication 52

eSecurity Planet

APRIL 26, 2022

Company Sector Year Status Isovalent Cloud security 2020 Private Illumio Cloud security 2015 Private SignalFx Monitoring 2015 Acquired: Splunk CipherCloud Cloud security 2012 Acquired: Lookout Lookout Mobile security 2011 Private. Accel Investments. Bessemer Venture Partners.

Cybersecurity 127

Cybersecurity Technology Marketing Healthcare 127

ForAllSecure

MARCH 1, 2022

In 2011, there a was user in a chat room by the name of altoid, like the mint. Anyone talking about it in 2011 most likely had inside information. This can be from your personal checking account or business account. Don't use familiar passwords seriously. And he had. So you're going to need cash. For the moment.

Hacking 52

Hacking Mobile Cryptocurrency VPN 52

McAfee

SEPTEMBER 19, 2019

While current employees are the biggest perpetrators of insider attacks, accounting for 30% of all incidents, former employees can also cause damage. In 2015, a former Morgan Stanley financial advisor pleaded guilty to stealing 730,000 account records from 2011 to 2014 and saving them on a personal server at home.

Threat Detection 40

Threat Detection Accountability Risk Data breaches 40

Krebs on Security

DECEMBER 14, 2023

The story on the Flashback author featured redacted screenshots that were taken from Ika’s BlackSEO account (see image above). The day after that story ran, Ika posted a farewell address to his mates, expressing shock and bewilderment over the apparent compromise of his BlackSEO account. ru under the handle “ r-fac1.”

Cybercrime 265

Cybercrime Accountability Advertising Computers and Electronics 265