2013, Encryption and Password Management

LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

Krebs on Security

SEPTEMBER 22, 2023

The password manager service LastPass is now forcing some of its users to pick longer master passwords. But critics say the move is little more than a public relations stunt that will do nothing to help countless early adopters whose password vaults were exposed in a 2022 breach at LastPass.

Passwords

Passwords Encryption Password Management Cryptocurrency

Password manager hijacked to deliver malware in supply chain attack

Malwarebytes

APRIL 27, 2021

In the latest example of a supply chain attack, cybercriminals delivered malware to customers of the business password manager Passwordstate by breaching its developer’s networks and then deploying a fraudulent update last week, said Passwordstate’s maker, Click Studios. That attack, which resulted in an $18.5

Password Management

Password Management Passwords Malware Retail

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Krebs on Security

SEPTEMBER 5, 2023

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. ” How hard would it be for well-resourced criminals to crack the master passwords securing LastPass user vaults?

Cryptocurrency

Cryptocurrency Passwords Encryption Accountability

GUEST ESSAY: ‘World password day’ reminds us to embrace password security best practices

The Last Watchdog

MAY 26, 2021

We celebrated World Password Day on May 6, 2021. Did you know that this unconventional celebration got its start in 2013, and that it’s now an official holiday on the annual calendar? Every year, the first Thursday in May serves as a reminder for us to take control of our personal password strategies. Use a password manager.

Passwords

Passwords Password Management Accountability Authentication

3 of the Worst Data Breaches in the World That Could Have Been Prevented

Security Affairs

DECEMBER 1, 2022

In 2013, Yahoo suffered one of the worst data breaches in history, exposing over 3 billion user accounts. While no plaintext passwords or financial data was stolen, the hack did expose answers to security questions. Experts believe Yahoo was using outdated, easy-to-crack encryption, which led to the attack.

Data breaches

Data breaches Passwords Social Engineering Encryption

If You're Not Paying for the Product, You Are. Possibly Just Consuming Goodwill for Free

Troy Hunt

JULY 18, 2022

There were 2 very simple reasons I built that and I've given this same answer in probably a hundred interviews since 2013: I wanted to build something on Azure in anger. And now you're thinking "I bet he wrote this just to get donations" so instead, go and give Let's Encrypt a donation. What about Why No HTTPS ?

Data breaches

Data breaches Passwords Password Management Software

The Challenges Facing the Passwordless Future

eSecurity Planet

SEPTEMBER 25, 2022

In 2013, for example, the FIDO Alliance was created to solve the world’s password problem by replacing login technology. While big tech phases in new authentication solutions, Dashlane — a password manager used by more than 20,000 companies and more than 15 million users — made a full switch. The Natural Log-in Evolution.

Passwords

Passwords Password Management Authentication Technology

RSA 2022 Musings: The Past and The Future of Security

Anton on Security

JUNE 10, 2022

A password manager claimed “zero trust for passwords” while a SIEM/UEBA vendor promised to reveal all zero trust secrets (I bet they use VPN internally…). A firewall management vendor claimed to “simplify zero trust.” RSA 2013 and Endpoint Agent Re-Emergence RSA 2006–2015 In Anton’s Blog Posts!

VPN

VPN Marketing Firewall Passwords

350 million decrypted email addresses left exposed on an unsecured server

Security Affairs

AUGUST 27, 2020

Example of leaked email addresses: Besides the CSV files, the bucket also contained voice recordings of several sales pitches to digital marketers about RepWatch, which appears to be a long-defunct domain reputation management tool and may or – considering when the files were uploaded – may not be related to the CSV files stored in the bucket.

Social Engineering

Social Engineering Passwords Marketing Phishing

Is India's Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture

Troy Hunt

JANUARY 10, 2018

We are rapidly approaching a "secure by default" web and the green padlock is becoming the norm ( about two thirds of all browser traffic is now encrypted ). A great resource for getting a quick snapshot of how a site implements their SSL / TLS / HTTPS ("encryption of traffic", for the masses) is SSL Labs.

Hacking

Hacking Government Encryption Risk

Addressing Remote Desktop Attacks and Security

eSecurity Planet

MARCH 25, 2022

By exploiting weak server vulnerabilities, the Iran-based hackers were able to gain access, move laterally, encrypt IT systems, and demand ransom payment. For the generation of remote work and operations, Check Point Remote Access VPN offers central management and policy administration for controlling access to corporate networks.

VPN

VPN Software Authentication Encryption

MY TAKE: COVID-19’s silver lining could turn out to be more rapid, wide adoption of cyber hygiene

The Last Watchdog

MAY 11, 2020

In May 2017, the Saudi Arabian Monetary Authority (SAMA) rolled out its Cyber Security Framework mandating detailed data security rules, including a requirement to encrypt and containerize business data in all computing formats. organizations between January 2013 and July 2019. Ransomware hacking groups extorted at least $144.35

Computers and Electronics

Computers and Electronics Data privacy Encryption Media

Smart home security advice. Ring, SimpliSafe, Swann, and Yale

Pen Test Partners

SEPTEMBER 9, 2024

Encryption: End-to-end encryption isn’t enabled by default for doorbells but should be activated. Privacy and Passwords: Two-step verification is done by default, but multi-factor authentication (MFA) is recommended. Ring started in 2013, offering video doorbells that let you see and talk to visitors from your phone.

Firmware

Firmware Encryption Passwords Authentication

RSA 2022 Musings: The Past and The Future of Security

Security Boulevard

JUNE 10, 2022

A password manager claimed “zero trust for passwords” while a SIEM/UEBA vendor promised to reveal all zero trust secrets (I bet they use VPN internally…). A firewall management vendor claimed to “simplify zero trust.” RSA 2013 and Endpoint Agent Re-Emergence. Related posts: RSA 2020 Reflection.

VPN

VPN Marketing Firewall Passwords

Ferocious Kitten: 6 years of covert surveillance in Iran

SecureList

JUNE 16, 2021

From 2015 to February 2018, the malware was compiled with Visual Studio 2013 and 2015, whereas in February 2018, the developers moved to Visual Studio 2017 and embedded the malware’s logic within Microsoft Foundation Class (MFC) classes. argument: path to file to upload. – List files and repositories.

Surveillance

Surveillance Malware Password Management Passwords

The Hacker Mind Podcast: Hacking the Art of Invisibility

ForAllSecure

MARCH 1, 2022

Vamosi: One sunny morning in 2013. It's a process of protecting critical information through encryption and being aware of the potential for eavesdropping on conversations. In 2013, we only knew that someone calling themselves Dread Pirate Roberts was running the site. Don't use familiar passwords seriously.

Hacking

Hacking Mobile Cryptocurrency VPN

Yahoo! Yippee? What to Do?

Adam Shostack

DECEMBER 15, 2016

Yesterday, Yahoo disclosed that attackers broke into Yahoo in 2013 and stole details on a billion accounts. Yahoo says users should change their passwords and security questions and answers for any other accounts on which they used the same or similar information used for their Yahoo account. I use 1Password , and recommend it.

Password Management

Password Management Passwords Encryption Accountability

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

If the US government dictating iPhone encryption design sounds ok to you, ask yourself how you'll feel when China demands the same. Tabriz has led Google Chrome’s security since 2013, which extends to managing Product, Engineering, and UX today. Enable 2FA and get a password manager. — thaddeus e.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

Cyber Security Informer

LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

Password manager hijacked to deliver malware in supply chain attack

Trending Sources

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

GUEST ESSAY: ‘World password day’ reminds us to embrace password security best practices

3 of the Worst Data Breaches in the World That Could Have Been Prevented

If You're Not Paying for the Product, You Are. Possibly Just Consuming Goodwill for Free

The Challenges Facing the Passwordless Future

RSA 2022 Musings: The Past and The Future of Security

350 million decrypted email addresses left exposed on an unsecured server

Is India's Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture

Addressing Remote Desktop Attacks and Security

MY TAKE: COVID-19’s silver lining could turn out to be more rapid, wide adoption of cyber hygiene

Smart home security advice. Ring, SimpliSafe, Swann, and Yale

RSA 2022 Musings: The Past and The Future of Security

Ferocious Kitten: 6 years of covert surveillance in Iran

The Hacker Mind Podcast: Hacking the Art of Invisibility

Yahoo! Yippee? What to Do?

Top Cybersecurity Accounts to Follow on Twitter

Stay Connected