Tech Republic Security

MAY 4, 2017

May 4, 2017 is officially World Password Day. Here are some tips and tricks to help you improve your online security.

Passwords 135

Passwords Account Security Accountability 135

Krebs on Security

JULY 10, 2022

Twice in the past month KrebsOnSecurity has heard from readers who’ve had their accounts at big-three credit bureau Experian hacked and updated with a new email address that wasn’t theirs. In both cases the readers used password managers to select strong, unique passwords for their Experian accounts.

Accountability 347

Accountability Passwords Authentication Password Management 347

Troy Hunt

OCTOBER 9, 2017

From that moment, the timeline in their public disclosure began which I highlighted in this tweet: 23 hours and 42 minutes from initial private disclosure to @disqus to public notification and impacted accounts proactively protected pic.twitter.com/lctQEjHhiH — Troy Hunt (@troyhunt) October 6, 2017.

Data breaches 257

Data breaches Passwords Accountability Internet 257

Krebs on Security

DECEMBER 19, 2022

conspired to hack into Yahoo email accounts belonging to victims in the United States. From there, the two allegedly would check how many of those Yahoo accounts were associated with Ring accounts, and then target people who used the same password for both accounts. . “ChumLul,” 22, of Racine, Wisc.,

Hacking 328

Hacking Media Passwords Accountability 328

Krebs on Security

AUGUST 12, 2020

Several stories here have highlighted the importance of creating accounts online tied to your various identity, financial and communications services before identity thieves do it for you. ” In short, although you may not be required to create online accounts to manage your affairs at your ISP, the U.S. .”

Accountability 360

Accountability Mobile Banking Passwords 360

Krebs on Security

MARCH 8, 2019

Unfortunately, if you don’t already have an account at the credit bureau’s new myEquifax portal , it may be simple for identity thieves to lift an existing credit freeze at Equifax and bypass the PIN armed with little more than your, name, Social Security number and birthday. Getting an account at myequifax.com was easy.

Accountability 276

Accountability Identity Theft Passwords Authentication 276

Krebs on Security

AUGUST 27, 2019

Imperva , a leading provider of Internet firewall services that help Web sites block malicious cyberattacks, alerted customers on Tuesday that a recent data breach exposed email addresses, scrambled passwords, API keys and SSL certificates for a subset of its firewall users. Redwood Shores, Calif.-based

Cybersecurity 254

Cybersecurity Firewall Passwords Data breaches 254

Krebs on Security

NOVEMBER 11, 2023

In the summer of 2022, KrebsOnSecurity documented the plight of several readers who had their accounts at big-three consumer credit reporting bureau Experian hijacked after identity thieves simply re-registered the accounts using a different email address. So once again I sought to re-register as myself at Experian.

Accountability 333

Accountability Authentication Passwords Identity Theft 333

Krebs on Security

NOVEMBER 2, 2018

Thieves are combining SMS-based phishing attacks with new “cardless” ATMs to rapidly convert phished bank account credentials into cash. The text messages contained a link to unlock their accounts and led customers to a Web site that mimicked the legitimate Fifth Third site. Image: Mastercard.us.

Phishing 245

Phishing Banking Scams Accountability 245

Krebs on Security

DECEMBER 3, 2021

More commonly, that access is purchased from a cybercriminal broker who specializes in acquiring remote access credentials — such as usernames and passwords needed to remotely connect to the target’s network. In early 2017, Babam confided to another Verified user via private message that he is from Lithuania. com (2017).

Ransomware 324

Ransomware Passwords Accountability Cybercrime 324

Krebs on Security

MARCH 9, 2023

A Croatian national has been arrested for allegedly operating NetWire , a Remote Access Trojan (RAT) marketed on cybercrime forums since 2012 as a stealthy way to spy on infected systems and siphon passwords. Constella also shows the email address zankomario@gmail.com used the password “dugidox2407.”

DNS 290

DNS Cybercrime Passwords Accountability 290

Krebs on Security

JULY 23, 2018

Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes, the company told KrebsOnSecurity. A YubiKey Security Key made by Yubico. a mobile device).

Phishing 249

Phishing Authentication Mobile Passwords 249

Schneier on Security

NOVEMBER 13, 2017

This is interesting research and data: With Google accounts as a case-study, we teamed up with the University of California, Berkeley to better understand how hijackers attempt to take over accounts in the wild. billion credentials exposed by third-party breaches. The report.

Phishing 180

Phishing Marketing Passwords Accountability 180

eSecurity Planet

JULY 23, 2021

LastPass is password management software that’s been popular among business and personal users since it was initially released in 2008. Like other password managers, LastPass provides a secure vault for your login credentials, personal documents, and other sensitive information. When it was acquired by LogMeIn Inc.

Password Management 133

Password Management Passwords Authentication Architecture 133

Troy Hunt

JANUARY 8, 2019

Very often, those addresses are accompanied by other personal information such as passwords. No, and the passwords are the very first thing that starts to give it all away. The attack is simple but effective due to the prevalence of password reuse. That's it, job done, they're into your account.

Hacking 221

Hacking Passwords Accountability Data breaches 221

The Last Watchdog

OCTOBER 15, 2019

If there ever was such a thing as a cybersecurity silver bullet it would do one thing really well: eliminate passwords. Threat actors have proven to be endlessly clever at abusing and misusing passwords. So what’s stopping us from getting rid of passwords altogether? Passwords may have been very effective securing Roman roads.

Passwords 164

Passwords Authentication Data breaches Internet 164

Krebs on Security

JANUARY 19, 2022

If you created an online account to manage your tax records with the U.S. account and share the experience here. account). After entering an email address and picking a password, you are prompted to confirm your email address by clicking a link sent to that address. Also, successfully verifying your identity with ID.me

Mobile 364

Mobile Accountability Insurance Government 364

Krebs on Security

APRIL 11, 2019

and higher can now be used as Security Keys , an additional authentication layer that helps thwart phishing sites and password theft. Once a user has enrolled their Android phone as a Security Key, the user will need to approve logins via a prompt sent to their phone after submitting their username and password at a Google login page.

Mobile 242

Mobile Authentication Passwords Accountability 242

SC Magazine

MARCH 2, 2021

House Oversight and Homeland Security committees last week, SolarWinds’s former and current CEOs blamed an intern for creating a weak FTP server password and leaking it on GitHub – an act which may or may not have contributed to a supply chain hack that impacted users of the tech firm’s Orion IT performance monitoring platform.

Passwords 129

Passwords Password Management CISO InfoSec 129

Krebs on Security

FEBRUARY 26, 2023

million customers, including website administrator passwords, sFTP credentials, and private SSL keys; -December 2022: Hackers gained access to and installed malware on GoDaddy’s cPanel hosting servers that “intermittently redirected random customer websites to malicious sites.”

Hacking 309

Hacking Social Engineering Phishing Scams 309

Security Affairs

JULY 2, 2019

US Cyber Command posted on Twitter an alert about cyber attacks exploiting the CVE-2017-11774 vulnerability in Outlook. Yesterday I was using Twitter when I noticed the following alert issued by the account managed by the US Cyber Command : USCYBERCOM has discovered active malicious use of CVE-2017-11774 and recommends immediate #patching.

Energy and Utilities 110

Energy and Utilities Malware Advertising InfoSec 110

Krebs on Security

AUGUST 16, 2018

An entrepreneur and virtual currency investor is suing AT&T for $224 million, claiming the wireless provider was negligent when it failed to prevent thieves from hijacking his mobile account and stealing millions of dollars in cryptocurrencies. On June 11, 2017, Terpin’s phone went dead.

Mobile 249

Mobile Cryptocurrency Accountability Authentication 249

Security Affairs

NOVEMBER 18, 2018

Instagram has suffered a serious security leak that might have exposed user’s passwords, revealed The Information website. Instagram notified some of its users that it might have accidentally exposed their password due to a security glitch. Alleged attackers modified personal information making impossible to restore the accounts.

Passwords 111

Passwords Advertising Accountability Media 111

Krebs on Security

JULY 8, 2019

Russian security firm Kaspersky Lab estimated that by the time the program ceased operations, GandCrab accounted for up to half of the global ransomware market. by an individual who used the nickname (and sometimes password) — “ Metall2 ” — across multiple cybercrime forums. Vpn-service[.]us HEAVY METALL.

Ransomware 264

Ransomware Accountability Cybercrime Passwords 264

Security Affairs

MARCH 1, 2021

Top executives of the software firm SolarWinds blamed an intern for having used a weak password for several years, exposing the company to hack. Top executives of the SolarWinds firm believe that the root cause of the recently disclosed supply chain attack is an intern that has used a weak password for several years. Confronted by Rep.

Passwords 116

Passwords Cloud Migration Government Hacking 116

Krebs on Security

JULY 21, 2021

Herring said her husband — who was killed by people who wanted to steal his account — had a habit of registering new Instagram usernames as presents for friends and family members who’d just had children. From there, the attackers can reset the password for any online account that allows password resets via SMS.

Accountability 358

Accountability Media Wireless Passwords 358

Troy Hunt

SEPTEMBER 11, 2018

What it boiled down to was the account arguing with a journalist (pro tip: avoid arguing being a dick to those in a position to write publicly about you!) that no, you didn't just need a username and birth date to reset the account password. — Timothy Dutton (@ravenstar68) December 17, 2017. Secondly, it got fixed.

Media 257

Media Accountability Passwords Mobile 257

Security Affairs

AUGUST 6, 2022

Slack is resetting passwords for approximately 0.5% of its users after a bug exposed salted password hashes when users created or revoked a shared invitation link for their workspace. Slack announced that it is resetting passwords for about 0.5% The post Slack resets passwords for about 0.5% Pierluigi Paganini.

Passwords 98

Passwords Password Management Antivirus Encryption 98

Hacker Combat

SEPTEMBER 6, 2021

Hackers took advantage of the mishap to gain unauthorized access to email accounts and lots of customer’s data was exposed. SEC insisted Cetera was responsible for exposing the personal data of more than 4,300 clients and customers between 2017 November and 2020 June. A spokesperson representing Cetera did not respond to the ruling. .

Accountability 125

Accountability Hacking Financial Services Data breaches 125

Security Affairs

NOVEMBER 3, 2018

Cybercriminals offered for sale private messages from at least 81,000 Facebook accounts claiming of being in possession of data from 120 million accounts. Crooks are offering for sale Criminals are selling the private messages of 81,000 hacked Facebook accounts for 10 cents per account. ” states the BBC.

Accountability 111

Accountability Advertising Cybercrime Hacking 111

Krebs on Security

JULY 13, 2020

Data Viper , a security startup that provides access to some 15 billion usernames, passwords and other information exposed in more than 8,000 website breaches, has itself been hacked and its user database posted online. Password re-use becomes orders of magnitude more dangerous when website developers engage in this unsafe practice.

Hacking 354

Hacking Marketing Cybercrime Accountability 354

Troy Hunt

JANUARY 15, 2021

References Free speech is not absolute - anywhere - and in the US there are numerous exceptions where free speech is not protected (and nor should it be) The more mainstream tech platforms have a history of banning all sorts of accounts for violating their terms of service, for example Twitter deleted hundreds of thousands of ISIS accounts in 2015/2016 (..)

Password Management 243

Password Management Internet Internet Accountability 243

Krebs on Security

FEBRUARY 24, 2023

First identified in 2017 by the security firm Deep Instinct , Mylobot employs a number of fairly sophisticated methods to remain undetected on infected hosts, such as running exclusively in the computer’s temporary memory, and waiting 14 days before attempting to contact the botnet’s command and control servers.

Accountability 269

Accountability Advertising Marketing Malware 269

Krebs on Security

AUGUST 1, 2018

Reddit.com today disclosed that a data breach exposed some internal data, as well as email addresses and passwords for some Reddit users. Reddit said the exposed data included internal source code as well as email addresses and obfuscated passwords for all Reddit users who registered accounts on the site prior to May 2007.

Authentication 222

Authentication Mobile Passwords Accountability 222

Krebs on Security

MAY 4, 2023

” That handle used the same ICQ instant messenger account number ( 555724 ) as a Mazafaka denizen named “ Nordex.” ” In February 2005, Nordex posted to Mazafaka that he was in the market for hacked bank accounts, and offered 50 percent of the take. In 2017, U.S. Constella tracked another Bankir[.]com

Marketing 275

Marketing Cybercrime Accountability Cryptocurrency 275

Krebs on Security

AUGUST 12, 2018

The perpetrators also alter account balances and security measures to make an unlimited amount of money available at the time of the transactions, allowing for large amounts of cash to be quickly removed from the ATM. “At a pre-determined time, the co-conspirators withdraw account funds from ATMs using these cards.”

Banking 236

Banking Accountability Retail Phishing 236

Security Affairs

NOVEMBER 28, 2020

A credible threat actor is offering access to the email accounts of hundreds of C-level executives for $100 to $1500 per account. Access to the email accounts of hundreds of C-level executives is available on the Exploit.in for $100 to $1500 per account. Exploit.in ” reported ZDNet. Pierluigi Paganini.

Accountability 125

Accountability Cybercrime Hacking Retail 125