Architecture and Passwords - Cyber Security Informer

I've Just Launched "Pwned Passwords" V2 With Half a Billion Passwords for Download

Troy Hunt

FEBRUARY 21, 2018

Last August, I launched a little feature within Have I Been Pwned (HIBP) I called Pwned Passwords. This was a list of 320 million passwords from a range of different data breaches which organisations could use to better protect their own systems. Here's what it's all about: There's Now 501,636,842 Pwned Passwords.

Passwords

Passwords Data breaches Mobile Risk

Network Security Architecture: Best Practices & Tools

eSecurity Planet

APRIL 26, 2024

Network security architecture is a strategy that provides formal processes to design robust and secure networks. This article explores network security architecture components, goals, best practices, frameworks, implementation, and benefits as well as where you can learn more about network security architecture.

Architecture

Architecture Network Security Firewall Risk

My Philosophy and Recommendations Around the LastPass Breaches

Daniel Miessler

DECEMBER 24, 2022

The initial blog was on August 25th, saying there was a breach, but it wasn’t so bad because they had no access to customer data or password vaults: Two weeks ago, we detected some unusual activity within portions of the LastPass development environment. And specifically, asking me whether I used LastPass or any other password manager.

Password Management

Password Management Passwords Encryption Backups

LastPass Breach

Schneier on Security

DECEMBER 26, 2022

Last August, LastPass reported a security breach, saying that no customer information—or passwords—were compromised. These encrypted fields remain secured with 256-bit AES encryption and can only be decrypted with a unique encryption key derived from each user’s master password using our Zero Knowledge architecture.

Passwords

Passwords Encryption Backups Password Management

I Wanna Go Fast: Why Searching Through 500M Pwned Passwords Is So Quick

Troy Hunt

FEBRUARY 27, 2018

When I launched Pwned Passwords V2 last week , I made it fast - real fast - and I want to talk briefly here about why that was important, how I did it and then how I've since shaved another 56% off the load time for requests that hit the origin. Why Speed Matters for Pwned Passwords. And a bunch of other cool perf stuff while I'm here.

Passwords

Passwords Internet Internet Architecture

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

Security Affairs

DECEMBER 17, 2024

In this latest campaign, our investigation also uncovered prebuilt Hiatus binaries that target new architectures such as Arm, Intel 80386, and x86-64 and previously targeted architectures such as MIPS, MIPS64, and i386. Attackers also attempted to exploit weak vendor-supplied passwords.

Architecture

Architecture Internet Internet Malware

Threat Modeling Password Managers

Adam Shostack

JANUARY 2, 2025

Here's my model of what we're working on: Let me walk you through this: There's a password manager, which talks to a website. The two boundaries displayed are where the data and the "password manager.exe" live. Similarly, the passwords are stored somewhere, and there's a boundary around that. What can go wrong?

Password Management

Password Management Passwords Encryption Architecture

Building a Ransomware Resilient Architecture

eSecurity Planet

DECEMBER 2, 2022

While security teams layer essential preventative measures, resilience measures also need to be implemented in an architecture to reduce the impact of ransomware attacks on your backups. Figure 1: Typical VLAN architecture. Figure 2: Resilient VLAN architecture. How could this have been prevented? Does this add latency?

Architecture

Architecture Ransomware Backups Firewall

News alert: SquareX’s “Year of Browser Bugs” project exposes critical cybersecurity blind spots

The Last Watchdog

MARCH 18, 2025

Throughout 2025, SquareXs research team will disclose at least one critical web attack per month as part of the YOBB project, focusing on vulnerabilities that exploit architectural limitations of the browser and incumbent solutions. Each disclosure will include attack video demonstrations, technical breakdowns, and mitigation strategies.

Cybersecurity

Cybersecurity Architecture Media Password Management

Cybersecurity Resolutions for 2025

IT Security Guru

JANUARY 9, 2025

Cybercriminals weaponise AI to speed up and scale traditional attack tactics, such as phishing and password cracking, while also creating entirely new forms of cyber threats. Key elements in protecting against AI-driven threats include timely software updates, network security improvements and strong password policies.

Cybersecurity

Cybersecurity Cyber threats Architecture Digital transformation

LastPass: Password Manager Review for 2021

eSecurity Planet

JULY 23, 2021

LastPass is password management software that’s been popular among business and personal users since it was initially released in 2008. Like other password managers, LastPass provides a secure vault for your login credentials, personal documents, and other sensitive information. When it was acquired by LogMeIn Inc.

Password Management

Password Management Passwords Authentication Architecture

RockYou2024: The Largest Password Compilation (10 Billion) Ever Leaked

SecureWorld News

JULY 8, 2024

Case in point: a colossal password compilation dubbed "RockYou2024" has emerged, containing nearly 10 billion unique passwords. The name "RockYou2024" pays homage to the infamous RockYou data breach of 2009, which exposed 32 million passwords due to insecure storage practices.

Passwords

Passwords Password Management Education Accountability

Hands-on domain password policy setup for Active Directory

CyberSecurity Insiders

OCTOBER 18, 2021

Dealing with the massive architecture of client-server networks requires effective security measures. Having a weak password policy is a key vector for attackers to gain system access. However, admins can help protect password security of the wide-reaching network using Group Management Policy (GPO).

Passwords

Passwords Accountability Encryption Architecture

ConnectWise Quietly Patches Flaw That Helps Phishers

Krebs on Security

DECEMBER 1, 2022

The third-party cloud storage service is currently shared by both GoTo and its affiliate, the password manager service LastPass. ” However, LastPass maintains that its “customer passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture.”

Phishing

Phishing Architecture Passwords Accountability

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Krebs on Security

SEPTEMBER 5, 2023

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. 15, 2022, LastPass said an investigation into the August breach determined the attacker did not access any customer data or password vaults.

Cryptocurrency

Cryptocurrency Passwords Encryption Accountability

JumpCloud Adds Decentralized Password Manager to Portfolio

Security Boulevard

SEPTEMBER 13, 2022

this week launched a password manager that relies on an alternative approach that stores encrypted credentials locally on user devices and then synchronizes vaults between devices via servers in the cloud. The post JumpCloud Adds Decentralized Password Manager to Portfolio appeared first on Security Boulevard. JumpCloud Inc.

Password Management

Password Management Passwords Architecture Marketing

Banshee macOS stealer supports new evasion mechanisms

Security Affairs

JANUARY 10, 2025

In August 2024, Russian crooks advertised a macOS malware called BANSHEE Stealer that can target both x86_64 and ARM64 architectures. Researchers at Elastic Security Labs who first analyzed the malware confirmed it can steal keychain passwords and data from multiple browsers.

Malware

Malware Advertising Antivirus Cybercrime

WebAuthn, Passwordless and FIDO2 Explained: Fundamental Components of a Passwordless Architecture

Duo's Security Blog

DECEMBER 6, 2022

When someone is told that passwords are going away in favor of a new, “password-less” authentication method, a healthy dose of skepticism is not unwarranted. While this isn’t entirely wrong, passwords are difficult to remember and rarely secure. How does passwordless authentication work?

Architecture

Architecture Authentication Passwords Technology

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

Security Affairs

MARCH 20, 2025

The modular architecture of the malware allows to extend its functionalities for multiple malicious purposes, including surveillance, reconnaissance, information theft, DDoS attacks, and arbitrary code execution.

Computers and Electronics

Computers and Electronics Telecommunications Malware Surveillance

News alert: SquareX discloses nasty browser-native ransomware that’s undetectable by antivirus

The Last Watchdog

MARCH 28, 2025

It can then systematically reset the password of these apps with AI agents, logging the users out on their own and holding enterprise data stored on these applications hostage. Every month, SquareXs research team releases a major web attack that focuses on architectural limitations of the browser and incumbent security solutions.

Antivirus

Antivirus Ransomware Social Engineering Engineering

Still Using Passwords? Get Started with Phishing-Resistant, Passwordless Authentication Now!

Cisco Security

NOVEMBER 2, 2022

. “Over the last few years, we have increased our password complexities and required 2FA wherever possible. With this approach, employees had more password lock outs, password fatigue, and forgetting their longer passwords due to password rotations. Duo’s Passwordless Architecture.

Authentication

Authentication Passwords Phishing Mobile

Bitwarden vs LastPass: Compare Top Password Managers

eSecurity Planet

SEPTEMBER 24, 2021

If you’re looking for a password manager for your business, Bitwarden and LastPass might be on your list of potential solutions. Both vendors will help you and your employees store access credentials, improve password health, and share sensitive information securely. PBKDF2 SHA-256 encryption for master passwords.

Password Management

Password Management Passwords Encryption Authentication

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

SecureWorld News

FEBRUARY 20, 2025

Experts warn that organizations must act decisively to protect against this growing threat by implementing Zero Trust architectures, patching vulnerabilities, and strengthening identity security. Require 16+ character unique passwords stored in an enterprise password manager. Use Privileged Access Management (PAM) solutions.

Ransomware

Ransomware IoT Encryption Social Engineering

Exposed HMIs: A Direct Pathway for Cyberattacks on Critical Infrastructure

SecureWorld News

DECEMBER 17, 2024

While it is possible to patch and password-protect these systems, Ellis warns that a failure in any of these controls could leave essential services exposed to exploitation by nation-state actors or other malicious groups. Secure Access : Use strong passwords, enable multifactor authentication (MFA), and disable default credentials.

Internet

Internet Internet Risk Passwords

Zenbleed: New Flaw in AMD Zen 2 Processors Puts Encryption Keys and Passwords at Risk

The Hacker News

JULY 25, 2023

A new security vulnerability has been discovered in AMD's Zen 2 architecture-based processors that could be exploited to extract sensitive data such as encryption keys and passwords.

Encryption

Encryption Passwords Architecture Risk

LastPass revealed that encrypted password vaults were stolen

Security Affairs

DECEMBER 23, 2022

In August password management software firm LastPass disclosed a security breach, threat actors had access to portions of the company development environment through a single compromised developer account and stole portions of source code and some proprietary technical information. The backup contains both unencrypted data (i.e.

Encryption

Encryption Passwords Data breaches Backups

LW ROUNDTABLE: Predictive analytics, full-stack visualization to solidify cyber defenses in 2025

The Last Watchdog

DECEMBER 18, 2024

Simic Bojan Simic , CEO, HYPR The era of passwords will further decline as credential misuse rises, with AI both aiding and challenging security efforts. Experts here explore the importance of fostering a resilient workforce, backed by AI-enhanced training and layered security strategies.

Risk

Risk Threat Detection Technology Phishing

Deloitte denied its systems were hacked by Brain Cipher ransomware group

Security Affairs

DECEMBER 9, 2024

According to The Guardian , which first reported the incident,hackers may have accessed company customers emails along with usernames, passwords and personal details of top accountancy firms blue-chip clients. In addition to emails, hackers had potential access to IP addresses, architectural diagrams for businesses and health information.

Hacking

Hacking Ransomware Accountability Architecture

Serverless to the Max: Doing Big Things for Small Dollars with Cloudflare Workers and Azure Functions

Troy Hunt

SEPTEMBER 5, 2018

By way of (very brief) background, one of the features in HIBP is Pwned Passwords. This is a repository of 517M passwords from previous data breaches that organisations can refer to in order to stop people from using passwords which have previous been breached ( the launch blog post talks about why that's important).

Passwords

Passwords Architecture Data breaches Technology

Experts warn of a surge in activity associated FICORA and Kaiten botnets

Security Affairs

DECEMBER 27, 2024

It first terminates processes with the same file extension as “FICORA” and then downloads and executes the malware targeting multiple Linux architectures. The scanner used by the FICORA botnet includes a hard-coded username and password for its brute force attack function.

Architecture

Architecture Malware DNS DDOS

LastPass data breach: threat actors stole a portion of source code

Security Affairs

AUGUST 25, 2022

Password management software firm LastPass has suffered a data breach, threat actors have stole source code and other data. The company engaged a leading cybersecurity and forensics firm to investigate the incident, it confirmed that the data breach did not compromise users’ Master Passwords. ” continues the notice.

Data breaches

Data breaches Password Management Passwords Architecture

Passwordless Protection: The Next Step in Zero Trust

Cisco Security

AUGUST 4, 2021

Deploying a Zero Trust architecture for the workforce provides a series of benefits, including improving the end-user experience by allowing access to some applications or resources that traditionally require VPN access and streamlining authentication through multi-factor authentication (MFA). The Move to Passwordless.

Authentication

Authentication Architecture Passwords Cyber Risk

News alert: INE Security announces new initiative to help companies accelerate CMMC 2.0 compliance

The Last Watchdog

JANUARY 27, 2025

Certification requirements Each level carries its own stringent requirements, ranging from broad in scope at Level 1 to highly specialized at Level 3. Organizations can use this checklist to track progress and identify areas requiring attention before assessment. demands a structured approach to implementation and preparation.

Password Management

Password Management Architecture Threat Detection Cybersecurity

GUEST ESSAY: Securely managing access controls is vital to preserving the privacy of healthcare data

The Last Watchdog

NOVEMBER 8, 2021

Access controls are the nexus of security and the expanding perimeter, and zero trust is the architecture that encompasses it. Zero trust is an all-inclusive security and privacy architecture. The network security perimeter is dynamically created and policy-based, and must be guarded by secure and highly managed access controls.

Healthcare

Healthcare Technology Architecture IoT

U.S. Security Agencies Release Network Security, Vulnerability Guidance

eSecurity Planet

MARCH 4, 2022

The NSA’s 58-page Network Infrastructure Security Guidance (PDF) is more of a catalog of network security best practices, based on principles of zero trust and segmentation , following up on brief January guidance (PDF) on segmentation that discussed the Purdue Enterprise Reference Architecture (image below).

Network Security

Network Security Architecture Authentication Firewall

Check Point Warns of Hackers Targeting Its Remote Access VPN

SecureWorld News

MAY 28, 2024

In the advisory , Check Point says the attackers are targeting security gateways with old local accounts using insecure password-only authentication, which should be used with certificate authentication to prevent breaches. "We We have recently witnessed compromised VPN solutions, including various cyber security vendors.

VPN

VPN Passwords Authentication Architecture

Alleged Oracle Cloud Breach Triggers Industry Scrutiny, Supply Chain Concerns

SecureWorld News

MARCH 27, 2025

The leaked data includes Java KeyStore (JKS) files, encrypted SSO passwords, enterprise manager JPS keys, and key filessuggesting the compromise of credentials and authentication artifacts. The attacker alleges that data was exfiltrated from Oracle Cloud's login infrastructure, specifically from the endpoint login.us2.oraclecloud.com.

CISO

CISO Data breaches Encryption Passwords

Unpatched Exchange Servers an overlooked risk

CSO Magazine

SEPTEMBER 1, 2021

Use of known/fixed/default passwords and credentials. Learn the must-have features in a modern network security architecture. | They are so broad in their “badness,” however, that any organization should take notice and ensure they are not doing them. The two bad practices are: Use of unsupported (or end-of-life) software.

CSO

CSO Risk Architecture Passwords

Columbus Ransomware Attack Exposes 500,000+ Residents’ Data: How to Stay Safe

eSecurity Planet

NOVEMBER 6, 2024

Strengthen IT Infrastructure Evaluate your existing security architecture to ensure it can withstand modern cyberthreats. Implement Multi-Factor Authentication (MFA) Multi-factor authentication provides an additional security layer beyond passwords, making it harder for unauthorized users to access sensitive systems.

Ransomware

Ransomware Authentication Identity Theft Penetration Testing

Top 10 web application vulnerabilities in 2021–2023

SecureList

MARCH 12, 2024

More than a third (39%) used the microservice architecture. Mitigation: do not store files containing sensitive data, such as passwords or backups, in web application publish directories. Server-Side Request Forgery (SSRF) The popularity of the cloud and microservice architectures is on the rise. Disable unused components.

Passwords

Passwords Authentication Architecture Risk

Hackers targeted ICS/SCADA systems at water facilities, Israeli government warns

Security Affairs

APRIL 27, 2020

“The system calls on companies and entities in the energy and water sectors to immediately exchange passwords from the Internet to the control systems, reduce Internet connectivity and ensure that the most up-to-date version of controllers is installed.” ” reads the alert issued by the Israeli government.

Energy and Utilities

Energy and Utilities Government Cyber Attacks Architecture

DeepSeek and AI-Generated Malware Pose New Danger for Cybersecurity

SecureWorld News

MARCH 13, 2025

Kowski also emphasizes the need for a multi-layered security approach, stating that "multi-factor authentication, strong password policies, and zero-trust architecture are essential defenses that significantly reduce the risk of AI-powered attacks succeeding, regardless of how convincing they appear."

Malware

Malware Cybersecurity Cyber threats Threat Detection

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 35

Security Affairs

MARCH 2, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware

Malware Architecture IoT Ransomware

New modular ModPipe POS Malware targets restaurants and hospitality sectors

Security Affairs

NOVEMBER 12, 2020

One of the modules analyzed by the experts, named GetMicInfo, implements an algorithm that allows operators to gather database passwords by decrypting them from Windows registry values. . ” reads the analysis published by ESET. ” continues the analysis. persistent loader unpacks and loads the next stage of the main module.

Malware

Malware Architecture Passwords Software

I've Just Launched "Pwned Passwords" V2 With Half a Billion Passwords for Download

Network Security Architecture: Best Practices & Tools

Trending Sources

My Philosophy and Recommendations Around the LastPass Breaches

LastPass Breach

I Wanna Go Fast: Why Searching Through 500M Pwned Passwords Is So Quick

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

Threat Modeling Password Managers

Building a Ransomware Resilient Architecture

News alert: SquareX’s “Year of Browser Bugs” project exposes critical cybersecurity blind spots

Cybersecurity Resolutions for 2025

LastPass: Password Manager Review for 2021

RockYou2024: The Largest Password Compilation (10 Billion) Ever Leaked

Hands-on domain password policy setup for Active Directory

ConnectWise Quietly Patches Flaw That Helps Phishers

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

JumpCloud Adds Decentralized Password Manager to Portfolio

Banshee macOS stealer supports new evasion mechanisms

WebAuthn, Passwordless and FIDO2 Explained: Fundamental Components of a Passwordless Architecture

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

News alert: SquareX discloses nasty browser-native ransomware that’s undetectable by antivirus

Still Using Passwords? Get Started with Phishing-Resistant, Passwordless Authentication Now!

Bitwarden vs LastPass: Compare Top Password Managers

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

Exposed HMIs: A Direct Pathway for Cyberattacks on Critical Infrastructure

Zenbleed: New Flaw in AMD Zen 2 Processors Puts Encryption Keys and Passwords at Risk

LastPass revealed that encrypted password vaults were stolen

LW ROUNDTABLE: Predictive analytics, full-stack visualization to solidify cyber defenses in 2025

Deloitte denied its systems were hacked by Brain Cipher ransomware group

Serverless to the Max: Doing Big Things for Small Dollars with Cloudflare Workers and Azure Functions

Experts warn of a surge in activity associated FICORA and Kaiten botnets

LastPass data breach: threat actors stole a portion of source code

Passwordless Protection: The Next Step in Zero Trust

News alert: INE Security announces new initiative to help companies accelerate CMMC 2.0 compliance

GUEST ESSAY: Securely managing access controls is vital to preserving the privacy of healthcare data

U.S. Security Agencies Release Network Security, Vulnerability Guidance

Check Point Warns of Hackers Targeting Its Remote Access VPN

Alleged Oracle Cloud Breach Triggers Industry Scrutiny, Supply Chain Concerns

Unpatched Exchange Servers an overlooked risk

Columbus Ransomware Attack Exposes 500,000+ Residents’ Data: How to Stay Safe

Top 10 web application vulnerabilities in 2021–2023

Hackers targeted ICS/SCADA systems at water facilities, Israeli government warns

DeepSeek and AI-Generated Malware Pose New Danger for Cybersecurity

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 35

New modular ModPipe POS Malware targets restaurants and hospitality sectors

Stay Connected