Schneier on Security

JUNE 28, 2022

Thought experiment story of someone of someone who lost everything in a house fire, and now can’t log into anything: But to get into my cloud, I need my password and 2FA. To get my passwords, I need my 2FA. To get my 2FA, I need my passwords. I am in cyclic dependency hell. There is no-one to convince. Code is law.

Passwords 313

Passwords Password Management Backups Risk 313

Schneier on Security

DECEMBER 26, 2022

Last August, LastPass reported a security breach, saying that no customer information—or passwords—were compromised. These encrypted fields remain secured with 256-bit AES encryption and can only be decrypted with a unique encryption key derived from each user’s master password using our Zero Knowledge architecture.

Passwords 293

Passwords Encryption Backups Password Management 293

NetSpi Technical

MARCH 10, 2025

Last year, the NetSPI red team came across a backup file for Solar Winds Web Help Desk software. This led to an analysis of the software and how it stored encrypted passwords, giving the red team the ability to recover the stored passwords and use them to access other systems. Fixed in: Solar Winds Web Help Desk version 12.8.5

Encryption 95

Encryption Backups Passwords Software 95

Troy Hunt

FEBRUARY 4, 2024

That's not unprecedented, but this is: password: "$2y$10$B0EhY/bQsa5zUYXQ6J.NkunGvUfYeVOH8JM1nZwHyLPBagbVzpEM2", No way! Is that genuinely a bcrypt hash of my own password? Yep, that's exactly what it is : The Spoutible API enabled any user to retrieve the bcrypt hash of any other user's password.

Passwords 363

Passwords Accountability Backups Data breaches 363

Daniel Miessler

DECEMBER 24, 2022

The initial blog was on August 25th, saying there was a breach, but it wasn’t so bad because they had no access to customer data or password vaults: Two weeks ago, we detected some unusual activity within portions of the LastPass development environment. And specifically, asking me whether I used LastPass or any other password manager.

Password Management 364

Password Management Passwords Encryption Backups 364

CyberSecurity Insiders

FEBRUARY 16, 2023

We all know that backup servers are only the sole saviors to an organization when a ransomware incident strikes their IT infrastructure. Blocking a backup server from Lightweight directory access protocol (LDAP) also makes sense as it blocks hackers from accessing usernames and passwords fraudulently.

Backups 116

Backups Ransomware DNS Encryption 116

Adam Shostack

JANUARY 2, 2025

As the expression goes, no one cares about backups, they care about restores. As the expression goes, no one cares about backups, they care about restores. Some lessons learned over the last few days: Apple has disabled single user mode as of Mojave, and many recovery options are not available if you use a firmware password.

Backups 130

Backups Firmware Passwords Internet 130

Malwarebytes

JANUARY 6, 2025

Nothing showed evidence that a HIPAA-compliant risk analysis had ever been conducted (lists of usernames and passwords in plain text on the compromised server). There were no password policies until at least January 2024 (the same username and password were used for all Westend Dental servers that contained protected health information).

Data breaches 145

Data breaches Ransomware Passwords Insurance 145

Security Affairs

NOVEMBER 13, 2024

Then, it re-encrypts the system using a randomly generated password. This unique password is uploaded to a server controlled by the attacker. The random password is generated from network traffic and memory data, making brute-forcing difficult. The encryption process took just 2.5 ” reads the post published by Bitdefender.

Ransomware 121

Ransomware Encryption Passwords Backups 121

Malwarebytes

NOVEMBER 6, 2024

Lock things down Having a strict policy to protect your important assets with strong passwords and multi-factor authentication (MFA) should be a no-brainer. Consider making it easier for your staff by using a single-sign-on service or alternatively by providing them with a password manager.

Small Business 98

Small Business Backups Firewall VPN 98

Schneier on Security

MAY 1, 2019

This is why I keep using words like "transformative," "revolutionary," and "lit" (not so much anymore): SKs basically shrink your threat model from "anyone anywhere in the world who knows your password" to "people in the room with you right now." They're still much better than traditional password-only authentication systems.

Social Engineering 261

Social Engineering Backups Passwords Authentication 261

Adam Levin

SEPTEMBER 22, 2020

ArbiterSports, a software provider for several sports leagues including the NCAA, announced that it had averted a ransomware attack in July 2020, but despite blocking the attempt to encrypt their systems, the company discovered that a database backup had been accessed prior to the attack.

Identity Theft 246

Identity Theft Passwords Backups Encryption 246

Troy Hunt

JULY 21, 2020

The tl;dr is that someone with a BeerAdvocate account was convinced the service had been pwned as they'd seen evidence of an email address and password they'd used on the service being abused. Someone had registered a new Netflix account with my email / password associated with my BeerAdvocate account. Not even a password manager.

Passwords 329

Passwords Accountability Password Management Backups 329

Schneier on Security

MAY 23, 2022

A 4-digit application PIN (which gets set during the initial onboarding when a user first instals the application) is the encryption password used to protect or encrypt the licence data.

Encryption 313

Encryption Backups Passwords 313

Krebs on Security

JUNE 2, 2020

“Others have gotten the message about the need for good backups, and probably don’t need to pay. A ridiculous number of businesses — particularly healthcare providers — get hit with ransomware because they leave RDP open to the Internet and secured with easy-to-guess passwords.

Ransomware 337

Ransomware Backups Encryption Internet 337

Joseph Steinberg

JANUARY 19, 2022

Do you know, for example, where all of your backups are – even the ones made years ago? If the data in any such backups contains information that remains sensitive, the backups need to be located, decrypted, re-encrypted, and the originals properly destroyed (or properly wiped and overwritten).

Encryption 363

Encryption Backups Banking Artificial Intelligence 363

Malwarebytes

JANUARY 3, 2025

If interested, the victim will receive a download link and a password for the archive containing the promised installer. Often, the message comes from the “developer” themselves, as asking whether you can try a game that they personally made is a common method to lure victims.

Scams 142

Scams Identity Theft Media Accountability 142

Krebs on Security

APRIL 6, 2021

. — rely on that number for password resets. From there, the bad guys can reset the password of any account to which that mobile number is tied, and of course intercept any one-time tokens sent to that number for the purposes of multi-factor authentication. It’s time we stopped letting everyone treat them that way.

Mobile 356

Mobile Accountability Passwords Authentication 356

Krebs on Security

MAY 18, 2019

com — a forum popular among people involved in hijacking online accounts and conducting SIM swapping attacks to seize control over victims’ phone numbers — has itself been hacked, exposing the email addresses, hashed passwords, IP addresses and private messages for nearly 113,000 forum users.

Accountability 264

Accountability Hacking Backups Passwords 264

Schneier on Security

MAY 6, 2019

Don't reuse passwords for anything important -- ­and get a password manager to remember them all. Do your best to disable the "secret questions" and other backup authentication mechanisms companies use when you forget your password­ -- those are invariably insecure.

Identity Theft 279

Identity Theft Passwords Password Management Authentication 279

SecureWorld News

OCTOBER 31, 2024

The crucifix : Regular backups, robust firewalls, and anti-malware software can drive away these bloodsuckers, keeping your system safe from sudden data "drain." How to keep the ghosts away : Conduct routine audits of connected devices, disconnect unused devices, and enforce strong password policies across all endpoints.

IoT 118

IoT Phishing DDOS Backups 118

Malwarebytes

MARCH 17, 2025

To stay cybersecure and private on vacation, the majority of people will backup their data (53%), ensure their security software is up to date (63%), and set up credit card transaction alerts (56%), but 10% will take none of theseor othersteps. Use a password manager and 2FA. Consider a VPN.

VPN 83

VPN Passwords Scams Backups 83

Krebs on Security

OCTOBER 1, 2021

From there, the attackers can reset the password for almost any online account tied to that mobile number, because most online services still allow people to reset their passwords simply by clicking a link sent via SMS to the phone number on file. a one-time passcode sent via email to the email address associated with the account. .”

Wireless 338

Wireless Mobile Passwords Authentication 338

Security Affairs

NOVEMBER 22, 2021

Memento ransomware group locks files inside WinRAR password-protected archives after having observed that its encryption process is blocked by security firms. The ransomware copies files into password-protected WinRAR archives, it uses a renamed freeware version of the legitimate file utility WinRAR. Pierluigi Paganini.

Passwords 145

Passwords Ransomware Encryption Backups 145

IT Security Guru

JANUARY 22, 2024

Password managers have become integral tools for individuals and businesses alike. However, these digital guardians can offer more than just a secure vault for passwords. In fact, a good password manager can play a crucial role in enhancing both the personal and professional aspects of a user’s digital life.

Password Management 133

Password Management Passwords Banking Accountability 133

Adam Levin

DECEMBER 16, 2020

Don’t re-use passwords: Yes, keeping track of passwords for all of your accounts can be a chore, but using the same password means that one breached account can be used to others that use the same user credentials. If you’re having difficulty keeping track of passwords, consider using a password manager.

VPN 245

VPN Antivirus Passwords Backups 245

Krebs on Security

DECEMBER 8, 2022

Tripwire’s tips for all organizations on avoiding ransomware attacks include: Making secure offsite backups. Using hard-to-crack unique passwords to protect sensitive data and accounts, as well as enabling multi-factor authentication. As noted in last year’s story Don’t Wanna Pay Ransom Gangs? ” . ”

Healthcare 317

Healthcare Backups Ransomware Insurance 317

The Last Watchdog

FEBRUARY 5, 2024

iConnect faced a major disruption of its Exchange services, stemming from a corrupted RAID drive and extending into their backups. Implement strong password policies and multi-factor authentication to prevent unauthorized access. Backup strategies. Comprehensive monitoring.

Risk 264

Risk Backups Software Education 264

Krebs on Security

DECEMBER 7, 2019

based Complete Technology Solutions (CTS), was hacked, allowing a potent strain of ransomware known as “Sodinokibi” or “rEvil” to be installed on computers at more than 100 dentistry businesses that rely on the company for a range of services — including network security, data backup and voice-over-IP phone service.

Ransomware 246

Ransomware Backups Insurance Wireless 246

Webroot

FEBRUARY 21, 2025

Its a top-end, true all-in-one offering based on a new platform that combines antivirus, password manager, identity protection, VPN, backup, and parental controls. Close compromised accounts and open new ones with different account numbers, and new passwords and PINs. This is where data encryption and automated backups come in.

Identity Theft 65

Identity Theft Backups Antivirus Encryption 65

Webroot

MARCH 3, 2025

Common attacks to consumer protection Identity theft and fraud Some common types of identity theft and fraud include account takeover fraud , when criminals use stolen personal information such as account numbers, usernames, or passwords to hijack bank accounts, credit cards, and even email and social media accounts.

Consumer Protection 84

Consumer Protection Identity Theft Scams Social Engineering 84

Malwarebytes

MARCH 29, 2024

They say the only backup you ever regret is the one you didn’t make. iPhone backups can be used to easily move your apps and data to a new phone, to recover things you’ve lost, or to fix things that have failed. We’ve published posts on how to back up your iPhone to iCloud, and how to backup an iPhone to a Mac.

Backups 115

Backups Encryption Passwords Mobile 115

Krebs on Security

FEBRUARY 12, 2019

Email provider VFEmail has suffered what the company is calling “catastrophic destruction” at the hands of an as-yet unknown intruder who trashed all of the company’s primary and backup data in the United States. Every file server is lost, every backup server is lost. Founded in 2001 and based in Milwaukee, Wisc.,

Hacking 273

Hacking DDOS Backups Accountability 273

Krebs on Security

MARCH 16, 2021

From there, the attacker can reset the password of any account which uses that phone number for password reset links. Any online accounts that you value should be secured with a unique and strong password, as well the most robust form of multi-factor authentication available.

Telecommunications 363

Telecommunications Mobile Accountability Wireless 363

Krebs on Security

APRIL 11, 2019

and higher can now be used as Security Keys , an additional authentication layer that helps thwart phishing sites and password theft. Once a user has enrolled their Android phone as a Security Key, the user will need to approve logins via a prompt sent to their phone after submitting their username and password at a Google login page.

Mobile 263

Mobile Authentication Passwords Accountability 263

Anton on Security

JANUARY 3, 2023

Weak passwords continued to be the most common factor at 41% of observed compromises. This also reminds me that if you are owned, your cloud environment is probably also owned…] “Mandiant research indicates that threat actors are increasingly targeting backups to inhibit reconstitution after an attack.

Cybersecurity 185

Cybersecurity Backups DDOS Ransomware 185

Malwarebytes

MARCH 29, 2024

They say the only backup you ever regret is the one you didn’t make. iPhone backups can be used to easily move your apps and data to a new phone, to recover things you’ve lost, or to fix things that have failed. One of the most cost effective ways to backup your iPhone is to save backups to your Mac.

Backups 106

Backups Encryption Passwords Mobile 106