CSO and Passwords - Cyber Security Informer

The 7 best password managers for business

CSO Magazine

AUGUST 30, 2021

Enterprise-class password managers have become one of the easiest and most cost-effective ways to help employees lock down their online accounts. Sign up for CSO newsletters. ]. Sign up for CSO newsletters. ]. Not all business password managers have feature parity with each other; in some cases it’s not even close.

Password Management

Password Management Passwords CSO Accountability

The password hall of shame (and 10 tips for better password security)

CSO Magazine

APRIL 15, 2021

Pop quiz: What has been the most popular — and therefore least secure — password every year since 2013? If you answered “password,” you’d be close. Qwerty” is another contender for the dubious distinction, but the champion is the most basic, obvious password imaginable: “123456.”

Passwords

Passwords Data breaches

How to review password quality in Active Directory

CSO Magazine

JULY 28, 2021

More applications and devices are using password repositories to check on password reuse. When you log into your iPhone for example, it now alerts you that passwords you saved in your iCloud keychain may have been reused in other places. To read this article in full, please click here (Insider Story)

Passwords

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

The 7 best password managers for business

CSO Magazine

JANUARY 6, 2022

What's a password manager? A password manager is a program that stores passwords and logins for various sites and apps, and generates new strong passwords when a user needs to change an old one or create a new account.

Password Management

Password Management Passwords Encryption Accountability

How corporate data and secrets leak from GitHub repositories

CSO Magazine

OCTOBER 5, 2021

He wanted to leak an SSH username and password into a GitHub repository and see if any attacker might find it. The biggest eye-opener for me was how quickly it was exploited," he tells CSO. Get the latest from CSO by signing up for our newsletters. ] Get the latest from CSO by signing up for our newsletters. ]

CSO

CSO Data breaches Passwords

Report: Active Directory Certificate Services a big security blindspot on enterprise networks

CSO Magazine

JUNE 17, 2021

Check out the password hall of shame (and 10 tips for better password security) | Get the latest from CSO by signing up for our newsletters. ] To read this article in full, please click here

CSO

CSO Passwords Authentication Accountability

Passwordless company claims to offer better password security solution

CSO Magazine

JULY 18, 2022

Stytch, a company founded to spread the adoption of passwordless authentication, has announced what it's calling a modern upgrade to passwords. The cloud-based solution addresses four common problems with passwords that create security risks and account friction. Password reuse. Strength assessment. Account de-duplicating.

Passwords

Passwords Authentication Accountability Risk

Credential stuffing explained: How to prevent, detect, and defend against it

CSO Magazine

MAY 27, 2021

Credential stuffing is the automated use of collected usernames and passwords to gain fraudulent access to user accounts. Credential stuffing attacks are one of the most common ways cybercriminals abuse stolen usernames and passwords. Check out the password hall of shame (and 10 tips for better password security). |

CSO

CSO Passwords Data breaches Accountability

8 top multifactor authentication products and how to choose an MFA solution

CSO Magazine

OCTOBER 19, 2021

All these attacks key on traditional credentials, usernames and passwords, which are past their expiration date as a legitimate security measure. Get the latest from CSO by signing up for our newsletters. ] An obvious way forward in enhancing access security is multifactor authentication (MFA).

Authentication

Authentication CSO Social Engineering Engineering

4 ways cybercriminals hide credential stuffing attacks

CSO Magazine

JANUARY 13, 2022

Credential stuffing is a cyberattack in which exposed usernames and passwords are used to gain fraudulent access to user accounts through large-scale, automated login requests. Attackers are asking: What does it look like to make a legitimate request? How can we emulate that?

CSO

CSO Data breaches Passwords Accountability

Unpatched Exchange Servers an overlooked risk

CSO Magazine

SEPTEMBER 1, 2021

Use of known/fixed/default passwords and credentials. Get the latest from CSO by signing up for our newsletters. ] They are so broad in their “badness,” however, that any organization should take notice and ensure they are not doing them. The two bad practices are: Use of unsupported (or end-of-life) software.

CSO

CSO Risk Architecture Passwords

CSO of the Year | Dan Meacham helps Legendary Entertainment’s movie magic live safely in the cloud

SC Magazine

MAY 3, 2021

Dan Meacham is chief information security officer and CSO with Legendary Entertainment, the production company behind Godzilla vs. Kong and other popular films such as The Dark Knight and Jurassic World. If they can pass this authentication process, then they don’t even need a password to log in. Legendary Entertainment).

CSO

CSO InfoSec Media Authentication

APT actors exploit flaw in ManageEngine single sign-on solution

CSO Magazine

SEPTEMBER 20, 2021

Cyberespionage groups are exploiting a critical vulnerability patched earlier this month in ManageEngine ADSelfService Plus, a self-service password management and single sign-on (SSO) solution for Active Directory environments. Sign up for CSO newsletters. ]. Sign up for CSO newsletters. ].

CSO

CSO Password Management Passwords Software

Social engineering: Definition, examples, and techniques

CSO Magazine

FEBRUARY 7, 2022

For example, instead of trying to find a software vulnerability, a social engineer might call an employee and pose as an IT support person, trying to trick the employee into divulging his password. Get the latest from CSO by signing up for our newsletters. ] Learn what makes these 6 social engineering techniques so effective. |

Social Engineering

Social Engineering Engineering CSO Passwords

Episode 247: Into the AppSec Trenches with Robinhood CSO Caleb Sima

The Security Ledger

DECEMBER 21, 2022

Paul speaks with Caleb Sima, the CSO of the online trading platform Robinhood, about his journey from teenage cybersecurity phenom and web security pioneer, to successful entrepreneur to an executive in the trenches of protecting high value financial services firms from cyberattacks. Caleb Sima is the CSO at Robinhood.

CSO

CSO Financial Services CISO Mobile

The Rise of Advanced Authentication: Strengthening Digital Defense

SecureBlitz

JUNE 27, 2023

Traditional authentication techniques, such as passwords and PINs, are no longer enough to safeguard against sophisticated assaults. CSO Online recently reported a […] The post The Rise of Advanced Authentication: Strengthening Digital Defense appeared first on SecureBlitz Cybersecurity.

Authentication

Authentication CSO Passwords Cybersecurity

Attackers switch to self-extracting password-protected archives to distribute email malware

CSO Magazine

OCTOBER 20, 2022

Distributing malware inside password-protected archives has long been one of the main techniques used by attackers to bypass email security filters. More recently, researchers have spotted a variation that uses nested self-extracting archives that no longer require victims to input the password.

Passwords

Passwords Malware

Tips to improve domain password security in Active Directory

CSO Magazine

APRIL 14, 2021

Until then, you can take steps to protect your networks better, starting with handling passwords better in your domain. The concept of zero trust is that nothing should be trusted by default. Most of us are trying to work our way to zero trust but are not there yet.

Passwords

Legacy, password-based authentication systems are failing enterprise security, says study

CSO Magazine

MARCH 28, 2023

Authentication-related attacks grew in 2022, taking advantage of outdated, password-based authentication systems, according to a study commissioned by HYPR, a passwordless multifactor authentication (MFA) provider based in the US.

Authentication

Authentication Passwords Marketing Phishing

FIDO explained: How this industry initiative aims to make passwords obsolete

CSO Magazine

FEBRUARY 1, 2021

The FIDO (fast identity online) Alliance is an industry association that aims to reduce reliance on passwords for security, complementing or replacing them with strong authentication based on public-key cryptography.

Passwords

Passwords Authentication

Why authentication is still the CISO’s biggest headache

CSO Magazine

MARCH 30, 2022

Authentication continues to test CISOs for several reasons, with its modern definition being the first to address, Netskope CISO Lamont Orange tells CSO. “We Authentication a significant obstacle for modern CISOs. To read this article in full, please click here

Authentication

Authentication CISO CSO Passwords

Who is your biggest insider threat?

CSO Magazine

APRIL 13, 2022

In his career, he has seen people pick up and use dropped thumb drives, give up passwords over the phone and, yes, even click on simulated phishing links. Sign up for CSO newsletters. ]. He has also seen the real-world consequences of such actions.

Penetration Testing

Penetration Testing CSO Phishing Passwords

How to reset Kerberos account passwords in an Active Directory environment

CSO Magazine

APRIL 7, 2021

Most large enterprises regularly change their Kerberos passwords. If the KRBTGT account password hash is stolen or broken with an attack, the attackers can then grant themselves full access to your network with the necessary authentication. When an attacker wiggles into a network, they can use the golden ticket attack sequence.

Passwords

Passwords Accountability Authentication

Password manager LastPass reveals intrusion into development system

CSO Magazine

AUGUST 26, 2022

LastPass, maker of a popular password management application, revealed Thursday that an unauthorized party gained access to its development environment through a compromised developer account and stole some source code and proprietary technical information. To read this article in full, please click here

Password Management

Password Management Passwords Architecture Encryption

Uber Breach Guilty Verdict, Mandatory Password Expiration, Fake Executive Profiles on LinkedIn

Security Boulevard

OCTOBER 16, 2022

Former Uber CSO Joe Sullivan was found guilty of obstructing a federal investigation in connection with the attempted cover-up of a 2016 hack at Uber, NIST and Microsoft say that mandatory password expiration is no longer needed but many organizations are still doing it, and how fake executive profiles are becoming a huge problem for […].

Passwords

Passwords CSO Hacking Accountability

Consumers are done with passwords, ready for more innovative authentication

CSO Magazine

SEPTEMBER 30, 2021

CISOs looking to beef up their customer-facing authentication procedures to thwart cyberattacks need to walk a fine line. You want the method to provide tight security without being too complicated, confusing, or onerous for end users.

Authentication

Authentication Passwords Retail CISO

SecureAuth unveils new end-to-end access and authentication solution

CSO Magazine

JUNE 2, 2022

If, after initial authentication, you never authenticate again, a bad actor could potentially run rampant in your system," he tells CSO. The days of granting blanket trust after initial authentication are over, says SecureAuth CEO Paul Trulove. "If,

Authentication

Authentication Artificial Intelligence CSO Passwords

BastionZero releases SplitCert for password-free authentication and access

CSO Magazine

JUNE 8, 2023

BastionZero has announced the release of SplitCert to provide password-free authentication access to databases. It uses Mutual TLS (mTLS) and cryptographic multi-party computation (MPC) to provide certificate-based authentication for popular, self-hosted Postgres and MongoDB databases, according to the vendor.

Authentication

Authentication Passwords

Wegmans reports misconfigurations on two cloud databases

SC Magazine

JUNE 18, 2021

In a notice released to its customers, Wegmans said the type of customer information included names, addresses, phone numbers, birth dates, Shoppers Club numbers, and email addresses and passwords for access to Wegmans.com accounts. Tracy said companies really need to understand the shared security model of the cloud providers.

CSO

CSO Passwords Authentication Accountability

MY TAKE: How ‘CASBs’ are evolving to close the security gaps arising from digital transformation

The Last Watchdog

APRIL 5, 2019

In the past, for example, companies could get away with using a default password, and depend on firewalls and other internal security tools to provide protection. Employers and employees like using the cloud, Lakshmanan pointed out, because it completely changes the paradigm of the user’s productivity. Everything they need is there.

Digital transformation

Digital transformation CSO Firewall Risk

Cybersecurity’s Comfort Zone Problem: Are you Guilty of it?

Jane Frankland

APRIL 15, 2025

Whether its a mis-click on a phishing email, poor password management, acting on a deepfake, or a misconfiguration, human error accounts for most breaches. But just like the coffee drinker who bypasses their local shop, our focus on technology often distracts us from whats most important.

Risk

Risk Technology Cybersecurity Security Awareness

GitHub Discovers Authentication Issue

SecureWorld News

MARCH 10, 2021

He also says that it is very important to note that this issue was not the result of compromised account passwords, SSH keys, or personal access tokens (PATs). GitHub CSO Mike Hanley takes security seriously. Mike Hanley was hired as GitHub's new CSO in February 2021.

Authentication

Authentication CSO Accountability Engineering

How to reset a Kerberos password and get ahead of coming updates

CSO Magazine

NOVEMBER 23, 2022

Do you recall when you last reset your Kerberos password? Hopefully that was not the last time I suggested you change it, back in April of 2021, when I urged you to do a regular reset of the KRBTGT account password.

Passwords

Passwords Authentication Accountability

Beyond Awareness: How to Cultivate the Human Side of Security

CyberSecurity Insiders

MAY 16, 2022

By Amanda Fennell, CSO and CIO, Relativity. While exploring phishing examples and best tools to manage passwords, offer to dive into how tools actually work. Think about password management. The average person, in their personal and professional life, may be managing as many as 200 application accounts, each with a password.

CSO

CSO Passwords Password Management Accountability

Podcast Episode 113: SAP CSO Justin Somaini and Election Hacks – No Voting Machines Required!

The Security Ledger

SEPTEMBER 25, 2018

SAP CSO Justin Somaini. For consumers, that means boning up on account security – maybe getting a password manager. Somaini has the distinction of being the first CSO at Yahoo and also at Symantec. October is Cybersecurity awareness month. But what if you’re the Chief Security Officer of an $128 billion global corporation?

CSO

CSO Hacking Security Awareness Password Management

A Clear and Present Need: Bolster Your Identity Security with Threat Detection and Response

Duo's Security Blog

NOVEMBER 20, 2023

“It took nearly 11 months (328 days) to identity and contain data breaches resulting from stolen or compromised credentials.” – IBM’s Cost of Data Breach Report 2023 I recently came across a 2012 article from CSO Online , and realized that it has been more than 11 years since the phrase “Identity is the new perimeter” was coined!

Threat Detection

Threat Detection Authentication Accountability Data breaches

Why it might be time to consider using FIDO-based authentication devices

CSO Magazine

JANUARY 4, 2023

Every business needs a secure way to collect, manage, and authenticate passwords. Storing passwords in the browser and sending one-time access codes by SMS or authenticator apps can be bypassed by phishing. Unfortunately, no method is foolproof. To read this article in full, please click here

Authentication

Authentication Password Management Backups Passwords

Dashlane launches integrated passkey support for password manager with new in-browser passkey solution

CSO Magazine

SEPTEMBER 1, 2022

Password management vendor Dashlane has announced the introduction of integrated passkey support in its password manager, unveiling an in-browser passkey solution to help tackle the issue of stolen/misused passwords. Passkey support includes secure sharing, access control, multi-device sync capabilities.

Password Management

Password Management Passwords Authentication

How to securely manage LAPS on a Windows network

CSO Magazine

NOVEMBER 2, 2022

Passwords have always been a pain point in securing computing infrastructure. Complexity and length are key components of a strong password, but both make it inherently difficult for a human to remember.

Passwords

Passwords Marketing

Black Hat 2021: Better Than Ever (As Always)

Duo's Security Blog

JULY 13, 2021

Cisco Secure is sponsoring the event — look for our goodbye to passwords video, or if you’re interested in careers at Cisco/Duo, stop into the #job-postings Discord channel to see what roles are open. With so much to look forward to, we can’t wait for Black Hat to begin.

CISO

CISO CSO Authentication Passwords

How to reset a Kerberos password and get ahead of coming updates

Security Boulevard

NOVEMBER 24, 2022

How to reset a Kerberos password and get ahead of coming updates. Do you recall when you last reset your Kerberos password? Hopefully that was not the last time I suggested you change it, back in April of 2021, when I urged you to do a regular reset of the KRBTGT account password. Leer más CSO Online.

Passwords

Passwords CSO Authentication Accountability

Cybercriminals bypass 2FA and OTP with robocalling and Telegram bots

CSO Magazine

SEPTEMBER 29, 2021

Faced with this additional hurdle that prevents them from exploiting stolen passwords, cybercriminals have had to adapt, too, and come up with innovative ways to extract one-time use authentication codes from users.

Passwords

Passwords Cybercrime Authentication Accountability

10 security tools all remote employees should have

CSO Magazine

JULY 29, 2021

Whether it’s an inability to properly manage password complexity across multiple systems, poor social media habits, or even a lack of awareness with things like email links, online shopping, or app and software usage. It’s no secret that humans are the biggest vulnerability to any corporate network.

Media

Media Passwords Software

Okta revealed that its private GitHub repositories were hacked this month

Security Affairs

DECEMBER 21, 2022

“Upon investigation, we have concluded that such access was used to copy Okta code repositories,” writes David Bradbury, the Okta Chief Security Officer (CSO) in the mail. The Lapsus$ extortion group compromised the laptop of one of its support engineers that allowed them to reset passwords for some of its customers.

Hacking

Hacking CSO Data breaches Engineering

The 7 best password managers for business

The password hall of shame (and 10 tips for better password security)

Webinars

Trending Sources

How to review password quality in Active Directory

Webinars

The 7 best password managers for business

How corporate data and secrets leak from GitHub repositories

Report: Active Directory Certificate Services a big security blindspot on enterprise networks

Passwordless company claims to offer better password security solution

Credential stuffing explained: How to prevent, detect, and defend against it

8 top multifactor authentication products and how to choose an MFA solution

4 ways cybercriminals hide credential stuffing attacks

Unpatched Exchange Servers an overlooked risk

CSO of the Year | Dan Meacham helps Legendary Entertainment’s movie magic live safely in the cloud

APT actors exploit flaw in ManageEngine single sign-on solution

Social engineering: Definition, examples, and techniques

Episode 247: Into the AppSec Trenches with Robinhood CSO Caleb Sima

The Rise of Advanced Authentication: Strengthening Digital Defense

Attackers switch to self-extracting password-protected archives to distribute email malware

Tips to improve domain password security in Active Directory

Legacy, password-based authentication systems are failing enterprise security, says study

FIDO explained: How this industry initiative aims to make passwords obsolete

Why authentication is still the CISO’s biggest headache

Who is your biggest insider threat?

How to reset Kerberos account passwords in an Active Directory environment

Password manager LastPass reveals intrusion into development system

Uber Breach Guilty Verdict, Mandatory Password Expiration, Fake Executive Profiles on LinkedIn

Consumers are done with passwords, ready for more innovative authentication

SecureAuth unveils new end-to-end access and authentication solution

BastionZero releases SplitCert for password-free authentication and access

Wegmans reports misconfigurations on two cloud databases

MY TAKE: How ‘CASBs’ are evolving to close the security gaps arising from digital transformation

Cybersecurity’s Comfort Zone Problem: Are you Guilty of it?

GitHub Discovers Authentication Issue

How to reset a Kerberos password and get ahead of coming updates

Beyond Awareness: How to Cultivate the Human Side of Security

Podcast Episode 113: SAP CSO Justin Somaini and Election Hacks – No Voting Machines Required!

A Clear and Present Need: Bolster Your Identity Security with Threat Detection and Response

Why it might be time to consider using FIDO-based authentication devices

Dashlane launches integrated passkey support for password manager with new in-browser passkey solution

How to securely manage LAPS on a Windows network

Black Hat 2021: Better Than Ever (As Always)

How to reset a Kerberos password and get ahead of coming updates

Cybercriminals bypass 2FA and OTP with robocalling and Telegram bots

10 security tools all remote employees should have

Okta revealed that its private GitHub repositories were hacked this month

Stay Connected