Sat.Jun 13, 2020 - Fri.Jun 19, 2020

article thumbnail

Turn on MFA Before Crooks Do It For You

Krebs on Security

Hundreds of popular websites now offer some form of multi-factor authentication (MFA), which can help users safeguard access to accounts when their password is breached or stolen. But people who don’t take advantage of these added safeguards may find it far more difficult to regain access when their account gets hacked, because increasingly thieves will enable multi-factor options and tie the account to a device they control.

article thumbnail

Pwned Passwords, Version 6

Troy Hunt

Today, almost one year after the release of version 5 , I'm happy to release the 6th version of Pwned Passwords. The data set has increased from 555,278,657 known compromised passwords to a grand total of 572,611,621, up 17,332,964? (just over 3%). As with previous releases, I've made the call to push the data now simply because there were enough new records to justify the overhead in doing so.

Passwords 333
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Bank Card "Master Key" Stolen

Schneier on Security

South Africa's Postbank experienced a catastrophic security failure. The bank's master PIN key was stolen, forcing it to cancel and replace 12 million bank cards. The breach resulted from the printing of the bank's encrypted master key in plain, unencrypted digital language at the Postbank's old data centre in the Pretoria city centre. According to a number of internal Postbank reports, which the Sunday Times obtained, the master key was then stolen by employees.

Banking 261
article thumbnail

Most of the world's most popular passwords can be cracked in under a second

Tech Republic Security

Hackers who use brute force attacks can easily compromise accounts with weak passwords, according to Nordpass.

Passwords 218
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

FEMA IT Specialist Charged in ID Theft, Tax Refund Fraud Conspiracy

Krebs on Security

An information technology specialist at the Federal Emergency Management Agency (FEMA) was arrested this week on suspicion of hacking into the human resource databases of University of Pittsburgh Medical Center (UPMC) in 2014, stealing personal data on more than 65,000 UPMC employees, and selling the data on the dark web. On June 16, authorities in Michigan arrested 29-year-old Justin Sean Johnson in connection with a 43-count indictment on charges of conspiracy, wire fraud and aggravated identi

article thumbnail

Weekly Update 196

Troy Hunt

All my things are breaking ?? Mic broke, PC broke, boat shed handle broke, fridges (both of them) broke, fireplace broke, roof broke. and that's just the stuff I could remember in the live stream. But in happier news, listening back to that video now I'm really happy with the audio quality of the new mic and I reckon that once the pop filter is installed the sound will be spot on.

Passwords 188

More Trending

article thumbnail

BlackBerry partners with Intel to detect cryptojacking malware

Tech Republic Security

The partnership leverages Intel's CPU telemetry data to more easily detect abnormal system behavior that indicates illicit cryptocurrency mining.

article thumbnail

When Security Takes a Backseat to Productivity

Krebs on Security

“We must care as much about securing our systems as we care about running them if we are to make the necessary revolutionary change.” -CIA’s Wikileaks Task Force. So ends a key section of a report the U.S. Central Intelligence Agency produced in the wake of a mammoth data breach in 2016 that led to Wikileaks publishing thousands of classified documents stolen from the agency’s offensive cyber operations division.

article thumbnail

NEW TECH: Cequence Security’s new ‘API Sentinel’ helps identify, mitigate API exposures

The Last Watchdog

Application Programming Interfaces – APIs. Without them digital transformation would never have gotten off the ground. Related: Defending botnet-driven business logic hacks APIs made possible the astounding cloud, mobile and IoT services we have today. This happened, at a fundamental level, by freeing up software developers to innovate on the fly. APIs have exploded in enterprise use over the past several years.

article thumbnail

Theft of CIA's "Vault Seven" Hacking Tools Due to Its Own Lousy Security

Schneier on Security

The Washington Post is reporting on an internal CIA report about its "Vault 7" security breach: The breach -- allegedly committed by a CIA employee -- was discovered a year after it happened, when the information was published by WikiLeaks, in March 2017. The anti-secrecy group dubbed the release " Vault 7 ," and U.S. officials have said it was the biggest unauthorized disclosure of classified information in the CIA's history, causing the agency to shut down some intelligence operations and aler

Hacking 226
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Cybersecurity risks in a possible US manufacturing resurgence

Tech Republic Security

When factories, notably in China, shuttered during the COVID-19 pandemic, products the US relied on were impacted. Here's how experts see a return to "Made in America" and the incumbent risks.

article thumbnail

Privnotes.com Is Phishing Bitcoin from Users of Private Messaging Service Privnote.com

Krebs on Security

For the past year, a site called Privnotes.com has been impersonating Privnote.com , a legitimate, free service that offers private, encrypted messages which self-destruct automatically after they are read. Until recently, I couldn’t quite work out what Privnotes was up to, but today it became crystal clear: Any messages containing bitcoin addresses will be automatically altered to include a different bitcoin address, as long as the Internet addresses of the sender and receiver of the mess

Phishing 243
article thumbnail

Loss of CIA Hacking Tools Tied to Lax Cybersecurity

Adam Levin

CIA-developed hacking tools stolen in 2016 were compromised by an organizational culture of lax cybersecurity, according to an internal memo. In a 2017 memo recently acquired by the Washington Post , a CIA task force attributed the exfiltration of critical hacking tools and data to “a culture… that too often prioritized creativity and collaboration at the expense of security.” .

Hacking 165
article thumbnail

Examining the US Cyber Budget

Schneier on Security

Jason Healey takes a detailed look at the US federal cybersecurity budget and reaches an important conclusion: the US keeps saying that we need to prioritize defense, but in fact we prioritize attack. To its credit, this budget does reveal an overall growth in cybersecurity funding of about 5 percent above the fiscal 2019 estimate. However, federal cybersecurity spending on civilian departments like the departments of Homeland Security, State, Treasury and Justice is overshadowed by that going t

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Many people using email to share files despite lack of security

Tech Republic Security

Those polled by Nordlocker also use cloud services, messaging apps, and external drives to share files.

212
212
article thumbnail

79 Netgear router models affected by a dangerous Zero-day

Security Affairs

79 Netgear router models are vulnerable to a severe unpatched security vulnerability that can be exploited by remote attackers to take over devices. Security experts Adam Nichols from GRIMM and d4rkn3ss from the Vietnamese internet service provider VNPT have independently reported a severe unpatched security vulnerability that affects 79 Netgear router models.

Firmware 145
article thumbnail

Dating Apps Leak 845 GB of User Data

Adam Levin

An unsecured Amazon Web Services (AWS) database leaked the personal information of hundreds of thousands of users of several niche and special interest dating apps. Security researchers from vpnMentor discovered 845 gigabytes of user data from dating apps including 3somes, Cougary, Gay Daddy Bear, Xpal, BBW Dating, Casualx, SugarD, and Herpes Dating in late May.

article thumbnail

New Hacking-for-Hire Company in India

Schneier on Security

Citizen Lab has a new report on Dark Basin, a large hacking-for-hire company in India. Key Findings: Dark Basin is a hack-for-hire group that has targeted thousands of individuals and hundreds of institutions on six continents. Targets include advocacy groups and journalists, elected and senior government officials, hedge funds, and multiple industries.

Hacking 204
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Top 5 things to know about security breaches

Tech Republic Security

Verizon's annual Data Breach Investigations Report confirmed 3,950 data breaches across 16 industries. Tom Merritt explains five things to know about these breaches.

article thumbnail

T-Mobile suffered a major outage in the US allegedly caused by a massive DDoS attack

Security Affairs

Wireless carrier T-Mobile suffered a major outage in the United States, that impacted service at other carriers, due to a “massive” DDoS attack. Wireless carrier T-Mobile suffered a massive DDoS attack that caused a major outage in the United States that impacted service at other carriers due to a “massive” DDoS attack. This DDoS attack is serious. It has taken down Instagram, Facebook, T-Mobile, Verizon, and Twitch… 2020 is something else. pic.twitter.com/ztU59XMWu3 — Jordan Daley (

DDOS 145
article thumbnail

Dating Apps Exposed 845GB of Explicit Photos, Chats, and More

WIRED Threat Level

3somes, Gay Daddy Bear, and Herpes Dating are among the nine services that leaked the data of hundreds of thousands of users.

145
145
article thumbnail

Security and Human Behavior (SHB) 2020

Schneier on Security

Today is the second day of the thirteenth Workshop on Security and Human Behavior. It's being hosted by the University of Cambridge, which in today's world means we're all meeting on Zoom. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security, organized each year by Alessandro Acquisti, Ross Anderson, and myself.

203
203
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

How blockchain is transforming online gaming for players

Tech Republic Security

With blockchain, gamers can save their in-game purchases and retain their value to resell them to other players or move them into other games for the first time.

200
200
article thumbnail

AWS mitigated largest DDoS attack ever of 2.3 Tbps

Security Affairs

AWS announced it has mitigated a 2.3 Tbps DDoS attack, the largest ever, which surpassed the previous record of 1.7 Tbps that took place in March 2018. Amazon announced it has mitigated the largest ever DDoS attack of 2.3 Tbps, the news is surprising if we consider that the previous record was of 1.7 Tbps that took place in March 2018. The 2.3 Tbps attack was neutralized by the Amazon AWS Shield service in mid-February this year.

DDOS 145
article thumbnail

How to Clean Up Your Old Posts on Twitter, Facebook, and Instagram

WIRED Threat Level

These tips and tools will help you scrub your social media profiles clean, or give you a fresh start without giving up your username and followers.

Media 137
article thumbnail

What Will Cybersecurity's 'New Normal' Look Like?

Dark Reading

The coronavirus pandemic has forced changes for much of the business world, cybersecurity included. What can we expect going forward?

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Cybercriminals unleash diverse wave of attacks on COVID-19 vaccine researchers

Tech Republic Security

As multiple companies inch closer to a potentially life-saving vaccine for the coronavirus, cybercriminals with varying motives have increased attacks.

200
200
article thumbnail

New Cisco Webex Meetings flaw allows attackers to impersonate users

Security Affairs

A flaw in Cisco Webex Meetings client for Windows could allow local authenticated attackers to gain access to sensitive information. A vulnerability in Cisco Webex Meetings client for Windows, tracked as CVE-2020-3347 , could be exploited by local authenticated attackers to gain access to sensitive information. “A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system.” r

article thumbnail

Body Cameras Haven't Stopped Police Brutality. Here's Why

WIRED Threat Level

Amid worldwide protests over racism and police violence, lawmakers are once again turning to the devices as a tool for reform.

136
136
article thumbnail

Happy Juneteenth!

Adam Shostack

Juneteenth is the celebration of the end of slavery in the US. We need more holidays that celebrate freedom. Freedom isn’t always comfortable or easy, but it is the precondition to the pursuit of happiness. BTW, we’ve been celebrating Juneteenth here on this blog for a long time , if no more consistently than anything else we do. Photo: Laura Blanchard , and I’ll note that there’s a real lack of Juneteenth stock imagery on all these sites.

130
130
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!