Schneier on Security

OCTOBER 10, 2018

The US Government Accounting Office just published a new report: " Weapons Systems Cyber Security: DOD Just Beginning to Grapple with Scale of Vulnerabilities " (summary here ). The upshot won't be a surprise to any of my regular readers: they're vulnerable.

Password Management 270

Password Management Cyber Risk Passwords Cyber Attacks 270

eSecurity Planet

FEBRUARY 10, 2025

In a stark warning to organizations and everyday users alike, cybersecurity experts and government agencies have sounded the alarm over a new breed of Gmail-targeted phishing attacks. These steps are critical to safeguard individual accounts and protect the broader network infrastructure from cascading breaches.

Phishing 116

Phishing Artificial Intelligence Password Management Accountability 116

Schneier on Security

MAY 6, 2019

Don't reuse passwords for anything important -- ­and get a password manager to remember them all. The best way for you to protect yourself is to change that incentive, which means agitating for government oversight of this space. Enable two-factor authentication for all important accounts whenever possible.

Identity Theft 279

Identity Theft Passwords Password Management Authentication 279

Troy Hunt

MAY 29, 2024

Since 2013 when I kicked off HIBP as a pet project , it has become an increasingly important part of the security posture of individuals, organisations, governments and law enforcement agencies.

Passwords 338

Passwords Password Management Data breaches Cybercrime 338

Troy Hunt

MARCH 29, 2018

Why It Makes Sense to Partner with a Password Manager Now. I could have said "go and get a password manager", but this is barely any better as it doesn't lead them by the hand to a good one! I spent a few hours manually updating all passwords to all sites. Thanks for all your work!

Password Management 270

Password Management Passwords Data breaches Retail 270

SC Magazine

APRIL 23, 2021

In an April 23 blog , the firm claimed to have digital evidence that Australian company ClickStudios suffered a breach, sometime between April 20 and April 22, which resulted in the attacker dropping a corrupted update to its password manager Passwordstate. This is a developing story. Check back for updates.

Password Management 89

Password Management Passwords Media Malware 89

Malwarebytes

JANUARY 27, 2025

Health insurance information: Details about primary, secondary, or other health plans/policies, insurance companies, member/group ID numbers, and Medicaid-Medicare-government payor ID numbers. Change your password. You can make a stolen password useless to thieves by changing it. Enable two-factor authentication (2FA).

Data breaches 124

Data breaches Healthcare Passwords Insurance 124

SecureWorld News

FEBRUARY 20, 2025

The FBI, CISA, and MS-ISAC have issued a joint cybersecurity advisory warning organizations about Ghost (Cring) ransomware, a sophisticated cyber threat that has been compromising critical infrastructure, businesses, and government entities worldwide. Use Privileged Access Management (PAM) solutions.

Ransomware 108

Ransomware IoT Encryption Social Engineering 108

Malwarebytes

FEBRUARY 11, 2025

They dont crack into password managers or spy on passwords entered for separate apps. Use a password manager to create and manage unique passwords for every single account. That way, if one password is stolen, it cannot be abused to open other online accounts.

Phishing 127

Phishing Passwords Mobile Authentication 127

eSecurity Planet

SEPTEMBER 6, 2024

We need secure and unique passwords to use business applications , access e-mail, and social media securely, and even watch movies on a streaming service. Password managers take some strain from generating, associating, and remembering those passwords. Table of Contents Toggle What Is a Password Manager?

Password Management 64

Password Management Passwords Accountability Social Engineering 64

Webroot

MARCH 3, 2025

During this time, many government agencies and consumer protection organizations come together to help educate consumers on how to keep their personal and financial information secure. How to protect yourself and your data Smart ways to secure your devices Strong passwords – Make them long, random, and unique.

Consumer Protection 84

Consumer Protection Identity Theft Scams Social Engineering 84

Troy Hunt

JANUARY 16, 2019

The original intention of it was to provide a data set to people building systems so that they could refer to a list of known breached passwords in order to stop people from using them again (or at least advise them of the risk). I did that many years ago now and wrote about how the only secure password is the one you can't remember.

Data breaches 280

Data breaches Passwords Password Management Accountability 280

Tech Republic Security

AUGUST 2, 2017

A new bill introduced by the senate would require IoT products used by government entities to meet standards for patchability, password management, and more.

IoT 71

IoT Government Password Management Passwords 71

The Last Watchdog

JANUARY 27, 2025

Certification requirements Each level carries its own stringent requirements, ranging from broad in scope at Level 1 to highly specialized at Level 3. Organizations can use this checklist to track progress and identify areas requiring attention before assessment. demands a structured approach to implementation and preparation.

Password Management 130

Password Management Architecture Threat Detection Cybersecurity 130

Malwarebytes

NOVEMBER 4, 2024

A ransomware attack against the City of Columbus, Ohio—which drew public scrutiny following the city government’s attempt to silence a researcher who told the public about the attack—has received a little more detail from an unexpected source: The Attorney General for the state of Maine. Change your password.

Data breaches 111

Data breaches Passwords Ransomware Phishing 111

Malwarebytes

OCTOBER 15, 2024

This statistic should not be interpreted to mean that 74% of people believe the election will be “hacked” or that votes will be switched by an adversarial government—a scenario that has never provably occurred in the US. Instead, it may point to how people interpret “cyber interference.

Scams 138

Scams Identity Theft Cybercrime Accountability 138

Security Boulevard

MARCH 10, 2023

Executive Summary In February 2023, EclecticIQ researchers identified multiple KamiKakaBot malwares which are very likely used to target government entities in ASEAN (Association of Southeast Asian Nations) countries. Analysts assess the content of the decoy documents is designed to target government entities in ASEAN countries.

Government 121

Government Malware Encryption Passwords 121

Malwarebytes

NOVEMBER 6, 2024

Lock things down Having a strict policy to protect your important assets with strong passwords and multi-factor authentication (MFA) should be a no-brainer. Consider making it easier for your staff by using a single-sign-on service or alternatively by providing them with a password manager.

Small Business 97

Small Business Backups VPN Firewall 97

Krebs on Security

MAY 19, 2020

For example, as recently as earlier this month, Intel 471 spotted Sanix selling access to nearly four dozen universities worldwide, and to a compromised VPN account for the government of San Bernadino, Calif.

Passwords 362

Passwords Accountability Hacking Password Management 362

CSO Magazine

JANUARY 7, 2022

The UK’s National Cyber Security Centre (NCSC) is updating its requirements for the Cyber Essentials scheme, a government-backed certification that helps UK organisations defend against common cyberthreats. The update includes revisions surrounding the use of cloud services, multi-factor authentication (MFA), and password management.

Digital transformation 127

Digital transformation Password Management Passwords Authentication 127

CyberSecurity Insiders

JANUARY 16, 2023

First, is the news that the Indian government has launched its own Mobile Operating systems that have capabilities to take on international rivals like iOS and Android. Called as IndOS, the OS will be available on devices being sold on the Indian subcontinent and will have all pre-loaded government apps that are there to service the citizen.

Cyber Attacks 143

Cyber Attacks Mobile Government Password Management 143

Troy Hunt

MARCH 10, 2021

Somehow this thread speared off into lots of comparing guidance on password strength to warnings in cars: I've written before about how IRL analogies are terrible and this one is no exception. You will not die if you use a weak password. There aren't government regulations defining how the software is built.

Passwords 355

Passwords IoT Password Management Data breaches 355

IT Security Guru

JUNE 30, 2021

Password Vaults, SSO and Virtual Private Networks. Password vaults, also described as password managers, are encrypted vaults that digitally store usernames and passwords. They are used to manage all of the passwords that an individual maintains to access software applications and websites.

Password Management 133

Password Management Passwords VPN B2C 133

Heimadal Security

APRIL 26, 2021

Passwordstate, the on-premises password management solution being used by over 370,000 security and IT professionals from 29,000 companies worldwide and serving companies from the Fortune 500 rankings, from a wide range of industry sectors, like government, defense, finance, aerospace, retail, automotive, healthcare, legal, and also media, was recently (..)

Hacking 98

Hacking Password Management Retail Healthcare 98

Malwarebytes

APRIL 11, 2024

Mercenary spyware is used by governments to target people like journalists, political activists, and similar targets, and involves the use of sophisticated tools like Pegasus. While the NSO Group claims to only sell to “government clients,” we have no reason to take its word for it. Use a password manager.

Spyware 131

Spyware Government Mobile Password Management 131

Malwarebytes

DECEMBER 21, 2021

In recent years, HIBP has been integrated with a number of third-party systems like password managers and web browsers, so they can alert users immediately if they attempt to use a credential that might already be in the hands of cybercriminals. For starters, change your password.

Passwords 145

Passwords Password Management Authentication Data breaches 145

Krebs on Security

MARCH 31, 2020

A massive cyber espionage campaign targeting a slew of domains for government agencies across the Middle East region between 2018 and 2019 was preceded by a series of targeted attacks on domain registrars and Internet infrastructure firms that served those countries. Nation-state level attackers also are taking a similar approach.

Phishing 325

Phishing DNS Social Engineering Accountability 325

The Last Watchdog

JANUARY 28, 2019

Related: Long run damage of 35-day government shutdown. Use a password manager. It’s clear that we will continue to be reliant on usernames and passwords to access online services for some time to come. This is one of the big reason credential stuffers thrive.

Passwords 196

Passwords Password Management Antivirus Internet 196

Duo's Security Blog

OCTOBER 4, 2023

No matter how many letters, numbers, or special characters you give them and no matter how many times you change them, passwords are still @N0T_FUN! Using strong passwords and a password manager 2. Regular Changes: Regularly change your passwords, especially after any suspicious activity.

Password Management 133

Password Management Passwords Authentication Social Engineering 133

Krebs on Security

DECEMBER 29, 2022

The records also reveal how Conti dealt with its own internal breaches and attacks from private security firms and foreign governments. The government of Costa Rica is forced to declare a state of emergency after a ransomware attack by Conti cripples government systems. ” SEPTEMBER.

Cryptocurrency 289

Cryptocurrency Cybercrime Computers and Electronics Scams 289

Krebs on Security

JANUARY 30, 2024

The government says Urban went by the aliases “ Sosa ” and “ King Bob ,” among others. “If governments fail to prioritize this source of threat, violence originating from the Internet will affect regular people.” According to an Aug.

Social Engineering 356

Social Engineering Mobile Passwords Cybercrime 356

Approachable Cyber Threats

OCTOBER 7, 2024

One area where best practices have evolved significantly over the past twenty years is password security best practices. government agency whose mission is to develop technical and scientific standards primarily applicable to the government. For those who don’t know, NIST is a U.S.

Passwords 104

Passwords Password Management Authentication Risk 104

Krebs on Security

JANUARY 6, 2020

Indeed, Holden shared records of communications from VCPI’s tormentors suggesting they’d unleashed Trickbot to steal passwords from infected VCPI endpoints that the company used to log in at more than 300 Web sites and services , including: -Identity and password management platforms Auth0 and LastPass.

Passwords 253

Passwords Ransomware Password Management Malware 253

Adam Levin

FEBRUARY 10, 2020

The message could appear be from a government agency, your bank, your place of worship, your gym, a colleague at work. Consider using a password manager. Or use a password manager.). It may look just like the real thing. Back Up Your Files.

Passwords 245

Passwords Phishing Password Management Accountability 245

Security Boulevard

AUGUST 26, 2022

The LastPass breach that was revealed this week should serve as a reminder of the critical role password managers. ’, a question originally posed by the Roman poet Juvenal as “Quis custodiet ipsos custodes?” The post LastPass Breach Raises Disclosure Transparency Concerns appeared first on Security Boulevard.

Password Management 98

Password Management Passwords Security Awareness Risk 98

Malwarebytes

JUNE 21, 2022

Businesses and governments these days are relying on dozens of different Software-as-a-Service (SaaS) applications to run their operations — and it’s no secret that hackers are always looking for security vulnerabilities in them to exploit. APT41 exploits Log4Shell vulnerability to compromise at least two US state governments.

Hacking 111

Hacking Government Software Password Management 111

Security Boulevard

JUNE 15, 2023

The number of data breaches increases almost daily–and in recent weeks, a leading password manager vendor, an internet hosting provider. The post Passkeys Can Make Passwords a Thing of the Past appeared first on Security Boulevard.

Passwords 111

Passwords Password Management Data breaches Internet 111