Tech Republic Security

APRIL 11, 2024

Find the best open-source password managers to keep your sensitive information secure and easily accessible. Explore top options for protecting your passwords.

Password Management 174

Password Management Passwords Information Security 174

Daniel Miessler

DECEMBER 24, 2022

If you follow Information Security at all you are surely aware of the LastPass breach situation. After initiating an immediate investigation, we have seen no evidence that this incident involved any access to customer data or encrypted password vaults. So basically: Minor incident, but no customer data or vaults were lost.

Password Management 364

Password Management Passwords Encryption Architecture 364

Krebs on Security

JULY 29, 2021

Every time there is another data breach, we are asked to change our password at the breached entity. But the reality is that in most cases by the time the victim organization discloses an incident publicly the information has already been harvested many times over by profit-seeking cybercriminals.

Passwords 362

Passwords Password Management Phishing Scams 362

Krebs on Security

APRIL 12, 2021

Someone is selling account information for 21 million customers of ParkMobile , a mobile parking app that’s popular in North America. The stolen data includes customer email addresses, dates of birth, phone numbers, license plate numbers, hashed passwords and mailing addresses.

Mobile 363

Mobile Passwords Accountability Cybercrime 363

Schneier on Security

DECEMBER 2, 2022

The company was hacked , and customer information accessed. No passwords were compromised.

Passwords 315

Passwords Hacking 315

Schneier on Security

DECEMBER 26, 2022

Last August, LastPass reported a security breach, saying that no customer information—or passwords—were compromised. These encrypted fields remain secured with 256-bit AES encryption and can only be decrypted with a unique encryption key derived from each user’s master password using our Zero Knowledge architecture.

Passwords 293

Passwords Encryption Backups Password Management 293

Malwarebytes

OCTOBER 1, 2024

Ireland’s privacy watchdog Data Protection Commission (DPC) has fined Meta €91M ($101M) after the discovery in 2019 that Meta had stored 600 million Facebook and Instagram passwords in plaintext. Most of these passwords belonged to Facebook Lite users, but it affected other Facebook and Instagram users as well.

Passwords 145

Passwords Data breaches Media Phishing 145

Security Affairs

NOVEMBER 3, 2024

Microsoft warns Chinese threat actors are using the Quad7 botnet to carry out password-spray attacks and steal credentials. Chinese threat actors use the Quad7 botnet in password-spray attacks to steal credentials, Microsoft warns. ” concludes Microsoft.

Passwords 139

Passwords Wireless VPN Accountability 139

Troy Hunt

NOVEMBER 19, 2020

The hard bit for me is figuring out whether it's pwn-worthy enough to justify loading it into Have I Been Pwned (HIBP) or if it's just more noise that ultimately doesn't really help people make informed decisions about their security posture. txt" had a small number of email address and password hex pairs. But is it legit?

Passwords 363

Passwords Password Management Accountability Risk 363

Schneier on Security

JULY 2, 2021

The first is from Microsoft, which wrote : As part of our investigation into this ongoing activity, we also detected information-stealing malware on a machine belonging to one of our customer support agents with access to basic account information for a small number of our customers. News article.

Hacking 363

Hacking Passwords Malware Accountability 363

Schneier on Security

NOVEMBER 17, 2022

On top of that, it seems that the system has a new vulnerability : A researcher contacted Information Security Media Group on condition of anonymity to reveal that texting “STOP” to the Twitter verification service results in the service turning off SMS two-factor authentication. This is not a good sign.

Authentication 356

Authentication Passwords Accountability Media 356

Troy Hunt

JANUARY 17, 2024

Website, username and password: That's just the first 20 rows out of 5 million in that particular file, but it gives you a good sense of the data. The question of how valid the accompanying passwords remain aside, time and time again the email addresses in the stealer logs checked out on the services they appeared alongside.

Passwords 353

Passwords Password Management Hacking Accountability 353

Troy Hunt

AUGUST 30, 2023

They'd observed a phishing campaign that had collected 68k credentials from unsuspecting victims and asked if HIBP may be used to help alert these individuals to their exposure. Data accumulated by the malicious activity spanned from October 2022 until just last week.

Phishing 335

Phishing Password Management Passwords Banking 335

Krebs on Security

SEPTEMBER 5, 2023

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. 15, 2022, LastPass said an investigation into the August breach determined the attacker did not access any customer data or password vaults.

Cryptocurrency 362

Cryptocurrency Passwords Encryption Accountability 362

Troy Hunt

APRIL 5, 2023

You've probably seen stories and infographics about how much your personal information is worth, both to legitimate organisations and criminal networks. In its simplest form, the illegal data marketplace has long involved the exchange of currency for personal records containing attributes such as email addresses, passwords, names, etc.

Marketing 352

Marketing Passwords Authentication Accountability 352

Troy Hunt

FEBRUARY 4, 2024

That's not unprecedented, but this is: password: "$2y$10$B0EhY/bQsa5zUYXQ6J.NkunGvUfYeVOH8JM1nZwHyLPBagbVzpEM2", No way! Is that genuinely a bcrypt hash of my own password? Yep, that's exactly what it is : The Spoutible API enabled any user to retrieve the bcrypt hash of any other user's password.

Passwords 363

Passwords Accountability Backups Data breaches 363

Krebs on Security

APRIL 6, 2021

Facebook says the data was collected before 2020 when it changed things to prevent such information from being scraped from profiles. The HaveIBeenPwned project, which collects and analyzes hundreds of database dumps containing information about billions of leaked accounts, has incorporated the data into his service.

Mobile 360

Mobile Accountability Passwords Authentication 360

Krebs on Security

MARCH 26, 2024

Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature. “It was like this system notification from Apple to approve [a reset of the account password], but I couldn’t do anything else with my phone.

Passwords 362

Passwords Accountability Engineering Phishing 362

Malwarebytes

NOVEMBER 19, 2024

Instead of the video editor, users got information stealing malware. But if they click the “GET NOW” button, they’ll download the information stealer and infect their device. Lumma steals information from cryptocurrency wallets and browser extensions, as well as two-factor authentication details. dmg” for macOS.

Artificial Intelligence 133

Artificial Intelligence Cryptocurrency Accountability Passwords 133

SecureList

OCTOBER 4, 2024

To prevent anyone trying to disclose information about these channels and the fraudulent activity of their creators, the administrators disabled message forwarding, screenshots, and previews of these channels in the Telegram web-version. Inside the archive is an MSI file and a TXT file with a password required for installation.

Scams 141

Scams Cryptocurrency Malware Software 141

Security Affairs

OCTOBER 2, 2024

The Rhadamanthys information stealer has been upgraded with advanced features, including the use of artificial intelligence (AI) for optical character recognition (OCR). Researchers at the Recorded Future’s Insikt group have documented the evolution of the Rhadamanthys info stealer. Version 0.6.0 “Version0.7.0,

Artificial Intelligence 131

Artificial Intelligence Cryptocurrency Malware Hacking 131

Schneier on Security

JANUARY 29, 2024

The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself. Microsoft is reporting that a Russian intelligence agency—the same one responsible for SolarWinds—accessed the email system of the company’s executives.

Hacking 306

Hacking Accountability Passwords Cybersecurity 306

Krebs on Security

JUNE 15, 2024

“He stands accused of hacking into corporate accounts and stealing critical information, which allegedly enabled the group to access multi-million-dollar funds,” Murcia Today wrote. Those who submitted credentials were then prompted to provide the one-time password needed for multi-factor authentication.

Hacking 311

Hacking Phishing Cybercrime Passwords 311

Krebs on Security

JANUARY 21, 2022

The site says it sells “cracked” accounts, or those that used passwords which could be easily guessed or enumerated by automated tools. That’s probably because so few customers supply their real contact information when they sign up.

Hacking 321

Hacking Cybercrime Authentication Passwords 321

Troy Hunt

JUNE 8, 2021

Ever notice how there was a massive gap of almost 9 months between announcing the intention to start open sourcing Have I Been Pwned (HIBP) in August last year and then finally a couple of weeks ago, actually taking the first step with Pwned Passwords ? I was pretty excited when I saw PRs coming in right after launching that last blog post.

Passwords 354

Passwords Accountability 354

Schneier on Security

DECEMBER 17, 2020

While the presence of the software is not by itself evidence that each network was compromised and information was stolen, investigators spent Monday trying to understand the extent of the damage in what could be a significant loss of American data to a foreign attacker. Arena informed his company’s clients, which include U.S.

Software 361

Software Passwords Cybercrime Government 361

Krebs on Security

SEPTEMBER 13, 2023

In December 2022, KrebsOnSecurity broke the news that a cybercriminal using the handle “ USDoD ” had infiltrated the FBI ‘s vetted information sharing network InfraGard , and was selling the contact information for all 80,000 members. Now it’s a charming kitten.

Cybercrime 323

Cybercrime Passwords Authentication Malware 323

Schneier on Security

MAY 7, 2021

Six-and-seven-year-olds will be taught how to use usernames and passwords, and the pitfalls of clicking on pop-up links to competitions.

Cybersecurity 356

Cybersecurity Education Passwords 356

Krebs on Security

JULY 12, 2024

AT&T also acknowledged the customer records were exposed in a cloud database that was protected only by a username and password (no multi-factor authentication needed). Earlier this year, AT&T reset passwords for millions of customers after the company finally acknowledged a data breach from 2018 involving approximately 7.6

Data breaches 336

Data breaches Passwords Authentication Accountability 336

Krebs on Security

JULY 10, 2022

In both cases the readers used password managers to select strong, unique passwords for their Experian accounts. Research suggests identity thieves were able to hijack the accounts simply by signing up for new accounts at Experian using the victim’s personal information and a different email address. ” ANALYSIS.

Accountability 347

Accountability Passwords Authentication Password Management 347

Troy Hunt

JUNE 30, 2022

Four and a half years ago now, I rolled out version 2 of HIBP's Pwned Passwords that implemented a really cool k-anonymity model courtesy of the brains at Cloudflare. Actually, the multiple problems, the first of which is that it's just way too fast for storing user passwords in an online system. is the middle one.

Passwords 309

Passwords Identity Theft Consumer Services Password Management 309

Daniel Miessler

MARCH 24, 2021

Basically, how secure is someone’s current behavior with respect to passwords and authentication, and what can they do to improve? The idea here is for someone in the security community—or really any security-savvy user—to use this visual to help someone with poor password hygiene. How to use this model.

Authentication 363

Authentication Passwords Internet Internet 363

Security Affairs

SEPTEMBER 28, 2024

The Irish Data Protection Commission (DPC) fined Meta €91 million for storing the passwords of hundreds of millions of users in plaintext. In 2019, Meta disclosed that it had inadvertently stored some users’ passwords in plaintext on its internal systems, without encrypting them. ” reported Meta. ” reported Meta.

Passwords 138

Passwords Media Encryption Internet 138

Tech Republic Security

JANUARY 23, 2024

The Midnight Blizzard gang appears to have been looking for information about itself. See how organizations can protect their accounts from password spray attacks.

Passwords 194

Passwords Accountability Authentication Software 194

NetSpi Technical

NOVEMBER 14, 2024

Username domainuser -Password password Note: I’ve tried to provide time stamps and output during run-time, so you know what it’s doing. If you do not opt-in to use the LLM capabilities, this section simply won’t include the application related information. Charts, Graphs, Passwords & LLM Magic for PowerHuntShares 2.0

Passwords 145

Passwords Risk Data collection Backups 145

Security Affairs

OCTOBER 4, 2024

update that addressed two vulnerabilities that exposed passwords and audio snippets to attackers. The vulnerability CVE-2024-44204 is a logic issue that could potentially enable VoiceOver to read aloud users’ saved passwords. Apple released iOS 18.0.1 Apple released iOS 18.0.1 and iPadOS 18.0.1

Passwords 138

Passwords Media Hacking Mobile 138

The Last Watchdog

NOVEMBER 19, 2023

Using routine social engineering strategies, the cyber-thieves gathered information about key employees. Fluent in American English, a gang member convinced a help desk worker to provide a one-time password to log into the systems. Reduce the amount of time a temporary password can be used.

Social Engineering 310

Social Engineering Passwords Authentication Marketing 310