SC Magazine

MARCH 2, 2021

House Oversight and Homeland Security committees last week, SolarWinds’s former and current CEOs blamed an intern for creating a weak FTP server password and leaking it on GitHub – an act which may or may not have contributed to a supply chain hack that impacted users of the tech firm’s Orion IT performance monitoring platform.

Passwords 129

Passwords Password Management CISO InfoSec 129

Krebs on Security

DECEMBER 29, 2022

I seem to be doing most of that activity now on Mastodon , which appears to have absorbed most of the infosec refugees from Twitter, and in any case is proving to be a far more useful, civil and constructive place to post such things. For a variety of reasons, I will no longer be sharing these updates on Twitter. ” SEPTEMBER.

Cryptocurrency 298

Cryptocurrency Cybercrime Computers and Electronics Scams 298

Security Affairs

MARCH 13, 2023

More at: [link] #cybersecurity #InfoSec #VulnerabilityManagement pic.twitter.com/hNwDHFaPtt — CISA Cyber (@CISACyber) March 10, 2023 “This issue allowed an attacker with access to the server administrator’s Plex account to upload a malicious file via the Camera Upload feature and have the media server execute it. .”

Media 98

Media InfoSec Password Management Engineering 98

SiteLock

AUGUST 27, 2021

The Infosec Institute recently wrote a topic on the subject, which can be read here. Worst Passwords of 2014. Did you know that “123456” is the most popular password, with “password” coming in second? To see the rest of the results, check out this article on CNET.

Passwords 95

Passwords Cybersecurity Internet Internet 95

CyberSecurity Insiders

APRIL 8, 2022

In honor of the day coming up on April 12, I spoke to the below industry experts on how both individuals and organizations can strengthen identity management all year round. Those steps can become overwhelming for small businesses with staff shortages, small budgets or limited time.

Small Business 118

Small Business InfoSec Password Management Data breaches 118

SecureWorld News

APRIL 17, 2022

This went a step further with the rise of profiles, such as Google Accounts, which can remember passwords across multiple devices. There is also the idea of password management software. This essentially fulfills the same role as a Google Account, with all of your passwords stored for you.

Cybersecurity 96

Cybersecurity Passwords Technology Password Management 96

Security Boulevard

JANUARY 26, 2023

Aviv – ‘Why Users (Don’t) Use Password Managers at a Large Educational Institution’ appeared first on Security Boulevard. Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Security ’22 Conference content on the organization’s’ YouTube channel. Munyendo, Michelle L. Mazurek, Adam J.

Password Management 40

Password Management Education Passwords InfoSec 40

Cisco Security

NOVEMBER 2, 2022

To top it off, Duo is connected to our SIEM and our InfoSec team is able to review detailed logs and setup alerts to be able to keep everything secure.” Password management is a challenging proposition for many enterprises, especially in light of BYOD and ever increasing sophistication of phishing schemes.

Authentication 143

Authentication Passwords Phishing Mobile 143

Thales Cloud Protection & Licensing

OCTOBER 24, 2019

Per Symantec , they should specifically require passwords that contain at least 16 characters comprised of upper- and lowercase letters, numbers and symbols. Infosec personnel should also help employees store those passwords safely such as via the use of a password manager. Implement Multi-Factor Authentication.

Security Awareness 83

Security Awareness InfoSec Passwords Accountability 83

Daniel Miessler

FEBRUARY 1, 2020

And the media doesn’t help either, not to mention InfoSec marketing departments. As far as they’re concerned, if you don’t say the name of your password manager 7 times before bed the Dark Web will haunt your closet. People talk about it like it’s the Internet Demogorgon.

Advertising 103

Advertising InfoSec Password Management Education 103

Security Affairs

MAY 7, 2021

HideezKey- This is a deep-dive into a nice concept for a security token & password manager that turned into a horrible product due to lack of proper R&D and Threat Modeling. Prologue: After my first success in bypassing APPROTECT readout protection of the NRF52-based Slok smartlock with #PocketGlitcher (i.e.

Firmware 105

Firmware Passwords Password Management Encryption 105

Troy Hunt

JANUARY 10, 2018

This is poor form as it can break tools that encourage good security practices such as password managers. But just as the entire premise of this post was that infosec is a spectrum of controls, so too are the reasons that Aadhaar exists; some of them are very good reasons, others, probably not so much.

Hacking 279

Hacking Government Encryption Risk 279

Troy Hunt

FEBRUARY 11, 2019

Incidentally, Lorenzo who wrote that Motherboard piece is a top-notch infosec journo I've worked with many times before and he reported accurately in that piece.) Of course, there was nothing missing from the post and each time I asked the question it was met with silence.

Passwords 219

Passwords Data breaches Media InfoSec 219

CyberSecurity Insiders

APRIL 21, 2021

Some of the recent advances in authentication methods have removed the burden of remembering many passwords, as well as the necessity of a physical multi-factor token. Password managers – software that holds all the passwords in a “vault”, requiring a master password to unlock the vault. The InfoSec Perspective.

Passwords 89

Passwords Information Security Engineering Authentication 89

Security Boulevard

SEPTEMBER 5, 2022

Popular password manager LastPass announced that some of their source code was stolen, but that no customer passwords were compromised in a recent data breach disclosure, an Israeli researcher has discovered a new method to exfiltrate data from air-gapped systems using the LED indicators on network cards, and details about the Twitter whistleblower (..)

Data breaches 52

Data breaches Password Management Passwords Data privacy 52

The Security Ledger

MAY 8, 2019

Also: we continue our series on life after the password by speaking to Ian Paterson, the CEO of behavioral authentication vendor Plurilock. Abine says Blur Password Manager User Information Exposed. The post Episode 145: Read the whole entry. » Chris Wysopal is the Chief Technology Officer of Veracode.

Passwords 40

Passwords Password Management Authentication InfoSec 40

Security Through Education

JANUARY 18, 2023

Use strong passwords, and ideally a password manager to generate and store unique passwords. Update your software. Turn on automatic updates. Think before you click. More than 90% of successful cyber-attacks start with a phishing email.

Cybersecurity 98

Cybersecurity Social Engineering Scams IoT 98

Threatpost

NOVEMBER 25, 2020

Reducing the risks of remote work starts with updating the access policies of yesterday.

Risk 94

Risk Password Management Passwords InfoSec 94

eSecurity Planet

APRIL 20, 2021

Manages permissions. Maintained by infosec teams. Manages identifying information. Also Read: Best Password Management Software & Tools. The below table touches on the critical differences: Authorization (OAuth). Authentication (OpenID Connect). Grants users access to resources. Not visible to user.

Authentication 75

Authentication Mobile Accountability Encryption 75

Digital Shadows

OCTOBER 23, 2024

This isn’t the first time we’ve seen Scattered Spider target password managers. Having identified a new target account, the threat actor made another call to the help desk and requested a password reset for the domain administrator account, which also carried Okta Super Administrator privileges.

Social Engineering 122

Social Engineering Engineering Accountability Backups 122

ForAllSecure

MARCH 24, 2021

Anyway I was testing this suite when I happened to randomly strike two keys -- I think it was control and B -- and up popped the password manager, displaying all my test passwords in the clear. Thing was, the manager required its own password, which I had not entered; remember, I had hit only two keys.

Software 52

Software Passwords Internet Internet 52

ForAllSecure

MARCH 24, 2021

Anyway I was testing this suite when I happened to randomly strike two keys -- I think it was control and B -- and up popped the password manager, displaying all my test passwords in the clear. Thing was, the manager required its own password, which I had not entered; remember, I had hit only two keys.

Software 52

Software Passwords Internet Internet 52

Security Boulevard

OCTOBER 13, 2024

In the milestone 350th episode of the Shared Security Podcast, the hosts reflect on 15 years of podcasting, and the podcast’s evolution from its beginnings in 2009. They discuss the impact of a current hurricane on Florida, offering advice on using iPhone and Android satellite communication features during emergencies.

Cybersecurity 64

Cybersecurity Password Management Passwords Media 64

eSecurity Planet

DECEMBER 3, 2021

How to screen for natural infosec talent: Ask for a worst case scenario for any common situation. Street is an industry-respected speaker and analyst and currently is the VP of InfoSec for SphereNY. Markstedter actively contributes to filling the infosec education gap. Enable 2FA and get a password manager.

Accountability 139

Accountability Cybersecurity Penetration Testing InfoSec 139

Malwarebytes

APRIL 1, 2021

Passwords are a hot topic on social media at the moment, due to the re-emergence of a discussion about good password management practices. There’s a wealth of password management options available, some more desirable than others. The primary recommendation online is usually a software-based management tool.

Passwords 136

Passwords Internet Internet Password Management 136

Digital Shadows

OCTOBER 23, 2024

This isn’t the first time we’ve seen Scattered Spider target password managers. Having identified a new target account, the threat actor made another call to the help desk and requested a password reset for the domain administrator account, which also carried Okta Super Administrator privileges.

Social Engineering 52

Social Engineering Engineering Accountability Backups 52

ForAllSecure

MARCH 1, 2022

Vamosi: Within InfoSec there's an informal use of AppSec as well. Don't use familiar passwords seriously. If you want nothing to connect back to you choose an entirely new set of passwords. In the book Kevin recommends using a password manager; that way your new identity has its own set of passwords.

Hacking 52

Hacking Mobile Cryptocurrency VPN 52

Troy Hunt

DECEMBER 10, 2019

. — Martin Boissonneault (@ve2mrx) December 9, 2019 For me, the issue isn't really about the storage and delivery of the password, it's about the practice of generating a password for someone that just doesn't add up. Password manager? Then you have a strong password generator already. No password manager?

Passwords 181

Passwords Password Management Accountability Authentication 181