Krebs on Security

DECEMBER 29, 2022

I seem to be doing most of that activity now on Mastodon , which appears to have absorbed most of the infosec refugees from Twitter, and in any case is proving to be a far more useful, civil and constructive place to post such things. For a variety of reasons, I will no longer be sharing these updates on Twitter. ” SEPTEMBER.

Cryptocurrency 289

Cryptocurrency Cybercrime Computers and Electronics Scams 289

Troy Hunt

JUNE 30, 2024

That's a high-level generalisation, of course, but whether it's exploiting software vulnerabilities, downloading exposed database backups or phishing admin credentials and then grabbing the data, it's all in the same realm of taking something that isn't theirs. And sometimes, they contact me. A dropped VPN connection.

Data breaches 311

Data breaches Government InfoSec Passwords 311

Security Affairs

JANUARY 28, 2021

AddressIntel is actively tracking malicious #phishing #malware address [link] #Italy since 2021-01-25 #cybersecurity #infosec Follow trends and statistics on [link] — AddressIntel (@AddressIntel) January 25, 2021. ” read the advisory published by Italy’s CERT-AGID (Italian language).

Malware 129

Malware Phishing InfoSec Cryptocurrency 129

Security Boulevard

JULY 14, 2024

We also explore a massive password list leak titled ‘Rock You 2024’ that has surfaced online. Find out why this file may not be as significant as it seems and the importance of avoiding password reuse. […] The post Authy Breach: What It Means for You, RockYou 2024 Password Leak appeared first on Shared Security Podcast.

Passwords 72

Passwords Authentication Social Engineering Data privacy 72

CyberSecurity Insiders

MAY 22, 2021

NEW YORK–( BUSINESS WIRE )– Veridium , a leading developer of frictionless, passwordless authentication solutions, is proud to announce that it’s won the 2021 Global InfoSec Award in the category of Next-Gen in Passwordless Authentication. “We Veridium is the industry’s only end-to-end passwordless platform provider.

InfoSec 52

InfoSec B2C B2B Authentication 52

Security Affairs

AUGUST 10, 2022

Once obtained the credentials, the attackers launched voice phishing attacks in an attempt to trick the victim into accepting the MFA push notification started by the attacker. cybersecurity #infosec #ransomware pic.twitter.com/kwrfjbwbkT — CyberKnow (@Cyberknow20) August 10, 2022.

Ransomware 134

Ransomware Hacking VPN Phishing 134

SiteLock

AUGUST 27, 2021

One year ago in February, the major eBay hack was in progress, eventually resulting in over 233 million passwords being stolen. 10 Million Passwords Leaked Online. Security consultant Mark Burnett leaked 10 million usernames and passwords online through his personal blog last week, in a very risky move. Worst Passwords of 2014.

Passwords 95

Passwords Cybersecurity Internet Internet 95

Daniel Miessler

MAY 19, 2020

Verizon’s Breach Report is one of the best infosec reports out there, and I’m always excited when I hear it’s been released. 22% involved phishing. Phishing is usually going after credentials, but stealing money is continues to rise in popularity. The top 2 incident threat actions were DoS, and Phishing.

Data breaches 130

Data breaches Phishing Malware Hacking 130

Security Boulevard

APRIL 28, 2024

In episode 327 Tom, Scott, and Kevin discuss the findings from Mandiant’s M-Trends 2024 report, highlighting a significant rise in traditional vulnerability exploitation by attackers while observing a decline in phishing. Despite phishing’s decreased prevalence, it remains the second most popular method for gaining initial network access.

Phishing 72

Phishing Data privacy Passwords InfoSec 72

SecureWorld News

APRIL 17, 2022

As a simple example, consider the idea of passwords. It was once the case that passwords were a cornerstone of the role of humans in cybersecurity. You would choose a password that only you knew, and without that password, no one could get access to your account. There is also the idea of password management software.

Cybersecurity 96

Cybersecurity Passwords Technology Password Management 96

Thales Cloud Protection & Licensing

OCTOBER 24, 2019

These guidelines should include the following: Set up a Strong Password Policy. One of the most common ways by which malicious actors perpetrate account takeover (ATO) fraud is via password brute forcing attacks. Infosec personnel should also help employees store those passwords safely such as via the use of a password manager.

Security Awareness 83

Security Awareness InfoSec Passwords Accountability 83

Malwarebytes

OCTOBER 4, 2021

The month is a collaboration between the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cyber Security Alliance (NCSA) and it focusses on four themes, in turn: “Be Cyber Smart”, “Phight the Phish”, “Explore. Some people get a lot of their security information from sources like Twitter, direct from infosec pros.

Cybersecurity 138

Cybersecurity Phishing InfoSec Data privacy 138

Malwarebytes

JULY 10, 2023

The other vulnerabilities included cross-site scripting (XSS), potentially used to hijack accounts or impersonate others (CVE-2023-36459), and a technique used for phishing through “verified profile links” (CVE-2023-36462). The final flaw allowed for Denial of Service (DoS) through slow HTTP responses (CVE-2023-36461).

InfoSec 91

InfoSec Penetration Testing Media Risk 91

Duo's Security Blog

OCTOBER 6, 2023

In other words, it’s not just about implementing MFA to verify user trust, it’s about using phishing-resistant MFA with risk-based authentication , device posture checks and other security controls. To achieve more resilience in this heightened risk environment, stepping up zero trust maturity is essential. What does that journey look like?

Authentication 144

Authentication Risk Social Engineering InfoSec 144

Security Affairs

JULY 2, 2019

Malware is currently delivered from: 'hxxps://customermgmt.net/page/macrocosm' #cybersecurity #infosec — USCYBERCOM Malware Alert (@CNMF_VirusAlert) July 2, 2019. It was highly speculated that spear phishes were involved, but not a lot of information around the initial vectors was published.”

Energy and Utilities 109

Energy and Utilities Malware Advertising InfoSec 109

The Security Ledger

SEPTEMBER 26, 2019

In this Spotlight edition of the Security Ledger podcast, Rachel Stockton of LastPass * joins us to discuss the myriad of challenges facing companies trying to secure users' online activities, and simple solutions for busting insecure user behaviors to address threats like phishing, account takeover and more.

Passwords 40

Passwords Authentication InfoSec Accountability 40

Security Boulevard

NOVEMBER 17, 2022

One source of data that is typically missing from an infosec program is user, or employee driven data. Data should be used to monitor the health of information security, report on it, improve it, and proactively mitigate risks.One source of data that is typically missing from an infosec program is user, or employee driven data.

InfoSec 64

InfoSec Passwords Information Security Risk 64

Thales Cloud Protection & Licensing

SEPTEMBER 27, 2022

Phishing season! Here are two of our favorites by Infosec blogger John Oppdenaker on Twitter: My password was hacked. I was going to change my password to one of my favorite places in France, but is it Toulon (too long!)? How do I change my password?". Why was it so hard to catch the cybercriminal? Unencrypted!

Cybersecurity 71

Cybersecurity Passwords InfoSec Data privacy 71

Security Through Education

JANUARY 18, 2023

More than 90% of successful cyber-attacks start with a phishing email. Use strong passwords, and ideally a password manager to generate and store unique passwords. Update your software. Turn on automatic updates. Think before you click.

Cybersecurity 98

Cybersecurity Social Engineering Scams IoT 98

Herjavec Group

SEPTEMBER 23, 2021

Set up simple, accessible policies and infrastructure across all departments that support your employees in prioritizing cybersecurity and practicing good security hygiene including: Identifying and properly responding to potentially malicious activity like phishing emails that could lead to ransomware infections. Taking a Reactive Approach.

Cybersecurity 97

Cybersecurity Penetration Testing Digital transformation Risk 97

Security Boulevard

MARCH 1, 2023

Executive summary In May 2020 EclecticIQ Intelligence and Research Team published a report ( 1 ) on phishing lures impersonating the maritime industry. The document is encrypted with the password “VelvetSweatshop”, a common technique employed by multiple threat actors. The document is encrypted with the password ‘VelvetSweatshop’.

Phishing 75

Phishing Social Engineering Ransomware Encryption 75

Thales Cloud Protection & Licensing

JUNE 25, 2019

There remains the question, however, of whether people who are from a different ethnicity, gender or background to the stereotype “standard IT/infosec professional” are actually being treated equally in the cybersecurity industry.

Technology 97

Technology Small Business InfoSec Cybersecurity 97

Jane Frankland

JUNE 20, 2023

In this blog, and ahead of my talk at Infosec this week , I’m delving into this, and giving you tips for recognising its signs and preventing it as a leader. This increases the likelihood of making mistakes, such as clicking on phishing links, sharing data in insecure ways, using weak passwords, or not spotting cyber threat patterns.

Cybersecurity 130

Cybersecurity Risk InfoSec CISO 130

Security Boulevard

MARCH 29, 2023

TAP abuse helps us with that issue in two ways: We can add a temporary password to a victim user without invalidating their existing password, ensuring that the user won’t notice a password change. This means that we can use this password directly, without needing a second factor like an application code or SMS.

Authentication 64

Authentication VPN Passwords Social Engineering 64

Security Boulevard

OCTOBER 24, 2023

Typically, that post-breach recovery relies on surface level fixes: “rotating the KRBTGT password twice”, “increasing the available RID pool”, etc. They often gained initial access through phishing or exploiting vulnerabilities, then used a combination of native and custom tools to persist within the domain with elevated credentials.

Backups 69

Backups Passwords Authentication Accountability 69

Herjavec Group

DECEMBER 15, 2021

Cybersecurity programs that educate your entire team on general information security tactics – including recognizing and addressing phishing scams – are essential. Your team should know how to identify and properly respond to potentially malicious activity like phishing emails that could lead to ransomware infections.

Cybersecurity 52

Cybersecurity Digital transformation Ransomware Cyber Risk 52

NopSec

FEBRUARY 9, 2017

The year 2016 will be remembered for some big moments in the world of cybersecurity: the largest known distributed denial of service (DDoS) attack, a phishing attack on a United States presidential candidate’s campaign, and ransomware attacks on major healthcare organizations are just a few. 2017 will see major advancements in technology.

Cybersecurity 40

Cybersecurity DDOS IoT Social Engineering 40

Cisco Security

AUGUST 26, 2021

We constantly see new threats, and threat vectors, come and go; which puts a tremendous strain on the InfoSec teams that have to protect organizations and businesses from these threats. Vade Secure’s IsItPhishing API provides a quick way to lookup a URL to determine if it is phishing. Read more here. More details here.

Technology 145

Technology Firewall VPN Authentication 145

Troy Hunt

DECEMBER 4, 2017

In this case, that secret is her password and, well, just read it: My staff log onto my computer on my desk with my login everyday. To be fair to Nadine, she's certainly not the only one handing her password out to other people. In fact I often forget my password and have to ask my staff what it is. No one else has access.

Passwords 234

Passwords Accountability Technology InfoSec 234

ForAllSecure

FEBRUARY 8, 2023

So that could happen for example, through phishing through fingers, main misconfigured things very well in the rubble. VAMOSI: The bad actors can enter through phishing attacks, but the question is where can they hide on your system. How do they achieve persistence? So there's a like, you can do this or that.

Software 40

Software Phishing Passwords Malware 40

eSecurity Planet

DECEMBER 3, 2021

Normally account take overs are due to insecure passwords or recovery options, this is definitely something different. How to screen for natural infosec talent: Ask for a worst case scenario for any common situation. Street is an industry-respected speaker and analyst and currently is the VP of InfoSec for SphereNY.

Accountability 139

Accountability Cybersecurity Penetration Testing InfoSec 139

The Last Watchdog

MARCH 15, 2021

There are three main types of penetrations-black box, grey box, and white box which infosec institute defines. If we do not secure these systems, our personal data can end up leaked, such as credit card numbers or addresses or passwords. Even phishing emails still continue to trick people. Pen test types.

Penetration Testing 124

Penetration Testing Social Engineering Cybersecurity Engineering 124

eSecurity Planet

FEBRUARY 25, 2022

Williams urged viewers to focus on the basics, like phishing , passwords and patching /updating, as those are still the entry point of many attacks. “If my boutique infosec consultancy has these resources…what does a state sponsored one have?” “Drill it,” he said.

B2B 125

B2B Cyber Attacks Firewall Cyber threats 125

Approachable Cyber Threats

FEBRUARY 23, 2024

AI is no longer thought of as a nebulous figure residing in a super-computer crunching numbers and cracking passwords. Cybercriminals now orchestrate personalized phishing attacks, finely crafted through data analytics and social media scrubbing powered by AI. Movie Fantasy Meets Reality: Researchers at HYAS Infosec, Inc.

Cybersecurity 91

Cybersecurity Artificial Intelligence Malware Phishing 91

The Falcon's View

OCTOBER 31, 2017

For example, maybe your organization has decided to revise its password policy yet again (woe be to you!). The password policy is implemented in IAM configurations and enforced through technical controls. There's no need for cognition by personnel beyond "oh, yeah, I now have to construct my password according to new rules."

Security Awareness 40

Security Awareness InfoSec Education Passwords 40

Approachable Cyber Threats

FEBRUARY 23, 2024

AI is no longer thought of as a nebulous figure residing in a super-computer crunching numbers and cracking passwords. Cybercriminals now orchestrate personalized phishing attacks, finely crafted through data analytics and social media scrubbing powered by AI. Movie Fantasy Meets Reality: Researchers at HYAS Infosec, Inc.

Cybersecurity 52

Cybersecurity Artificial Intelligence Malware Phishing 52

Security Boulevard

JANUARY 7, 2025

This REST API is the more complete way to create a new msDS-Device as it allows us to provide values for the msDS-KeyCredentialLink (huge thanks to @DrAzureAD and the post Deep-dive to Azure AD device join which saved a lot of time and effort uncovering the structure of this request, youre contributions to the infosec scene are always appreciated!):

Authentication 52

Authentication Accountability Social Engineering Phishing 52