Passwords and Technology - Cyber Security Informer

Ukraine Nabs Suspect in 773M Password ?Megabreach?

Krebs on Security

MAY 19, 2020

In January 2019, dozens of media outlets raised the alarm about a new “megabreach” involving the release of some 773 million stolen usernames and passwords that was breathlessly labeled “the largest collection of stolen data in history.” By far the most important passwords are those protecting our email inbox(es).

Passwords

Passwords Accountability Hacking Password Management

‘War Dialing’ Tool Exposes Zoom’s Password Problems

Krebs on Security

APRIL 2, 2020

But without the protection of a password, there’s a decent chance your next Zoom meeting could be “Zoom bombed” — attended or disrupted by someone who doesn’t belong. zWarDial, an automated tool for finding non-password protected Zoom meetings.

Passwords

Passwords Media Technology Accountability

Ubiquiti: Change Your Password, Enable 2FA

Krebs on Security

JANUARY 11, 2021

Ubiquiti , a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. Change your password. In an email sent to customers today, Ubiquiti Inc. Enable 2FA.

Passwords

Passwords Authentication Firmware Accountability

The Rise of One-Time Password Interception Bots

Krebs on Security

SEPTEMBER 29, 2021

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. An ad for the OTP interception service/bot “SMSRanger.”

Passwords

Passwords Mobile Authentication Banking

Why Your Enterprise Needs FIDO Authentication Technology

Lohrman on Security

APRIL 3, 2022

The Fast Identity Online Alliance (FIDO) offers a growing list of ways to authenticate users with a goal of reducing passwords. Where is this technology heading? But why is it needed? How does it work?

Authentication

Authentication Technology Passwords

Fintech Startup Offers $500 for Payroll Passwords

Krebs on Security

MAY 10, 2021

One financial startup that’s targeting the gig worker market is offering up to $500 to anyone willing to hand over the payroll account username and password given to them by their employer, plus a regular payment for each month afterwards in which those credentials still work. This ad, from workplaceunited[.]com, Click to enlarge.

Passwords

Passwords Mobile Accountability Marketing

Processing 23 Billion Rows of ALIEN TXTBASE Stealer Logs

Troy Hunt

FEBRUARY 25, 2025

We've also added 244M passwords we've never seen before to Pwned Passwords and updated the counts against another 199M that were already in there. The file in the image above contained over 36 million rows of data consisting of website URLs and the email addresses and passwords entered into them.

Passwords

Passwords Accountability VPN Malware

Your Phone May Soon Replace Many of Your Passwords

Krebs on Security

MAY 7, 2022

Apple , Google and Microsoft announced this week they will soon support an approach to authentication that avoids passwords altogether, and instead requires users to merely unlock their smartphones to sign in to websites or online services. “I worry about forgotten password recovery for cloud accounts.” Image: Blog.google.

Passwords

Passwords Authentication Accountability Mobile

News alert: INE Security shares cyber hygiene guidance for small- and medium-sized businesses

The Last Watchdog

OCTOBER 23, 2024

As small businesses increasingly depend on digital technologies to operate and grow, the risks associated with cyber threats also escalate. Tip 2: Implementing Strong Password Policies Weak passwords can be easily compromised, giving attackers access to sensitive systems and data. Cary, NC, Oct.

Small Business

Small Business Data breaches Backups Passwords

How to Use LastPass Password Manager

Tech Republic Security

APRIL 14, 2025

Learn how to use LastPass to manage your passwords securely. Follow this step-by-step guide to enhance your online security with ease.

Password Management

Password Management Passwords Technology

Inside the DemandScience by Pure Incubation Data Breach

Troy Hunt

NOVEMBER 13, 2024

As I said, our IT department recently notified me that some of my data was leaked and a pre-emptive password reset was enforced as they didn't know what was leaked. It would be good to see it as an informational notification in case there's an increase in attack attempts against my email address.

Data breaches

Data breaches Passwords B2B Technology

GUEST ESSAY: Why automating distribution of strong passwords to employees is wise to do

The Last Watchdog

APRIL 28, 2022

Passwords have become ubiquitous with digital. The humble password is nothing more than a digital key that opens a door. And they use passwords to open a device, a system, an account, a file and so on. Which begs the question: why do people create their own passwords? Yet most people don’t know how to use them properly.

Passwords

Passwords Encryption Phishing Social Engineering

GUEST ESSAY: Understanding the security limits of the static and dynamic passwords we rely on

The Last Watchdog

JANUARY 31, 2022

We all rely on passwords. For better or worse, we will continue to use passwords to access our computing devices and digital services for years to come. Related : The coming of password-less access. Passwords were static to begin with. They have since been modified in two directions: biometrics and dynamic passwords.

Passwords

Passwords Computers and Electronics Password Management Artificial Intelligence

MY TAKE: Businesses gravitate to ‘passwordless’ authentication — widespread consumer use up next

The Last Watchdog

MAY 24, 2022

This is one giant leap towards getting rid of passwords entirely. Excising passwords as the security linchpin to digital services is long, long overdue. Password abuse at scale arose shortly after the decision got made in the 1990s to make shared secrets the basis for securing digital connections. Here are a few takeaways.

Authentication

Authentication Passwords Banking Digital transformation

Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability

The Hacker News

OCTOBER 4, 2024

Apple has released iOS and iPadOS updates to address two security issues, one of which could have allowed a user's passwords to be read out aloud by its VoiceOver assistive technology. The vulnerability, tracked as CVE-2024-44204, has been described as a logic problem in the new Passwords app impacting a slew of iPhones and iPads.

Passwords

Passwords Technology

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

Krebs on Security

JANUARY 16, 2025

Those who fall for the scam are asked to provide payment card data, and eventually will be asked to supply a one-time password sent via SMS or a mobile authentication app. Reports of similar SMS phishing attacks against customers of other U.S. state-run toll facilities surfaced around the same time as the MassDOT alert.

Phishing

Phishing Scams Mobile Passwords

The Life Cycle of a Breached Database

Krebs on Security

JULY 29, 2021

Every time there is another data breach, we are asked to change our password at the breached entity. Our continued reliance on passwords for authentication has contributed to one toxic data spill or hack after another.

Passwords

Passwords Password Management Phishing Scams

Lock Out Hackers: Why Every School Needs Strong Passwords

Security Boulevard

FEBRUARY 26, 2025

Lock Out Hackers: Why Every School Needs Strong Passwords We recently hosted a live webinar to help kick off 2025, encouraging you to strengthen your school districts cybersecurity and online safety systems. The post Lock Out Hackers: Why Every School Needs Strong Passwords appeared first on Security Boulevard.

Passwords

Passwords Technology Cybersecurity Education

Best of 2024: FIDO: Consumers are Adopting Passkeys for Authentication

Security Boulevard

DECEMBER 31, 2024

The FIDO Alliance found in a survey that as consumers become more familiar with passkeys, they are adopting the technology as a more secure alternative to passwords to authenticate their identities online. The post Best of 2024: FIDO: Consumers are Adopting Passkeys for Authentication appeared first on Security Boulevard.

Authentication

Authentication Passwords Technology

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Krebs on Security

NOVEMBER 21, 2024

technology companies between 2021 and 2023, including LastPass , MailChimp , Okta , T-Mobile and Twilio. The bot allowed the attackers to use the phished username, password and one-time code to log in as that employee at the real employer website.

Identity Theft

Identity Theft Phishing Cryptocurrency Accountability

Massive Oracle Cloud Breach: 6M Records Exposed, 140k+ Tenants Risked

eSecurity Planet

MARCH 24, 2025

The compromised database contains approximately 6 million lines of data, including critical assets such as JKS files, encrypted SSO passwords, key files, and enterprise manager JPS keys. Immediate mitigation measures include: Resetting passwords, particularly for privileged LDAP accounts. (region-name).oraclecloud.com),

Risk

Risk Passwords Hacking Encryption

Introducing the DEF CON 32 Hackers' Almanack

Adam Shostack

MARCH 26, 2025

Every year, thousands of hackers converge in Las Vegas for a joyous, crazy exploration of the edges of technology otherwise fondly called Hacker Summer Camp. Grateful to introduce the Hackers' Almanack! I wrote the introduction for The DEF CON 32 Hackers Almanack !

Data breaches

Data breaches Passwords Technology Hacking

RockYou2024: The Largest Password Compilation (10 Billion) Ever Leaked

SecureWorld News

JULY 8, 2024

Case in point: a colossal password compilation dubbed "RockYou2024" has emerged, containing nearly 10 billion unique passwords. The name "RockYou2024" pays homage to the infamous RockYou data breach of 2009, which exposed 32 million passwords due to insecure storage practices.

Passwords

Passwords Password Management Education Accountability

Hacked IoT Devices Livestreaming Swatting Attacks: FBI

Adam Levin

DECEMBER 30, 2020

In a public service announcement issued December 29, the FBI warned that “offenders have been using stolen e-mail passwords to access smart devices with cameras and voice capabilities and carry out swatting attacks.”. The post Hacked IoT Devices Livestreaming Swatting Attacks: FBI appeared first on Adam Levin.

IoT

IoT Hacking Internet Internet

From Notifications to Deepfakes: How Human Behaviour Is Shifting and What It Means for Cybersecurity

Jane Frankland

JANUARY 19, 2025

For us in cyber, how do we navigate these new digital threats especially when we layer in the rise of AI and deepfake technologies, and the stakes grow even higher? Deepfake Technology Amplifying Risks: The evolution and democratisation of deepfake technology have blurred the line between reality and fabrication.

Cybersecurity

Cybersecurity Technology Scams Risk

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Krebs on Security

DECEMBER 19, 2024

The cracked software is being resold as a cloud-based attack tool by at least two different services, one of which KrebsOnSecurity traced to an information technology firm based in Turkey. codes in 2021 using the password “ ceza2003 ” [full disclosure: Constella is currently an advertiser on KrebsOnSecurity].

Hacking

Hacking Cybercrime Advertising Data breaches

Breached Mashable User Database Leaked Online

Adam Levin

NOVEMBER 10, 2020

The personal information of technology and culture website Mashable.com users has been discovered in a leaked database online. The company specified that no user passwords or financial information had been compromised. Mashable announced the leak late November 8, in an announcement on its website. “[W]e

Passwords

Passwords Media Technology

How Spoutible’s Leaky API Spurted out a Deluge of Personal Data

Troy Hunt

FEBRUARY 4, 2024

Online security, technology and “The Cloud” Australian.", That's not unprecedented, but this is: password: "$2y$10$B0EhY/bQsa5zUYXQ6J.NkunGvUfYeVOH8JM1nZwHyLPBagbVzpEM2", No way! Is that genuinely a bcrypt hash of my own password? Weak passwords like. "spoutible" Pluralsight author.

Passwords

Passwords Accountability Backups Data breaches

Cybersecurity’s Comfort Zone Problem: Are you Guilty of it?

Jane Frankland

APRIL 15, 2025

While these technological investments have their value, theyre not enough to solve the fundamental problem the majority of risks come from humans. The Allure of Technology in Cybersecurity Cybersecurity professionals, like Gregs car-loving coffee enthusiast, often find comfort in technology.

Risk

Risk Technology Cybersecurity Security Awareness

Passwordless Authentication without Secrets!

Thales Cloud Protection & Licensing

OCTOBER 11, 2024

divya Fri, 10/11/2024 - 08:54 As user expectations for secure and seamless access continue to grow, the 2024 Thales Consumer Digital Trust Index (DTI) research revealed that 65% of users feel frustrated with frequent password resets. Thales serves customers around the world with a variety of needs, and therefore optionality is critical.

Authentication

Authentication Retail Healthcare Manufacturing

LW ROUNDTABLE: Predictive analytics, full-stack visualization to solidify cyber defenses in 2025

The Last Watchdog

DECEMBER 18, 2024

To wrap up our 2024 year-end roundtable, we turn our attention to new technologies and trends that are emerging to help bridge the gaps. Simic Bojan Simic , CEO, HYPR The era of passwords will further decline as credential misuse rises, with AI both aiding and challenging security efforts.

Risk

Risk Threat Detection Technology Phishing

Crooks bank on Microsoft’s search engine to phish customers

Malwarebytes

NOVEMBER 4, 2024

Once a victim types their user ID and password, criminals will receive the data immediately. Security questions (usually 3 of them) are also used to either reset a password or for some other verification purpose (maybe a login from a new browser or location). Passkeys come to mind immediately since they do not involve passwords at all.

Engineering

Engineering Phishing Banking Authentication

France’s second-largest telecoms provider Free suffered a cyber attack

Security Affairs

OCTOBER 28, 2024

“No passwords” , “no bank cards” , “no content of communications (emails, SMS, voice messages, etc.)” The company said that passwords and bank card details were not compromised, it also pointed out that its customers’ communications were not exposed.

Cyber Attacks

Cyber Attacks Telecommunications Data breaches Banking

Russia warns financial sector organizations of IT service provider LANIT compromise

Security Affairs

FEBRUARY 25, 2025

“The NKTsKI recommends that all organizations change passwords and keys for accessing their systems operated in LANIT data processing centers as soon as possible. LANIT Group (Laboratory of New Information Technologies) is one of Russia’s largest IT service and software providers. In May 2024, U.S. ” said U.S.

Telecommunications

Telecommunications Software Technology Healthcare

GUEST ESSAY: The case for shifting to ‘personal authentication’ as the future of identity

The Last Watchdog

FEBRUARY 3, 2022

I currently have over 450 accounts that use passwords combined with a variety of two-factor authentication methods. Related: How the Fido Alliance enables password-less authentication. I don’t know every password; indeed, each password is long, complex and unique.

Authentication

Authentication Passwords Accountability Technology

Seized Genesis Market Data is Now Searchable in Have I Been Pwned, Courtesy of the FBI and "Operation Cookie Monster"

Troy Hunt

APRIL 5, 2023

In its simplest form, the illegal data marketplace has long involved the exchange of currency for personal records containing attributes such as email addresses, passwords, names, etc. We block known breached passwords. So, we (the good guys) adapt and build better defences. We implement two factor authentication.

Marketing

Marketing Passwords Authentication Accountability

10 Behaviors That Will Reduce Your Risk Online

Daniel Miessler

MAY 14, 2020

Use unique, strong passwords, and store them in a password manager. Many people get hacked from having guessable or previously compromised passwords. Good passwords are long, random, and unique to each account, which means it’s impossible for a human to manage them on their own. Automatic Logins Using Lastpass.

Risk

Risk Passwords Password Management Accountability

Mollitiam Industries is the Newest Cyberweapons Arms Manufacturer

Schneier on Security

JUNE 23, 2021

Its spyware is also said to be equipped with a keylogger, which means every keystroke made on an infected device — including passwords, search queries and messages sent via encrypted messaging apps — can be tracked and monitored.

Manufacturing

Manufacturing Spyware Surveillance Marketing

Cybersecurity Resolutions for 2025

IT Security Guru

JANUARY 9, 2025

Cybercriminals weaponise AI to speed up and scale traditional attack tactics, such as phishing and password cracking, while also creating entirely new forms of cyber threats. Key elements in protecting against AI-driven threats include timely software updates, network security improvements and strong password policies.

Cybersecurity

Cybersecurity Cyber threats Architecture Digital transformation

ChatGPT-Written Malware

Schneier on Security

JANUARY 10, 2023

Another part used a hard-coded password to encrypt system files using the Blowfish and Twofish algorithms. And the technology will only get better. A third used RSA keys and digital signatures, message signing, and the blake2 hash function to compare various files. Check Point Research report.

Malware

Malware Encryption Cybercrime Passwords

GUEST ESSAY: Why it’s high time for us to rely primarily on passwordless authentication

The Last Watchdog

JULY 24, 2023

Accessing vital information to complete day-to-day tasks at our jobs still requires using a password-based system at most companies. Today, bad actors are ruthlessly skilled at cracking passwords – whether through phishing attacks, social engineering, brute force, or buying them on the dark web.

Authentication

Authentication Passwords Phishing Social Engineering

Third-Party Identities: The Weakest Link in Your Cybersecurity Supply Chain

Security Affairs

OCTOBER 28, 2024

Many companies may not know that while IAM is a critical security tool for dealing with third-party risk, it is also a technological boon that can help organizations scale, integrate with other systems, and overcome some of the challenges of digitization. So, what’s a bit of increased risk where usernames and passwords are concerned?

B2B

B2B Cybersecurity Risk Identity Theft

U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

OCTOBER 25, 2024

Cisco warned customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services configured on Cisco Secure Firewall devices. The company published a document containing recommendations against password spray attacks aimed at Remote Access VPN (RAVPN) services.

VPN

VPN Firewall Technology Passwords

Sweet Treats, Sour Breach: Cyberattack Hits Krispy Kreme

SecureWorld News

DECEMBER 12, 2024

Thankfully, customers can still visit physical stores to purchase their favorite treats, but the incident reminds us of our operational reliance on interconnected technologies. Strong Password Management: Enforce strong, unique passwords and multi-factor authentication to protect against unauthorized access.

Password Management

Password Management Passwords CISO Cybersecurity

Ukraine Nabs Suspect in 773M Password ?Megabreach?

‘War Dialing’ Tool Exposes Zoom’s Password Problems

Trending Sources

Ubiquiti: Change Your Password, Enable 2FA

The Rise of One-Time Password Interception Bots

Why Your Enterprise Needs FIDO Authentication Technology

Fintech Startup Offers $500 for Payroll Passwords

Processing 23 Billion Rows of ALIEN TXTBASE Stealer Logs

Your Phone May Soon Replace Many of Your Passwords

News alert: INE Security shares cyber hygiene guidance for small- and medium-sized businesses

How to Use LastPass Password Manager

Inside the DemandScience by Pure Incubation Data Breach

GUEST ESSAY: Why automating distribution of strong passwords to employees is wise to do

GUEST ESSAY: Understanding the security limits of the static and dynamic passwords we rely on

MY TAKE: Businesses gravitate to ‘passwordless’ authentication — widespread consumer use up next

Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

The Life Cycle of a Breached Database

Lock Out Hackers: Why Every School Needs Strong Passwords

Best of 2024: FIDO: Consumers are Adopting Passkeys for Authentication

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Massive Oracle Cloud Breach: 6M Records Exposed, 140k+ Tenants Risked

Introducing the DEF CON 32 Hackers' Almanack

RockYou2024: The Largest Password Compilation (10 Billion) Ever Leaked

Hacked IoT Devices Livestreaming Swatting Attacks: FBI

From Notifications to Deepfakes: How Human Behaviour Is Shifting and What It Means for Cybersecurity

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Breached Mashable User Database Leaked Online

How Spoutible’s Leaky API Spurted out a Deluge of Personal Data

Cybersecurity’s Comfort Zone Problem: Are you Guilty of it?

Passwordless Authentication without Secrets!

LW ROUNDTABLE: Predictive analytics, full-stack visualization to solidify cyber defenses in 2025

Crooks bank on Microsoft’s search engine to phish customers

France’s second-largest telecoms provider Free suffered a cyber attack

Russia warns financial sector organizations of IT service provider LANIT compromise

GUEST ESSAY: The case for shifting to ‘personal authentication’ as the future of identity

Seized Genesis Market Data is Now Searchable in Have I Been Pwned, Courtesy of the FBI and "Operation Cookie Monster"

10 Behaviors That Will Reduce Your Risk Online

Mollitiam Industries is the Newest Cyberweapons Arms Manufacturer

Cybersecurity Resolutions for 2025

ChatGPT-Written Malware

GUEST ESSAY: Why it’s high time for us to rely primarily on passwordless authentication

Third-Party Identities: The Weakest Link in Your Cybersecurity Supply Chain

U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog

Sweet Treats, Sour Breach: Cyberattack Hits Krispy Kreme

Stay Connected