Passwords and Technology - Cyber Security Informer

Ukraine Nabs Suspect in 773M Password ?Megabreach?

Krebs on Security

MAY 19, 2020

In January 2019, dozens of media outlets raised the alarm about a new “megabreach” involving the release of some 773 million stolen usernames and passwords that was breathlessly labeled “the largest collection of stolen data in history.” By far the most important passwords are those protecting our email inbox(es).

Passwords

Passwords Accountability Hacking Password Management

‘War Dialing’ Tool Exposes Zoom’s Password Problems

Krebs on Security

APRIL 2, 2020

But without the protection of a password, there’s a decent chance your next Zoom meeting could be “Zoom bombed” — attended or disrupted by someone who doesn’t belong. zWarDial, an automated tool for finding non-password protected Zoom meetings.

Passwords

Passwords Media Technology Accountability

Ubiquiti: Change Your Password, Enable 2FA

Krebs on Security

JANUARY 11, 2021

Ubiquiti , a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. Change your password. In an email sent to customers today, Ubiquiti Inc. Enable 2FA.

Passwords

Passwords Authentication Firmware Accountability

Home Assistant, Pwned Passwords and Security Misconceptions

Troy Hunt

MARCH 10, 2021

Pwned Passwords is a repository of 613M passwords exposed in previous data breaches, which makes them very poor choices for future use. They're totally free and they have a really cool anonymity API that ensures no useful information about the password being searched for is ever exposed.

Passwords

Passwords IoT Password Management Data breaches

The Rise of One-Time Password Interception Bots

Krebs on Security

SEPTEMBER 29, 2021

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. An ad for the OTP interception service/bot “SMSRanger.”

Passwords

Passwords Mobile Authentication Banking

Processing 23 Billion Rows of ALIEN TXTBASE Stealer Logs

Troy Hunt

FEBRUARY 25, 2025

We've also added 244M passwords we've never seen before to Pwned Passwords and updated the counts against another 199M that were already in there. The file in the image above contained over 36 million rows of data consisting of website URLs and the email addresses and passwords entered into them.

Passwords

Passwords Accountability VPN Malware

Fintech Startup Offers $500 for Payroll Passwords

Krebs on Security

MAY 10, 2021

One financial startup that’s targeting the gig worker market is offering up to $500 to anyone willing to hand over the payroll account username and password given to them by their employer, plus a regular payment for each month afterwards in which those credentials still work. This ad, from workplaceunited[.]com, Click to enlarge.

Passwords

Passwords Mobile Accountability Marketing

Your Phone May Soon Replace Many of Your Passwords

Krebs on Security

MAY 7, 2022

Apple , Google and Microsoft announced this week they will soon support an approach to authentication that avoids passwords altogether, and instead requires users to merely unlock their smartphones to sign in to websites or online services. “I worry about forgotten password recovery for cloud accounts.” Image: Blog.google.

Passwords

Passwords Authentication Accountability Mobile

News alert: INE Security shares cyber hygiene guidance for small- and medium-sized businesses

The Last Watchdog

OCTOBER 23, 2024

As small businesses increasingly depend on digital technologies to operate and grow, the risks associated with cyber threats also escalate. Tip 2: Implementing Strong Password Policies Weak passwords can be easily compromised, giving attackers access to sensitive systems and data. Cary, NC, Oct.

Small Business

Small Business Data breaches Backups Passwords

GUEST ESSAY: Why automating distribution of strong passwords to employees is wise to do

The Last Watchdog

APRIL 28, 2022

Passwords have become ubiquitous with digital. The humble password is nothing more than a digital key that opens a door. And they use passwords to open a device, a system, an account, a file and so on. Which begs the question: why do people create their own passwords? Yet most people don’t know how to use them properly.

Passwords

Passwords Encryption Phishing Social Engineering

GUEST ESSAY: Understanding the security limits of the static and dynamic passwords we rely on

The Last Watchdog

JANUARY 31, 2022

We all rely on passwords. For better or worse, we will continue to use passwords to access our computing devices and digital services for years to come. Related : The coming of password-less access. Passwords were static to begin with. They have since been modified in two directions: biometrics and dynamic passwords.

Passwords

Passwords Computers and Electronics Password Management Artificial Intelligence

Inside the DemandScience by Pure Incubation Data Breach

Troy Hunt

NOVEMBER 13, 2024

As I said, our IT department recently notified me that some of my data was leaked and a pre-emptive password reset was enforced as they didn't know what was leaked. It would be good to see it as an informational notification in case there's an increase in attack attempts against my email address.

Data breaches

Data breaches Passwords B2B Technology

Lock Out Hackers: Why Every School Needs Strong Passwords

Security Boulevard

FEBRUARY 26, 2025

Lock Out Hackers: Why Every School Needs Strong Passwords We recently hosted a live webinar to help kick off 2025, encouraging you to strengthen your school districts cybersecurity and online safety systems. The post Lock Out Hackers: Why Every School Needs Strong Passwords appeared first on Security Boulevard.

Passwords

Passwords Technology Cybersecurity Education

MY TAKE: Businesses gravitate to ‘passwordless’ authentication — widespread consumer use up next

The Last Watchdog

MAY 24, 2022

This is one giant leap towards getting rid of passwords entirely. Excising passwords as the security linchpin to digital services is long, long overdue. Password abuse at scale arose shortly after the decision got made in the 1990s to make shared secrets the basis for securing digital connections. Here are a few takeaways.

Authentication

Authentication Passwords Banking Digital transformation

Data leak at fintech giant Direct Trading Technologies

Security Affairs

JANUARY 31, 2024

Sensitive data and trading activity of over 300K traders leaked online by international fintech firm Direct Trading Technologies. Direct Trading Technologies, an international fintech company, jeopardized over 300K traders by leaking their sensitive data and trading activity, thereby putting them at risk of an account takeover.

Technology

Technology Identity Theft Backups Passwords

News alert: SpyCloud accelerates supply chain risk analysis with new ‘IDLink’ correlation capability

The Last Watchdog

OCTOBER 10, 2024

SpyCloud Investigations now includes IDLink, the company’s advanced analytics technology that automatically delivers expanded digital identity results from a simple search query.

Risk

Risk Cybercrime Identity Theft Phishing

Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability

The Hacker News

OCTOBER 4, 2024

Apple has released iOS and iPadOS updates to address two security issues, one of which could have allowed a user's passwords to be read out aloud by its VoiceOver assistive technology. The vulnerability, tracked as CVE-2024-44204, has been described as a logic problem in the new Passwords app impacting a slew of iPhones and iPads.

Passwords

Passwords Technology

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

Krebs on Security

JANUARY 16, 2025

Those who fall for the scam are asked to provide payment card data, and eventually will be asked to supply a one-time password sent via SMS or a mobile authentication app. Reports of similar SMS phishing attacks against customers of other U.S. state-run toll facilities surfaced around the same time as the MassDOT alert.

Phishing

Phishing Scams Mobile Passwords

The Life Cycle of a Breached Database

Krebs on Security

JULY 29, 2021

Every time there is another data breach, we are asked to change our password at the breached entity. Our continued reliance on passwords for authentication has contributed to one toxic data spill or hack after another.

Passwords

Passwords Password Management Phishing Scams

Best of 2024: FIDO: Consumers are Adopting Passkeys for Authentication

Security Boulevard

DECEMBER 31, 2024

The FIDO Alliance found in a survey that as consumers become more familiar with passkeys, they are adopting the technology as a more secure alternative to passwords to authenticate their identities online. The post Best of 2024: FIDO: Consumers are Adopting Passkeys for Authentication appeared first on Security Boulevard.

Authentication

Authentication Passwords Technology

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Krebs on Security

NOVEMBER 21, 2024

technology companies between 2021 and 2023, including LastPass , MailChimp , Okta , T-Mobile and Twilio. The bot allowed the attackers to use the phished username, password and one-time code to log in as that employee at the real employer website.

Identity Theft

Identity Theft Phishing Cryptocurrency Accountability

Russia warns financial sector organizations of IT service provider LANIT compromise

Security Affairs

FEBRUARY 25, 2025

“The NKTsKI recommends that all organizations change passwords and keys for accessing their systems operated in LANIT data processing centers as soon as possible. LANIT Group (Laboratory of New Information Technologies) is one of Russia’s largest IT service and software providers. In May 2024, U.S. ” said U.S.

Telecommunications

Telecommunications Software Healthcare Technology

Hacked IoT Devices Livestreaming Swatting Attacks: FBI

Adam Levin

DECEMBER 30, 2020

In a public service announcement issued December 29, the FBI warned that “offenders have been using stolen e-mail passwords to access smart devices with cameras and voice capabilities and carry out swatting attacks.”. The post Hacked IoT Devices Livestreaming Swatting Attacks: FBI appeared first on Adam Levin.

IoT

IoT Hacking Internet Internet

RockYou2024: The Largest Password Compilation (10 Billion) Ever Leaked

SecureWorld News

JULY 8, 2024

Case in point: a colossal password compilation dubbed "RockYou2024" has emerged, containing nearly 10 billion unique passwords. The name "RockYou2024" pays homage to the infamous RockYou data breach of 2009, which exposed 32 million passwords due to insecure storage practices.

Passwords

Passwords Password Management Education Accountability

From Notifications to Deepfakes: How Human Behaviour Is Shifting and What It Means for Cybersecurity

Jane Frankland

JANUARY 19, 2025

For us in cyber, how do we navigate these new digital threats especially when we layer in the rise of AI and deepfake technologies, and the stakes grow even higher? Deepfake Technology Amplifying Risks: The evolution and democratisation of deepfake technology have blurred the line between reality and fabrication.

Cybersecurity

Cybersecurity Technology Scams Risk

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Krebs on Security

DECEMBER 19, 2024

The cracked software is being resold as a cloud-based attack tool by at least two different services, one of which KrebsOnSecurity traced to an information technology firm based in Turkey. codes in 2021 using the password “ ceza2003 ” [full disclosure: Constella is currently an advertiser on KrebsOnSecurity].

Hacking

Hacking Cybercrime Advertising Data breaches

Breached Mashable User Database Leaked Online

Adam Levin

NOVEMBER 10, 2020

The personal information of technology and culture website Mashable.com users has been discovered in a leaked database online. The company specified that no user passwords or financial information had been compromised. Mashable announced the leak late November 8, in an announcement on its website. “[W]e

Passwords

Passwords Media Technology

How Spoutible’s Leaky API Spurted out a Deluge of Personal Data

Troy Hunt

FEBRUARY 4, 2024

Online security, technology and “The Cloud” Australian.", That's not unprecedented, but this is: password: "$2y$10$B0EhY/bQsa5zUYXQ6J.NkunGvUfYeVOH8JM1nZwHyLPBagbVzpEM2", No way! Is that genuinely a bcrypt hash of my own password? Weak passwords like. "spoutible" Pluralsight author.

Passwords

Passwords Accountability Backups Data breaches

Passwordless Authentication without Secrets!

Thales Cloud Protection & Licensing

OCTOBER 11, 2024

divya Fri, 10/11/2024 - 08:54 As user expectations for secure and seamless access continue to grow, the 2024 Thales Consumer Digital Trust Index (DTI) research revealed that 65% of users feel frustrated with frequent password resets. Thales serves customers around the world with a variety of needs, and therefore optionality is critical.

Authentication

Authentication Retail Healthcare Manufacturing

LW ROUNDTABLE: Predictive analytics, full-stack visualization to solidify cyber defenses in 2025

The Last Watchdog

DECEMBER 18, 2024

To wrap up our 2024 year-end roundtable, we turn our attention to new technologies and trends that are emerging to help bridge the gaps. Simic Bojan Simic , CEO, HYPR The era of passwords will further decline as credential misuse rises, with AI both aiding and challenging security efforts.

Risk

Risk Threat Detection Technology Phishing

France’s second-largest telecoms provider Free suffered a cyber attack

Security Affairs

OCTOBER 28, 2024

“No passwords” , “no bank cards” , “no content of communications (emails, SMS, voice messages, etc.)” The company said that passwords and bank card details were not compromised, it also pointed out that its customers’ communications were not exposed.

Cyber Attacks

Cyber Attacks Telecommunications Data breaches Banking

Crooks bank on Microsoft’s search engine to phish customers

Malwarebytes

NOVEMBER 4, 2024

Once a victim types their user ID and password, criminals will receive the data immediately. Security questions (usually 3 of them) are also used to either reset a password or for some other verification purpose (maybe a login from a new browser or location). Passkeys come to mind immediately since they do not involve passwords at all.

Engineering

Engineering Phishing Banking Authentication

You Don't Need to Burn off Your Fingertips (and Other Biometric Authentication Myths)

Troy Hunt

SEPTEMBER 9, 2021

As technology has evolved, fingers (and palms and irises and faces) have increasingly been used as a means of biometric authentication. But doesn't this all make biometrics like passwords? What happens if someone obtains, say, my fingerprint just like they may obtain my password in a data breach or a phishing attack?

Authentication

Authentication Passwords Data breaches Risk

GUEST ESSAY: The case for shifting to ‘personal authentication’ as the future of identity

The Last Watchdog

FEBRUARY 3, 2022

I currently have over 450 accounts that use passwords combined with a variety of two-factor authentication methods. Related: How the Fido Alliance enables password-less authentication. I don’t know every password; indeed, each password is long, complex and unique.

Authentication

Authentication Passwords Accountability Technology

Storm-2372 used the device code phishing technique since August 2024

Security Affairs

FEBRUARY 16, 2025

Storm-2372s targets during this time have included government, non-governmental organizations (NGOs), information technology (IT) services and technology, defense, telecommunications, health, higher education, and energy/oil and gas in Europe, North America, Africa, and the Middle East.”

Phishing

Phishing Authentication Telecommunications Accountability

Mollitiam Industries is the Newest Cyberweapons Arms Manufacturer

Schneier on Security

JUNE 23, 2021

Its spyware is also said to be equipped with a keylogger, which means every keystroke made on an infected device — including passwords, search queries and messages sent via encrypted messaging apps — can be tracked and monitored.

Manufacturing

Manufacturing Spyware Surveillance Marketing

Breaking the Barriers to a Password-Free Life in Enterprise: Meet SafeNet eToken Fusion NFC PIV security key

Thales Cloud Protection & Licensing

MARCH 12, 2025

Breaking the Barriers to a Password-Free Life in Enterprise: Meet SafeNet eToken Fusion NFC PIV security key madhav Thu, 03/13/2025 - 06:46 As large organizations increasingly shift towards passwordless solutions, the benefits are clear: enhanced user experience, improved security, and significant cost savings. Trade Agreements Act (TAA).

Passwords

Passwords Authentication Digital transformation Government

Seized Genesis Market Data is Now Searchable in Have I Been Pwned, Courtesy of the FBI and "Operation Cookie Monster"

Troy Hunt

APRIL 5, 2023

In its simplest form, the illegal data marketplace has long involved the exchange of currency for personal records containing attributes such as email addresses, passwords, names, etc. We block known breached passwords. So, we (the good guys) adapt and build better defences. We implement two factor authentication.

Marketing

Marketing Passwords Authentication Accountability

10 Behaviors That Will Reduce Your Risk Online

Daniel Miessler

MAY 14, 2020

Use unique, strong passwords, and store them in a password manager. Many people get hacked from having guessable or previously compromised passwords. Good passwords are long, random, and unique to each account, which means it’s impossible for a human to manage them on their own. Automatic Logins Using Lastpass.

Risk

Risk Password Management Passwords Accountability

Facebook and Instagram outage logs out users, passwords not working

Bleeping Computer

MARCH 5, 2024

Facebook and Instagram users worldwide have been logged out of the sites and are having trouble logging in, receiving errors that their passwords are incorrect. [.]

Passwords

Passwords Technology Software

Cybersecurity Resolutions for 2025

IT Security Guru

JANUARY 9, 2025

Cybercriminals weaponise AI to speed up and scale traditional attack tactics, such as phishing and password cracking, while also creating entirely new forms of cyber threats. Key elements in protecting against AI-driven threats include timely software updates, network security improvements and strong password policies.

Cybersecurity

Cybersecurity Cyber threats Architecture Digital transformation

Third-Party Identities: The Weakest Link in Your Cybersecurity Supply Chain

Security Affairs

OCTOBER 28, 2024

Many companies may not know that while IAM is a critical security tool for dealing with third-party risk, it is also a technological boon that can help organizations scale, integrate with other systems, and overcome some of the challenges of digitization. So, what’s a bit of increased risk where usernames and passwords are concerned?

B2B

B2B Cybersecurity Risk Identity Theft

U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

OCTOBER 25, 2024

Cisco warned customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services configured on Cisco Secure Firewall devices. The company published a document containing recommendations against password spray attacks aimed at Remote Access VPN (RAVPN) services.

VPN

VPN Firewall Technology Passwords

ChatGPT-Written Malware

Schneier on Security

JANUARY 10, 2023

Another part used a hard-coded password to encrypt system files using the Blowfish and Twofish algorithms. And the technology will only get better. A third used RSA keys and digital signatures, message signing, and the blake2 hash function to compare various files. Check Point Research report.

Malware

Malware Encryption Cybercrime Passwords

Ukraine Nabs Suspect in 773M Password ?Megabreach?

‘War Dialing’ Tool Exposes Zoom’s Password Problems

Trending Sources

Ubiquiti: Change Your Password, Enable 2FA

Home Assistant, Pwned Passwords and Security Misconceptions

The Rise of One-Time Password Interception Bots

Processing 23 Billion Rows of ALIEN TXTBASE Stealer Logs

Fintech Startup Offers $500 for Payroll Passwords

Your Phone May Soon Replace Many of Your Passwords

News alert: INE Security shares cyber hygiene guidance for small- and medium-sized businesses

GUEST ESSAY: Why automating distribution of strong passwords to employees is wise to do

GUEST ESSAY: Understanding the security limits of the static and dynamic passwords we rely on

Inside the DemandScience by Pure Incubation Data Breach

Lock Out Hackers: Why Every School Needs Strong Passwords

MY TAKE: Businesses gravitate to ‘passwordless’ authentication — widespread consumer use up next

Data leak at fintech giant Direct Trading Technologies

News alert: SpyCloud accelerates supply chain risk analysis with new ‘IDLink’ correlation capability

Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

The Life Cycle of a Breached Database

Best of 2024: FIDO: Consumers are Adopting Passkeys for Authentication

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Russia warns financial sector organizations of IT service provider LANIT compromise

Hacked IoT Devices Livestreaming Swatting Attacks: FBI

RockYou2024: The Largest Password Compilation (10 Billion) Ever Leaked

From Notifications to Deepfakes: How Human Behaviour Is Shifting and What It Means for Cybersecurity

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Breached Mashable User Database Leaked Online

How Spoutible’s Leaky API Spurted out a Deluge of Personal Data

Passwordless Authentication without Secrets!

LW ROUNDTABLE: Predictive analytics, full-stack visualization to solidify cyber defenses in 2025

France’s second-largest telecoms provider Free suffered a cyber attack

Crooks bank on Microsoft’s search engine to phish customers

You Don't Need to Burn off Your Fingertips (and Other Biometric Authentication Myths)

GUEST ESSAY: The case for shifting to ‘personal authentication’ as the future of identity

Storm-2372 used the device code phishing technique since August 2024

Mollitiam Industries is the Newest Cyberweapons Arms Manufacturer

Breaking the Barriers to a Password-Free Life in Enterprise: Meet SafeNet eToken Fusion NFC PIV security key

Seized Genesis Market Data is Now Searchable in Have I Been Pwned, Courtesy of the FBI and "Operation Cookie Monster"

10 Behaviors That Will Reduce Your Risk Online

Facebook and Instagram outage logs out users, passwords not working

Cybersecurity Resolutions for 2025

Third-Party Identities: The Weakest Link in Your Cybersecurity Supply Chain

U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog

ChatGPT-Written Malware

Stay Connected