Think Tanks Targeted by APT Actors

Dec 3, 2020 8:28:48 AM By Stu Sjouwerman
The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued a joint advisory warning that nation-state advanced persistent threat (APT) actors are targeting US ...
Continue Reading

Credential-Stealing VPN Exploits

Nov 25, 2020 9:43:09 AM By Stu Sjouwerman
A hacker has published an exploit for a critical vulnerability in Fortinet VPN devices, along with a list of 49,577 vulnerable devices, BleepingComputer reports. Fortinet released a patch ...
Continue Reading

One-Third of Employees Say Their Company Has No Cybersecurity Measures in Place While Working from Home

Nov 20, 2020 11:15:49 AM By Stu Sjouwerman
At a time when organizations should be implementing additional security measure to ensure the logical perimeter of their network is protected, new research shows companies aren’t prepared.
Continue Reading

The Most Common Password Frustrations

Nov 9, 2020 5:01:48 PM By Roger Grimes
We all know the well-worn adage to make our passwords long and complex. Sometimes trying to do so can be completely frustrating.
Continue Reading

6 Lessons I Learned from Hacking 130 MFA Solutions

Nov 5, 2020 2:16:43 PM By Roger Grimes
I was fortunate enough to write Wiley’s Hacking Multifactor Authentication. It’s nearly 600-pages dedicated to showing attacks against various multi-factor authentication (MFA) solutions ...
Continue Reading

Unfortunate Learning Lessons from Clicking on a Suspicious Phishing Email

Nov 5, 2020 11:19:02 AM By Stu Sjouwerman
Israeli news source YNet released a story about a woman who clicked on a suspicious phishing link, was fired from her job, and was accused of fraud with a criminal indictment.
Continue Reading

Organizational Security Posture Effectiveness Declines by 38% Due to COVID

Nov 4, 2020 7:02:00 AM By Stu Sjouwerman
Remote workforces, insecure devices, a lack of multi-factor authentication, and a lack of user education all add up to a security nightmare for the average organization today.
Continue Reading

WARNING: Americans’ Password Habits are Horrible, Putting Organizations at Risk

Nov 4, 2020 7:01:00 AM By Stu Sjouwerman
New data shows the average American uses short, uncomplicated, and often predictable passwords, practices which only increase the insecurity of corporate user accounts.
Continue Reading

Researchers Discover Most Microsoft 365 Admins Don't Enable Multi-Factor Authentication

Oct 27, 2020 12:31:02 PM By Stu Sjouwerman
Researchers from CoreView recently discovered that 97% of all total Microsoft 365 users do not utilize multi-factor authentication (MFA). A staggering 78% of Microsoft 365 admins do not ...
Continue Reading

[NEW BOOK] Hacking Multi-Factor Authentication

Oct 27, 2020 8:58:07 AM By Roger Grimes
I’m excited to announce the release of my 12th book, Hacking Multifactor Authentication.
Continue Reading

Cybersecurity Awareness Month Weekly Tip: Password Security

Oct 13, 2020 7:00:00 AM By Stu Sjouwerman
Each week during Cybersecurity Awareness Month, we’re going to be sharing in-depth weekly cybersecurity tips from our evangelists to help your users make smarter security decisions and ...
Continue Reading

Phishing Campaign Goes After AT&T Employees’ MFA Codes

Sep 29, 2020 8:22:37 AM By Stu Sjouwerman
A phishing campaign is targeting AT&T employees and contractors with a well-crafted fake login page, according to Luke Leal at Sucuri. The phishing page is a near-exact replica of AT&T ...
Continue Reading

Credential Stuffing to Stuff the Ballot Box

Sep 22, 2020 10:20:17 AM By Stu Sjouwerman
Advanced nation-state actors and petty criminals are both leveraging credential-stuffing attacks to hack into victims’ accounts, according to Byron Acohido, writing for Avast. Rather than ...
Continue Reading

Credential Stuffing Used Against Financial Services

Sep 21, 2020 8:27:15 AM By Stu Sjouwerman
A security alert from the FBI warns that hackers are launching credential-stuffing attacks against organizations in the financial sector, ZDNet reports.
Continue Reading

CISA’s Advice on Countering Phishing

Sep 14, 2020 10:19:06 AM By Stu Sjouwerman
The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has published an advisory on best practices to thwart email-based phishing attacks. The ...
Continue Reading

Are Account Takeovers Driving Towards a Passwordless Future?

Jul 27, 2020 10:00:39 AM By Javvad Malik
The bad guys will try to take over accounts all the time. Logging onto someone's account with their credentials is usually a whole lot easier than trying to compromise the website ...
Continue Reading

Like Twitter, MFA Will Not Save You!

Jul 16, 2020 1:24:50 PM By Roger Grimes
I’m sure we are all interested in the latest Twitter hack. As the author of the soon to be released Wiley book called Hacking Multifactor Authentication, I have to laugh at the “experts” ...
Continue Reading

More Than 15 Billion Credentials Are For Sale in Criminal Markets

Jul 8, 2020 3:50:09 PM By Stu Sjouwerman
Researchers at Digital Shadows warn that there are more than 15 billion leaked login credentials for sale in online criminal marketplaces. This number is up 300% since 2018, and the ...
Continue Reading

Multifactor Authentication Versus Credential Stuffing?

Jun 11, 2020 12:51:34 PM By Stu Sjouwerman
You shouldn’t assume multi-factor authentication will protect your accounts from credential stuffing attacks, according to Gerhard Giese at Akamai. Credential stuffing is a type of ...
Continue Reading

Remote Work Isn’t Good for Corporate Security (Part 1): 6 in 10 Employee’s Online Accounts Have Been Compromised Since Working Remotely

Jun 4, 2020 8:20:45 AM By Stu Sjouwerman
Working from home has its advantages. But, according to new data, one of them isn’t keeping the organization secure.
Continue Reading
Subscribe

Search Our Blog


Ransomware Hostage Rescue Manual

Subscribe To Our Blog

Posts By Topic

View all

Get the latest about social engineering

Subscribe to CyberheistNews