Q&A With Data-Driven Evangelist Roger Grimes on the Great Password Debate

May 6, 2020 10:03:21 AM By Roger Grimes

I get asked a lot about password policy during my travels around the globe giving presentations and from people who email after webinars. Many of the questions are the same and I’ve ...

Anti-Virus, Identity Protection Phishbait

Mar 5, 2020 8:29:19 AM By Stu Sjouwerman

A phishing campaign is using fake NortonLifelock documents to trick victims into installing a remote access tool, according to researchers at Palo Alto Networks’ Unit 42. The documents ...

Most Organizations Stick to Legacy Password Security Practices Despite Experiencing Cyberattacks

Feb 21, 2020 8:24:51 AM By Stu Sjouwerman

In a surprising twist, new data sheds light on the lack of proper security around passwords and authentication by IT at a time when cyberattacks are all but an absolute given.

U.K. Report: "We’re Doomed-Passwords Aren’t Strong or Secure"

Jan 20, 2020 12:12:34 PM By Stu Sjouwerman

A recent survey of over 2,000 U.K. broadband users shows that individuals don’t use good password hygiene or secure storage to protect themselves against future cyberattacks.

New Office 365 Phishing Attack Targets OAuth Apps Instead of Credentials

Jan 9, 2020 8:43:14 AM By Stu Sjouwerman

Trying to steal your username and password is so “yesterday.” The 2020 Hacker is now leveraging Office 365 OAuth APIs to gain control over user mailboxes with phishing tactics.

Dancing with Hackers

Dec 19, 2019 9:25:11 AM By Javvad Malik

Dancing with the Stars pro Witney Carson announced on Twitter that her Facebook account had been hacked. Unknown miscreants gained control of Carson’s Facebook through a unique phishing ...

Have Your Users Been Exposed in the 8.5 Billion Breached Records This Year?

Dec 10, 2019 9:00:00 AM By Stu Sjouwerman

Data breaches are getting bigger, the bad guys are getting more cunning, and the amount of compromised data is unfortunately continuing to rise. According to RiskBased Security, breach ...

63% of Workers Reuse Passwords For Multiple Work Devices and Applications

Dec 5, 2019 2:19:50 PM By Stu Sjouwerman

According to Enterprise Strategy Group, 63% of workers have reported using the same password for multiple work devices and/or applications. This just one statistic from ESG's upcoming ...

You Have Not Suffered A Data Breach But How Do You Prevent Credential-Stuffing Attacks?

Dec 5, 2019 7:02:26 AM By Stu Sjouwerman

Frequent data breaches and the widespread availability of automated tools to take advantage of the compromised information have greatly increased the efficiency of credential stuffing ...

Malicious Actors the World Over Endorse This One Security Practice

Nov 18, 2019 1:56:11 PM By Stu Sjouwerman

If you're working the trenches in your organization's IT department, then one of your more consistently annoying headaches involves passwords. Users and their passwords are the ongoing ...

[Heads-Up] Scam Of The Week: Thousands Of Hacked Disney+ Accounts Are Already For Sale On Criminal Sites

Nov 18, 2019 7:00:00 AM By Stu Sjouwerman

Apart from me, guess who has been anticipating the Disney+ channel?

Don’t Fall Victim to Breach Fatigue

Oct 18, 2019 7:04:45 AM By Stu Sjouwerman

People shouldn’t let news of data breaches dissuade them from trying to protect their information, according to security researcher Ray [REDACTED]. On the CyberWire’s Hacking Human ...

What Footballers Wives Can Teach Us About Cybersecurity

Oct 15, 2019 12:00:00 PM By Javvad Malik

Professional football (soccer for my American friends) is big around the world. The English Premier League is among the top in the world, attracting some of the best players, generating ...

More Than 2.2 Billion Stolen Account Credentials Have Been Made Available on the Dark Web

Oct 7, 2019 7:05:04 AM By Stu Sjouwerman

2019 is looking to be the year of the “data dump”, with more exposed records than any other year, empowering further credential stuffing attacks, according to McAfee.

18 Months, 61 Billion Credential-Stuffing Attacks

Sep 18, 2019 7:16:16 AM By Stu Sjouwerman

Akamai observed 61 billion credential stuffing attacks between January 2018 and June 2019, according to Computer Business Review. In a new report on Internet security, Akamai researchers ...

Microsoft Kills Password Expiration Policy Recommendation with Latest Security Baseline for Windows 10

Jul 1, 2019 8:28:52 AM By Stu Sjouwerman

This change from Microsoft highlights the need for organizations to readdress the user-based insecurity of passwords caused by password expirations.

Biometrics Can’t Replace Passwords: A Cybercriminal's Dream

Jun 4, 2019 1:11:44 PM By Stu Sjouwerman

In the quest to create a more secure environment, new ways to authenticate that replace the password are being sought. But it’s looking like passwords are here to stay.

A Case of Password Spraying

May 31, 2019 8:00:00 AM By Stu Sjouwerman

Citrix last month confirmed the FBI’s suspicions that hackers had used a technique known as “password spraying” to compromise the company’s networks before stealing a massive amount of ...

How Your Users Can Fall Victim To Credential Stuffing Attacks

May 3, 2019 6:40:20 AM By Stu Sjouwerman

Credential stuffing attacks are extremely easy to carry out and offer a massive return on investment, according to a new report by researchers at Recorded Future. These attacks utilize ...

Kevin Mitnick Demos Password Hack: No Link Click or Attachments Necessary

Mar 25, 2019 10:28:22 AM By Stu Sjouwerman

In this shocking demonstration Kevin Mitnick, KnowBe4's Chief Hacking Officer, shows how hackers can steal a user’s password hash without the user having to click a hyperlink or open an ...

Security Awareness Training Blog

View Topics