Multifactor Authentication Versus Credential Stuffing?

You shouldn’t assume multi-factor authentication will protect your accounts from credential stuffing attacks, according to Gerhard Giese at Akamai. Credential stuffing is a type of ...
Continue Reading

Remote Work Isn’t Good for Corporate Security (Part 2): 30% of Organizations Have Been the Victim of Phishing Scams Since the Lockdown

Lots of new data is now just coming out of the woodwork demonstrating some of the harsh realities of having employees work from home without proper security in place.
Continue Reading

It's World Password Day 2020 - Is Your Organization Safe?

Today is World Password Day, a holiday created by Intel on the first Thursday of May to ensure everyone knows password best practices. “P@ssW0rd” has never been a safe password to use to ...
Continue Reading

What is the Right Password Policy?

What is the right password policy? Conventional password policies say you must have a password at least 8-12 characters long…16 characters or longer if it belongs to an elevated ...
Continue Reading

Q&A With Data-Driven Evangelist Roger Grimes on the Great Password Debate

I get asked a lot about password policy during my travels around the globe giving presentations and from people who email after webinars. Many of the questions are the same and I’ve ...
Continue Reading

Anti-Virus, Identity Protection Phishbait

A phishing campaign is using fake NortonLifelock documents to trick victims into installing a remote access tool, according to researchers at Palo Alto Networks’ Unit 42. The documents ...
Continue Reading

Most Organizations Stick to Legacy Password Security Practices Despite Experiencing Cyberattacks

In a surprising twist, new data sheds light on the lack of proper security around passwords and authentication by IT at a time when cyberattacks are all but an absolute given.
Continue Reading

U.K. Report: "We’re Doomed-Passwords Aren’t Strong or Secure"

A recent survey of over 2,000 U.K. broadband users shows that individuals don’t use good password hygiene or secure storage to protect themselves against future cyberattacks.
Continue Reading

New Office 365 Phishing Attack Targets OAuth Apps Instead of Credentials

Trying to steal your username and password is so “yesterday.” The 2020 Hacker is now leveraging Office 365 OAuth APIs to gain control over user mailboxes with phishing tactics.
Continue Reading

Dancing with Hackers

Dancing with the Stars pro Witney Carson announced on Twitter that her Facebook account had been hacked. Unknown miscreants gained control of Carson’s Facebook through a unique phishing ...
Continue Reading

Take the Free Weak Password Test and Enter to Win a Stormtrooper Helmet!

Are your users' passwords…P@ssw0rd? Verizon's Data Breach Report showed that 81% of hacking-related phishing attacks used either stolen and/or weak passwords. Employees are the weakest ...
Continue Reading

Have Your Users Been Exposed in the 8.5 Billion Breached Records This Year?

Data breaches are getting bigger, the bad guys are getting more cunning, and the amount of compromised data is unfortunately continuing to rise. According to RiskBased Security, breach ...
Continue Reading

63% of Workers Reuse Passwords For Multiple Work Devices and Applications

According to Enterprise Strategy Group, 63% of workers have reported using the same password for multiple work devices and/or applications. This just one statistic from ESG's upcoming ...
Continue Reading

You Have Not Suffered A Data Breach But How Do You Prevent Credential-Stuffing Attacks?

Frequent data breaches and the widespread availability of automated tools to take advantage of the compromised information have greatly increased the efficiency of credential stuffing ...
Continue Reading

Malicious Actors the World Over Endorse This One Security Practice

If you're working the trenches in your organization's IT department, then one of your more consistently annoying headaches involves passwords. Users and their passwords are the ongoing ...
Continue Reading

[Heads-Up] Scam Of The Week: Thousands Of Hacked Disney+ Accounts Are Already For Sale On Criminal Sites

Apart from me, guess who has been anticipating the Disney+ channel?
Continue Reading

Don’t Fall Victim to Breach Fatigue

People shouldn’t let news of data breaches dissuade them from trying to protect their information, according to security researcher Ray [REDACTED]. On the CyberWire’s Hacking Human ...
Continue Reading

What Footballers Wives Can Teach Us About Cybersecurity

Professional football (soccer for my American friends) is big around the world. The English Premier League is among the top in the world, attracting some of the best players, generating ...
Continue Reading

More Than 2.2 Billion Stolen Account Credentials Have Been Made Available on the Dark Web

2019 is looking to be the year of the “data dump”, with more exposed records than any other year, empowering further credential stuffing attacks, according to McAfee.
Continue Reading

18 Months, 61 Billion Credential-Stuffing Attacks

Akamai observed 61 billion credential stuffing attacks between January 2018 and June 2019, according to Computer Business Review. In a new report on Internet security, Akamai researchers ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews