Creating and remembering strong (long) passwords is a chore, and leads to poor security practices such as shorter passwords, reuse of passwords, and writing down passwords in a password list or book that could be stolen. The best way to create strong passwords and store them for use is a password manager.
The easiest password managers are found in popular web browsers such as Chrome, Firefox, and Edge. Safari uses the Apple ...
Continue Reading →
A quick Saturday digest of cybersecurity news articles from other sources.Original release date: October 4, 2019
The Microsoft Threat Intelligence Center (MSTIC) has released a blog post describing an increase in malicious cyber activity from the Iranian group known as Phosphorus. These threat actors are exploiting password reset or account recovery features to take control of targeted email accounts.
In a ...
Continue Reading →
The password represents one of the weakest links in the cybersecurity chain, and is frequently one of the opening points of an attack. Passwords can be collected in cleartext through phishing exploits such as an email link that directs you to a fake login page, or social engineering ploys such as bogus calls from “IT” or “tech support,” or keylogging software that captures the entire user name/password/web address triad. Passwords ...
You might have heard that the founder of Twitter, Jack Dorsey, recently had his Twitter account hijacked. You are probably wondering how a tech-savvy founder of a technology company could possibly lose control of his account at his own company. Personally, I can’t think of anything more embarrassing. It turns out the culprit was his phone. Specifically, the SMS texts ...
Is your company moving operations to the cloud? What about the cybersecurity aspects of protecting your data assets in the cloud? Are you relying on your partner/vendor to take care of securing your information? In light of the Paige Thompson indictment, it is apparent that relying too heavily on your vendor’s expertise and staff can open ...
Is your home Wi-Fi router a gateway to invasion by cyber-criminals? According to recent findings by Consumer Reports, it very well could be. They tested 29 popular home routers, and were only able to recommend 6 basic Wi-Fi routers, and 3 more expensive Wi-Fi mesh routers. Mesh routers allow you to install several Wi-Fi ...
Phishing for login credentials may still be the way most network breaches happen, but insecure use of remote desktop protocol is another favorite vulnerability used by attackers to enter a network.. Sophos Naked Security reported their findings on the use of RDP or the Remote Desktop Protocol as a launch vector for accessing and ...
I love hash, especially corned beef hash, with a little salt. Maybe a couple of poached or over-easy eggs perched on top. Wait! This is not a foodie blog! That’s not what I am writing about today. As it turns out, using a hash plus a salt is a great recipe for keeping passwords secure on a web server or an authentication database.
If your password has been extracted from a ...
Continue Reading →I have been saying for some time now that passwords by themselves are no longer an effective form of security. Too easy to hack, too easy to crack. Currently my go to recommendation is any form of two-factor authentication. Something like the Google Authenticator App or Yubikey are good choices for your second authentication factor.
On the horizon there are other authentication options that may replace passwords entirely. Here are a ...
Continue Reading →
If you bought a security camera, webcam, baby monitor, smart doorbell, digital video recorder or other IoT device manufactured in China, there is bad news. Security flaws have been discovered that can easily allow an attacker remote access, remote control, and password discovery on affected systems. These devices can also be hijacked to use in a variety exploits including eavesdropping ...