A quick Saturday digest of cybersecurity news articles from other sources.
It’s time to speed up your business network
A friend of mine recently wrote about the “joys” of having slow Internet in Grand Bahamas. Of course, he was there on vacation; for me, vacation is just a word in the dictionary. I’m the kind of person who used to send in stories using a 300-baud acoustic modem on a payphone. Now, that was slow!
But, for work today we need the fastest possible internet to our home offices and workplaces. That’s because now more than ever, whether we’re working from home, the office, or a combination of the two, we need fast with a capital “F” Internet. More…
The 4 Major Tactics: How Hackers Steal Your Passwords and How To Defend Yourself
By Roger A. Grimes
Despite the world’s best efforts to get everyone off passwords and onto something else (e.g., MFA, password-less authentication, biometrics, zero trust, etc.) for decades, passwords have pervasively persisted.
Today, nearly everyone has multiple forms of MFA for different apps and websites AND many, many passwords. The average person has somewhere between three to seven unique passwords that they share among over 170 websites and services. Here are some related statistics:
The average person has 19 passwords – but 1 in 3 don’t make them strong enough – Naked Security
The average employee manages nearly 200 passwords – Dark Reading
Password security habits survey results – Digital Guardian
Average number of passwords per person – Answers.com
The average business user has 191 passwords – Security Magazine
And, unfortunately, those passwords often get stolen or guessed. This is why I recommend the following password policy guide. [Infographic at blog]
Most computer security experts agree with these policy recommendations, but more than a few readers might be shaking their heads, especially at the recommendations to use 20+ character passwords/passphrases. Why in the world would anyone need a 20+ character password to protect against password hacking attacks?
Major Categories of Password Attacks
In general, password attacks fall into four different major categories:
- Password theft
- Password guessing
- Password hash theft and cracking
- Unauthorized password resetting or bypass
CONTINUED on the KnowBe4 blog with links, examples and screenshots: https://blog.knowbe4.com/how-hackers-get-your-passwords-and-how-to-defend
CISA Updates Its Advisory on Russian Wiper Malware
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) just updated its alert on the wiper malware Russia has deployed during its hybrid war. “This advisory has been updated to include additional Indicators of Compromise (IOCs) for WhisperGate and technical details for HermeticWiper, IsaacWiper, HermeticWizard, and CaddyWiper destructive malware, all of which have been deployed against Ukraine since January 2022. Additional IOCs associated with WhisperGate are in the Appendix.
Link to CISA: https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
Russia is getting a taste of their own medicine
As an aside, the Washington Post has a good article showing Russia is finally getting a taste of their own medicine: “Hacking Russia was off-limits. The Ukraine war made it a free-for-all.” Putin is unable to stop the cyberattacks, and is actually the one causing it to happen:
https://www.washingtonpost.com/technology/2022/05/01/russia-cyber-attacks-hacking/
Privacy in the Digital Age: What’s at Stake and How to Protect Yourself
Check out this useful article on one of the most important topics of our time.
Share
MAY
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com