A quick Saturday digest of cybersecurity news articles from other sources.
How an 8-Character Password Could be Cracked in Just a Few Minutes
Advances in graphics processing technology and AI have slashed the time needed to crack a password using brute force techniques, says Hive Systems.
Google’s Huge Inactive Account Deletion – What You Need to Know
Google announced an update to their inactive account policies in May. Accounts that have been inactive for a period of two years or more will start being deleted in December 2023, at the earliest.
This policy change is meant to enhance security, as abandoned accounts are more likely to be compromised and 10x less likely to have multi-factor authentication enabled. The policy applies to content within Google Workspace (Gmail, Docs, Drive, Meet, Calendar) and Google Photos.
A few ways to keep an account status active include reading or sending an email, using Google Drive, watching a YouTube video, downloading an app on the Google Play Store, using Google Search and more. Google’s announcement post gives more details around affected accounts, backup instructions and more.
While account deletion isn’t set to begin for several months, notification emails have started going out to account owners. We haven’t seen them yet, but this is prime fodder for phishing attacks that impersonate Google. It’s only a matter of time before cybercriminals use this news to scam people into going to malicious websites, where their Google account credentials can be harvested.
You should warn your users now to keep them aware of potential attacks. Any urgent account alert emails should be scrutinized closely. Instead of clicking a link in an email, it’s best to go directly to Google accounts that could be affected by this policy change.
New-school security awareness training enables your users to make smarter security decisions so they can avoid falling for social engineering attacks.
Blog post with links:
https://blog.knowbe4.com/google-inactive-account-deletion-notifications
Research Eyes Misconfiguration Issues At Google, Amazon and Microsoft Cloud
Qualys report looks at how misconfiguration issues on cloud service providers help attackers gain access.
Cloud misconfiguration — incorrect control settings applied to both hardware and software elements in the cloud — are threat vectors that amplify the risk of data breaches. A new report from cloud security vendor Qualys, authored by Travis Smith, vice president of the company’s Threat Research Unit lifts the lid on risk factors for three major cloud service providers.
ChatGPT Security Concerns: Credentials on the Dark Web and More
ChatGPT-related security risks also include writing malicious code and amplifying disinformation. Read about WormGPT.
As artificial intelligence technology such as ChatGPT continues to improve, so does its potential for misuse by cybercriminals. According to BlackBerry Global Research, 74% of IT decision-makers surveyed acknowledged ChatGPT’s potential threat to cybersecurity. 51% of the respondents believe there will be a successful cyberattack credited to ChatGPT in 2023.
Here’s a rundown of some of the most significant ChatGPT-related cybersecurity reported issues and risks. More…
Voyager 2 phones home and says everything is cool
After sending the command, NASA had to wait 37 hours for a response.
NASA lost contact with its Voyager 2 spacecraft—the second-most distant object ever built by humans and flung into space—nearly two weeks ago due to an errant command sent to the probe. This caused Voyager to point its antenna slightly away from Earth.
At the time, the space agency said it wasn’t panicking. The mission’s scientists believed they had several options to restore communications with the half-century-old probe. And so they did.
Share
AUG
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com