How Do You Resolve the Issue of Password Apathy?
Despite many advances in technology, one issue is undermining efforts to keep networks and accounts secure – password apathy. This is not a new issue, but one that has existed since the earliest shared computers in the 1960s. Yet, in more than sixty years, nobody has found a way to resolve the issue of password apathy. The earliest recorded example of password apathy appears in a UK TV program from the 1980s. In the program, a Prestel...
Conti Ransomware Groups Using Callback Phishing to Gain Access to Victims’ Networks
Three groups that split from the Conti ransomware operation are primarily gaining access to victims’ networks using callback phishing tactics, according to cybersecurity firm AdvIntel. Callback phishing involves making initial contact with targeted employees in an organization via email. They are advised about a pressing issue that needs to be resolved by telephone. The phone line is manned by the threat actor and social engineering...
Ransomware Gangs are Weaponizing Their Stolen Data and Making BEC Attacks Easier
Business email compromise (BEC) attacks have been increasing. According to the Federal Bureau of Investigation (FBI), BEC attacks are the costliest type of cybercrime and resulted in $43 billion in losses between June 2016 and December 2021. In 2021 alone, 19,954 complaints were received by the FBI’s Internet Crime Complaint Center (IC3) and almost $2.4 billion was lost to the scams. Abnormal Security reports an 84% annual...
Ransomware Attack on CISCO Used an Employee’s Compromised Personal Google Account
CISCO has confirmed that the initial access to its network in an attempted May 2022 ransomware attack was a compromised employee’s personal Google account. The account contained credentials that had been synched from their browser. The attack involved multiple voice phishing calls where the attacker impersonated trusted support organizations, and used the MFA fatigue tactic, where multiple push notifications are sent in the hope that...
Microsoft Patches 121 Vulnerabilities Including an Actively Exploited 0-Day Bug
Microsoft released updates to fix 121 CVEs on August 2022 Patch Tuesday, including two zero-day flaws, one of which is being actively exploited in the wild. The actively exploited zero-day flaw has been dubbed DogWalk and is a vulnerability in the Windows Support Diagnostic Tool (MSDT). If exploited, an attacker could remotely execute arbitrary code on vulnerable systems. The flaw is tracked as CVE-2022-34713 and an exploit for the...
Sophisticated Twilio Smishing Attack Sees Accounts and Customer Data Compromised
The digital communication platform provider Twilio has confirmed that multiple employees have been tricked into disclosing their account credentials in a smishing attack. Smishing is the use of SMS messages for conducting a phishing attack to steal employee credentials. Those credentials can be used to access employee accounts and any sensitive data accessible through those accounts. Twilio provides programmable communication tools...
NHS 111 Services Disrupted by Cyberattack on Managed Service Provider
The National Health Service (NHS) in the United Kingdom is currently dealing with a cyberattack on one of its managed service providers, Advanced. Birmingham-based Advanced helps operate NHS 111 services. NHS 111 is a web and telephone service where patients can get quick health and mental health information on non-urgent medical matters. Advanced detected the cyberattack on Thursday, August 4, 2022, and has confirmed it has affected...
Is FIDO Authentication as Effective as It Claims to Be?
FIDO authentication protocols can be used as an alternative to passwords, and – in theory – they provide a fast and secure method for users to access online services requiring login credentials. However, FIDO authentication is not a magic bullet to defeat cybercrime and there are many considerations to take into account before paying over the top for FIDO-compatible solutions. The Fast Identity Online (FIDO) Alliance was established...
97% of Top Universities Failing to Adequately Protect Against Email Impersonation Attacks
Domain spoofing is a common tactic used by phishers to trick victims into believing they have received an official email from a trusted business or contact. Technologies have been developed to detect domain spoofing and protect individuals from email impersonation attacks, yet many organizations have not implemented email validation protocols that can detect spoofing, and as such, their employees and other stakeholders are subjected...
87% of Ransomware Uses Malicious Macros to Infect Devices
Microsoft recently rolled out a new security feature that would block macros by default. There was a hiccup in that process, as Microsoft had to do a temporary U-turn, in response to negative feedback from users. Microsoft has now taken the feedback on board and has improved usability, and the new security feature has now been rolled out again. An investigation by the cybersecurity firm Venafi and the criminal intelligence provider,...
Network of 11,000 Websites Used in Industrial Scale Fake Investment Scam
A network of more than 11,000 websites being used for industrial-scale investment fraud has been uncovered by security researchers at Group IB. The scammers use advertisements on social media networks such as Facebook and YouTube, which direct users to websites offering fake investment schemes. The posts, adverts, and websites often appear to have been endorsed by well-known local celebrities, and the websites themselves are well...
Why More Companies are Enforcing Mandatory 2FA
Although the option to better protect accounts with Two-Factor Authentication (2FA) has been widely available for more than a decade, the low uptake on this security measure has prompted a growing number of companies to enforce mandatory 2FA. Two-Factor Authentication (also known as Two-Step Login and Two-Step Verification) is a method used by online services to verify a user´s identity. In most circumstances, the first authentication...
Password Management Best Practices
Passwordless authentication is growing in popularity and is considered the future of authentication, but for the time being, passwords are here to stay. While passwords can provide a high degree of protection, passwords can be guessed given sufficient time and computing power. The latest GPUs make short work of guessing even complex passwords, with one study by Hive Systems determining that even an 8-character password that contains a...
Data Breach Costs Reach Record High of $4.35 Million; $9.4m in the US
The average cost of a data breach in 2022 has risen to $4.35 million and $9.4 million in the United States, according to the 2022 Cost of a Data Breach Report from IBM. For the past 17 years, IBM has been releasing annual reports that track the average cost of data breaches. 2022 has set new records for breach costs, with the average global cost of a data breach 2.6% higher than in 2021, and almost 13% higher than in 2020. This year’s...
LinkedIn Remains the Most Impersonated Brand in Phishing Attacks
The Q2, 2022 Brand Phishing Report from cybersecurity firm Check Point shows LinkedIn is still the most impersonated brand in phishing attempts, having first entered into the Top 10 Most Impersonated Brands list in Q1, 2022. There has also been a surge in phishing attempts impersonating Microsoft, which have more than doubled from the previous quarter. The increase has seen Microsoft catapulted into position 2 in the list, accounting...
Amadey Bot Malware Distributed via SmokeLoader using Software Cracking Software
A malware distribution campaign has been detected by researchers at AhnLab that ultimately delivers Amadey Bot malware. Amadey Bot malware can steal information from infected systems, perform reconnaissance, and drop additional malware payloads on infected devices. Amadey Bot malware is a relatively old malware, first identified four years ago. The latest campaign delivers a new version of the malware via SmokeLoader malware....
42% Of Americans Use the Same Password for Multiple Accounts
A recent survey conducted on 2,000 Americans by OnePoll on behalf of AT&T has provided insights into the level of cybersecurity knowledge of Americans and the cybersecurity risks many people take when using the Internet. According to the survey, 70% of respondents said they felt they were knowledgeable about cybersecurity and understand how hackers gain access to sensitive information on devices, but in many cases that knowledge...
Flaws in Vehicle GPS Tracker Could be Exploited Remotely to Track and Disable Vehicles
A popular GPS tracking device – MiCODUS MV720 GPS tracker – that is installed in vehicles to protect against theft and for vehicle fleet management has been found to contain six severe vulnerabilities that could be remotely exploited by threat actors to gain control of the device. The MiCODUS MV720 GPS tracker is hardwired into vehicles and allows vehicles to be tracked for fleet management, and also incorporates several...
ICS Systems Infected with Sality Malware via Password Recovery Tool
A threat actor is gaining access to industrial control systems (ICS) using a Trojan horse password recovery tool that claims to recover passwords for programmable logic controllers (PLC) and Human-Machine Interfaces (HMIs). The malware distribution campaign was identified by security researchers at Dragos, who identified infected Automation Direct DirectLogic PLCs. PLC password cracking tools are being advertised on social media...
North Korean Hackers Behind HolyGhost Ransomware Attacks on SMBs
A ransomware family called HolyGhost that is being used in attacks on SMBs has been linked to a suspected North Korean state-sponsored hacking group by researchers at Microsoft. The ransomware was first detected in September 2021 and has been predominantly used to attack small and mid-sized businesses, including schools, banks, manufacturers, and event and meeting planning companies. Microsoft has tracked the attacks to a threat group...
Security Vendors Impersonated in Callback Phishing Campaign
The cybersecurity vendor CrowdStrike has issued a warning about a callback phishing campaign that attempts to trick employees at businesses into visiting a malicious website. Initial contact is made via email, which instructs recipients to make a phone call as part of a security audit. According to one of the emails obtained by researchers at Crowdstrike, contact is made due to an alleged data breach at the cybersecurity firm. The...
Massive Phishing Campaign Bypasses MFA to Gain Access to Office 365 Accounts for BEC Attacks
This week, Microsoft shared details of a massive phishing campaign that has targeted more than 10,000 organizations since September 2021. The campaign targets organizations that use Office 365 and allows the attackers to hijack accounts, even if they have multi-factor authentication (MFA) enabled. The compromised accounts are then used to conduct business email compromise attacks on external companies to get them to make fraudulent...
Microsoft Rollback of VBA Macro Blocking is Only a Temporary Measure
Last week, Windows users started noticing that Microsoft had stopped blocking Internet-delivered VBA macros by default without making an announcement. Microsoft has now confirmed that the rollback is only a temporary measure. Back in February, Microsoft announced that it would be taking steps to improve security by blocking Visual Basic for Applications (VBA) macros by default in certain Office apps. The security measure would apply...
Study Highlights the Importance of Password Complexity
Poor security practices are commonly exploited by threat actors, and one of those practices that stands out is the exploitation of weak credentials. A password is often all that stands between a cyber threat actor and sensitive business data. If that password is chosen poorly, or heaven forbid is a default password that has not been changed, a hacker’s life is made so much easier. With the processing power of modern GPUs, weak...
Threat Groups Observed Substituting Cobalt Strike for Stealthier Post-Exploitation Framework
Cyber threat actors are frequently observed deploying a legitimate penetration testing and post-exploitation framework known as Cobalt Strike on victims’ systems. Cobalt Strike is used by pen testers and cybersecurity red teams in simulated attacks on a company to probe for and exploit vulnerabilities. Cobalt Strike is used to deploy beacons on compromised parts of the network, which can be used for surveillance and running commands....
U.S. Healthcare Sector Warned About Maui Ransomware Attacks by North Korean Hackers
North Korean state-sponsored hackers are targeting organizations in the U.S. healthcare and public health sector (HPH) and are using Maui ransomware for extortion, according to a recent joint cybersecurity advisory from the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of the Treasury. Ransomware attacks on healthcare providers can prevent access to electronic...
PFC USA Data Breaches Affects Almost 660 Healthcare Provider Clients
Professional Finance Company Inc., (PFC) one of the largest accounts receivable management agencies in the United States, has announced that it was the victim of a ransomware attack in February 2022. While the intrusion was detected promptly and was blocked on February 26, 2022, the forensic investigation confirmed that the attackers accessed files on its network, which included the personal information of individuals that had been...
Hacker Claims Records of 1 Billion Chinese Nationals Stolen from Shanghai National Police
A hacker operating under the name ChinaDan claims to have stolen over 23 terabytes of data from Shanghai National Police (SHGA) databases. The dataset includes personal information on more than 1 billion Chinese nationals and several billion case records. The dataset, which spans several individual databases, is being offered for sale on hacking forums for 10 bitcoins – approximately $197,000. The data includes personal information...
New IIS Backdoor Identified in Microsoft Exchange Servers
Security researchers at Kaspersky have sounded the alarm about a new malware threat that is being used to gain persistent, stealthy access to corporate Microsoft Exchange servers. The malware allows the threat actor to steal email data and gain full control of the victims’ infrastructure. Currently, detection rates by antivirus software engines are poor. Despite the malware having been in use for several months, many of the infections...
New AstroLocker Ransomware Variant Detected Being Distributed Directly Through Email Attachments
A new version of AstroLocker ransomware has been detected which is being delivered directly via email attachments. Astrolocker is a relatively new ransomware threat that is based on Babuk ransomware, the source code for which was leaked in September last year. In contrast to most malspam campaigns, which use VBA macros for downloading the first-stage payload, this campaign uses a Word Document attachment with an embedded OLE object –...
Three Quarters of the Most Popular Websites Allow Bad Passwords to be Set
If you ever need to create an account online you will need to set a password to prevent unauthorized access. While passwords can prevent the account from being accessed by unauthorized individuals if weak passwords are set they would not provide much protection. In some cases, a weak password could be guessed by a human in a few seconds. The tools used by hackers to brute force passwords could guess passwords in a fraction of a...
FBI Warns Employers About Use of Deepfakes to Land Remote Working Positions
The Federal Bureau of Investigation has issued a warning to businesses due to an increasing number of complaints received by its Internet Crime Complaint Center (IC3) about the use of deepfakes in applications for remote working and work-from-home positions. Deepfakes of images, video, and audio files can be very convincing and difficult to distinguish from genuine content. Deepfakes are often created using AI/machine learning...
How to Reduce Password Security Risks
Passwords are used to prevent unauthorized access to accounts and data. While passwords can be effective, there are password security risks that need to be reduced to a low and acceptable level, otherwise, accounts and sensitive data could be extremely vulnerable to cyberattacks. Password Security Risks If everyone set a strong, unique, and suitably long password for every account, passwords would provide a good level of protection;...
Why Don’t People Use Password Managers?
With so many passwords to create and remember, keeping track of those passwords can become a problem. Best practices for creating passwords include setting a unique password for every account and ensuring the password is strong and difficult to guess. Complex passwords are difficult to remember so users often reuse the same password for multiple accounts, change each password only slightly, or write them down on a Post-It note, in a...
Police in Europe Dismantle Multi-Million-Euro Phishing Operation
An organized criminal gang that was operating a multi-million-Euro phishing operation has been dismantled by police forces in Belgium and the Netherlands, according to Europol. The operation involved raids at 24 addresses in the Netherlands on June 21, and police arrested 9 individuals suspected of involvement in the operation. They also seized cash, cryptocurrency, jewelry, firearms, and ammunition. Europol assisted in the operation...
Cybersecurity Agencies Recommend Using PowerShell to Improve Forensics and Incident Response
Windows PowerShell is a useful and powerful scripting language and configuration management tool that can be used by Windows and system administrators for creating scripts to automate tasks. PowerShell is also extremely useful to cyber threat actors, who often abuse PowerShell after gaining access to victims’ networks. By using PowerShell, they don’t have to download their own toolsets and can hide their malicious activity. The...
Following Regulatory Recommendations for Passwords Does Not Necessarily Improve Password Security
If you religiously follow regulatory standards for passwords you may think you have a good password policy, but it doesn’t mean that weak passwords are not being set by your employees. A recent study by Specops confirmed that simply following regulatory recommendations for setting passwords is not, by itself, enough. For the study, the researchers conducted an analysis of more than 800 million passwords that are known to have been...
SharePoint and OneDrive Files Could be Vulnerable to Ransomware Attacks
A potential vulnerability has been identified in Office 365 and Microsoft 365 that could be exploited by ransomware gangs to encrypt files stored on SharePoint and OneDrive, rendering the files unrecoverable without paying the ransom if the files have not been separately backed up. According to Proofpoint, which recently published a report on the issue, the issue relates to the auto-save feature that saves SharePoint and OneDrive...
Microsoft Issues Out-of-Band Update to Fix Patch Tuesday-Related Issue on Arm Devices
Microsoft has issued an out-of-band update to fix an issue with Windows devices with Arm chips that was caused when users applied their June 2022 Patch Tuesday updates. The issue caused problems signing into Azure Active Directory and Microsoft 365 on Arm devices, and also affected applications and services that use Azure Active Directory for signing in, such as Microsoft Outlook, OneDrive for Business, and Microsoft Teams Microsoft...
Exposed Elasticsearch Instance Exposed the Data of Millions of BeanVPN Users
18.5GB of connection logs of individuals who use the free Virtual Private Network (VPN) service provided by BeanVPN have been exposed over the Internet. The logs contained more than 25 million records and included IP addresses, time stamps, Play Service IDs, and other sensitive data. VPNs are used by many people to hide their identities online; however, the exposed data could be used to de-anonymize users and could be used in a wide...
Thousands Arrested in Interpol-Led Operation Targeting Social Engineering Scammers
An international law enforcement operation led by Interpol that involved police forces in 76 countries has seen more than $50 million seized and thousands of people have been arrested in connection with social engineering scams such as telecommunication fraud, business email compromise scams, and the money laundering activities in relation to those operations. The operation – called First Light 2022 – ran for two months between...
Guidance on HIPAA and Telehealth for When the COVID-19 Public Health Emergency Ends
The U.S. Department of Health and Human Services has issued guidance on HIPAA and Telehealth to help healthcare organizations ensure compliance when the COVID-19 Public Health Emergency (PHE) comes to an end. The Health Insurance Portability and Accountability Act (HIPAA) does not prevent healthcare organizations from providing telehealth services, although it does place certain restrictions on the technologies that can be used, and...
Emotet Malware Infections Increased by 2,700% from Q4, 2021 to Q1, 2022
Security researchers have identified new variants of Emotet malware that are capable of collecting and using stolen credentials, which are then weaponized and used to distribute the malware, and security solutions are failing to block the malware. Emotet is widely regarded as the most dangerous malware threat. While action was taken by a coalition of law enforcement agencies, which shut down the infrastructure of Emotet in January...
Researchers Uncover Massive Facebook and Messenger Phishing Campaign
Security researchers at the cybersecurity firm PIXM have identified a massive phishing campaign being conducted through Facebook and Messenger, which has driven millions of individuals to web pages hosting phishing forms and online adverts. According to PIXM, in just 4 months, a threat actor was able to steal more than 1 million credentials and generated significant revenue from online advertising commissions. The account credentials...
Medical Data of 2 Million Individuals Stolen in Shields Health Care Group Cyberattack
The personal and healthcare data of up to 2 million patients has been compromised in a hacking incident at Shields Health Care Group. Shields Health Care Group provides MRI, PET/CT, ASC, radiation oncology and medical imaging services on behalf of healthcare providers, and operates more than 40 facilities in Massachusetts, Maine, and New Hampshire. At present, the exact nature of the cyberattack has not been made public, but Shields...
Local Governments Targeted in Phishing Campaign Exploiting Windows Follina Vulnerability
The critical Windows ‘Follina’ zero-day vulnerability is being exploited in phishing attacks on local governments in the United States and government entities throughout Europe, according to Proofpoint. The phishing campaign uses Rich Text File (RTF) attachments, which will exploit the Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution bug – CVE-2022-30190 – if opened. Exploitation of the vulnerability does not...
Feds Announce Seizure of Domains Used for Selling Stolen Credentials and Conducting DDoS Attacks
The Department of Justice (DOJ) and the Federal Bureau of Investigation (FBI) have announced they have seized the domain weleakinfo.to, along with two related domains – ipstress.in and ovh-booter.com – that were being used to sell access to stolen personal information and for conducting distributed denial of service (DDoS) attacks on victim networks. The domain seizures came following an international law enforcement...
Zero-day Atlassian Confluence Vulnerability Being Actively Exploited by Multiple Threat Actors
A critical Atlassian Confluence zero-day vulnerability is being actively exploited by multiple threat actors. At present, there is no patch available to fix the flaw. The vulnerability is tracked as CVE-2022-26134 and is a remote code execution vulnerability that affects all versions of Confluence Server and Data Center. The vulnerability does not affect Atlassian Cloud. Atlassian said it is aware that the vulnerability is being...
Is Box HIPAA Compliant?
Is the cloud storage service Box HIPAA compliant? Box is a cloud data storage and management service that allows users to access data from different devices. However, before it can be utilized in a healthcare setting to manage and store protected health information (PHI), Covered Entities must ensure Box is HIPAA compliant. There are a number of features of Box that make it attractive for users. Once information is uploaded to its...
3.6 Million MySQL Servers are Exposed to the Internet and Responding to Queries
The cybersecurity research group, The Shadowserver Foundation, has identified 3.6 million MySQL servers that are using the default TCP port 3306 and are exposed to the Internet. Almost 2.3 million of those MySQL servers responded to queries on IPv4, and over 1.3 million responded to queries over IPv6. 67% of all MySQL servers were discovered to be accessible over the Internet. The researchers did not investigate the level of access...
Zero-Day Vulnerability Affecting Microsoft Office Being Actively Exploited
A zero-day remote code execution vulnerability has been identified in the Microsoft Windows Support Diagnostic Tool (MSDT) which is being actively exploited in the wild. The vulnerability affects all versions of Microsoft Office from 2003 and has been dubbed Follina. The vulnerability can be exploited by sending a specially crafted Word document, which will exploit the flaw if the document is opened. The vulnerability works without...
Dashlane versus Zoho Vault
Our Dashlane versus Zoho Vault comparison demonstrates that you don´t have to pay vast sums of money to be secure online. Indeed, as Dashlane customers have recently found out, you can pay vast sums of money and still be vulnerable to online threats. In November 2020, Dashlane announced a “web-first” strategy that would provide customers with a “streamlined and more secure experience”. As part of the strategy, the desktop apps for...
General Motors Customers Targeted in Credential Stuffing Attack
General Motors has announced that certain customer accounts have been accessed by unauthorized individuals. Between April 11 and April 29, 2022, suspicious logins were detected in customer accounts. The investigation revealed unauthorized individuals accessed certain customer accounts and redeemed their reward points for gift vouchers. The compromised accounts contained information such as names, addresses, dates of birth, personal...
Dashlane versus LogMeOnce
Our Dashlane versus LogMeOnce comparison demonstrates why ease of use is an important consideration when evaluating password managers; for although LogMeOnce represents excellent value when compared to Dashlane, it has a steep learning curve which you need to navigate fully to ensure there are no gaps in password security. When you evaluate a technology solution, it is most often the case you balance the capabilities of the solution...
Ransomware Attacks Increased 13% in a Year
The 2022 Verizon Data Breach Investigations Report has been published, which shows the extent to which ransomware is being used in cyberattacks on businesses. Ransomware has proven to be a highly successful tool for monetizing system compromises. Threat actors gain initial access to the network, exfiltrate data, then encrypt files. Payment is demanded to prevent the sale or exposure of sensitive data and for the keys to decrypt files....
Dashlane versus Password Boss
Our Dashlane versus Password Boss comparison comes with the caveat that Password Boss may soon be leaving the individual and business market to focus solely on Managed Service Providers. Furthermore, since Password Boss relaunched its website earlier this month, the pricing page has disappeared, and it is no longer possible to see what features are included with each plan. Due to the frequency with which vendors update products, add...
CISA Adds 41 Vulnerabilities to the Known Exploited Vulnerability Catalog
On May 23 and May 24, 2022, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a further 41 vulnerabilities to its Known Exploited Vulnerability Catalog, which brings the known exploited vulnerabilities included in the list up to 703. The latest additions to the list are based on evidence collected that indicates the vulnerabilities are being actively exploited by threat actors in the wild. When new vulnerabilities...
What is Password Spraying?
What is password spraying? Password spraying is a commonly used brute force method for gaining access to accounts. Here we explain what it is and how to thwart it. What is a Brute Force Attack? A brute force attack is a trial-and-error method of gaining access to an account when the password for the account is not known. In an attack, many different passwords are tried for a specific account in the hope of guessing the correct...
Dashlane versus RoboForm
Our comparison of Dashlane versus RoboForm looks at why this once-popular password manager is falling out of favor, and whether Dashlane customers should consider RoboForm a suitable alternative. To say the Dashlane password manager is falling out of favor is probably an understatement. In the last couple of years, concerns have been raised about the security of Dashlane apps, plans have been discontinued at short notice, and the...
Dashlane versus NordPass
Our Dashlane versus NordPass comparison explains why Dashlane customers may be looking to switch password manager providers, but also raises questions about whether NordPass is a suitable alternative. Dashlane is having a bit of a rough time at the minute. Although retiring their Desktop apps in favor of a “web-first strategy” was meant to provide customers with a “streamlined and more secure experience”, the transition from Desktop...
Conti Ransomware Operation Shuts Down and Restructures
The prolific Conti ransomware-as-a-service operation appears to have shut down. According to Advanced Intel, the internal infrastructure of the gang has been shut down, including the Tor admin panels that are used to negotiate with victims and to publish data on the leak site; however, the actual data leak and ransom negotiation sites remain online. The operation looks like it is splitting up and will operate as a collection of much...
Dashlane versus 1Password
Our comparison of Dashlane versus 1Password pits two of the most popular password managers against each other to establish whether either is the best option for individual users, family groups, and businesses when compared to other vault-based password managers. As individuals, families, and businesses become more aware of online threats, the market for online security products is growing rapidly. Password managers are among a number...
Dashlane versus Keeper
Our Dashlane versus Keeper comparison is aimed at customers of Dashlane who are dissatisfied with the recent “web-first” changes to the password manager and price increases. However, is Keeper the best alternative to Dashlane, or do other password managers offer a better experience and value for money? In November 2020, Dashlane announced it was discontinuing support for its Windows and Mac desktop apps to focus on a “web-first...
Common Password Attacks and How to Avoid Them
While passwordless authentication is becoming more popular, passwords remain the most common way of securing accounts and preventing unauthorized access. Passwords provide a degree of security, but there are several different password attacks that are effective at obtaining passwords to access the accounts they protect. In this post, we explain the most common password attacks, why they work, and how you can prevent them. Common...
46% of IT Leaders Store Passwords in Shared Documents and Spreadsheets
A recent survey of IT, security, and cybersecurity leaders found 46% store passwords in shared documents and spreadsheets, and 8% physically record passwords in notebooks or sticky notes, despite the security risks associated with doing so. The survey was conducted on 100 IT, security, and cybersecurity leaders by Pulse and Hitachi ID to explore their password management practices and the effect they have on security. According to...
Padloc versus LastPass
It is not common to find Padloc versus LastPass comparisons because, until the launch of V3 in 2019, Padlock had very few capabilities to compare against other password managers. However, since 2019 – when the password manager was also rebranded from Padlock to Padloc – it has attracted a significant amount of interest. Our Padloc versus LastPass comparison explains why. Prior to 2019, Padlock (as it was known at the time) was a...
Top Attack Vectors Used to Breach Corporate Networks
The Five Eyes cybersecurity agencies from the United States, United Kingdom, Canada, Australia, and New Zealand have issued a security alert sharing the top five techniques used by cyber threat actors to gain initial access to corporate networks. The agencies also list 10 weak security controls and poor security practices that are commonly exploited in cyberattacks and provide suggested mitigations for hardening security to prevent...
RememBear versus LastPass
Our comparison of RememBear versus LastPass focuses on the options available to personal password manager users because a) there are a lot of dissatisfied personal LastPass users and b) RememBear lacks the capabilities to be used as a family or business password manager. Most of our password manager reviews and comparisons focus on password managers with similar capabilities so that visitors can make informed decisions about which...
NordPass versus LastPass
Our comparison of NordPass versus LastPass shows there is very little between these two password managers in terms of capabilities or price. However, customers looking for their first password manager – or considering a switch from their current password manager – may find better value elsewhere. Since LastPass announced it was restricting the capabilities of its free password manager plan and introducing additional...
One Fifth of Businesses Almost Forced into Insolvency Due to a Cyberattack
Many businesses struggle to survive following a cyberattack and data breach. According to a recent report from the Anglo-Bermudan insurance provider, Hiscox, one-fifth of businesses that suffered a serious cyberattack in the past 12 months nearly went insolvent as a result – 24% more than last year. It can take years of hard work to build a business, only for a mistake by an employee or an unpatched vulnerability to undo all that hard...
RoboForm versus LastPass
If you are one of the thousands of people who have resisted the temptation to switch from the LastPass password manager to a securer alternative, our RoboForm versus LastPass comparison might convince to switch sooner rather than later. However, is RoboForm a suitable alternative for individuals, families, and businesses? According to a survey conducted by security.org in 2021, 21% of people who use password managers have a...
$150 Million Investment Plan Proposed for Improving Open-Source Security
At the Open Source Security Summit II in Washington D.C. last week, leaders of the open source community suggested a 2-year $150 million investment plan for improving open-source security in the U.S and upgrading cybersecurity resilience. More than 90 executives from over three dozen companies and government leaders were brought together by the Linux Foundation and the Open Source Software Security Foundation (OpenSSF) for the summit,...
LastPass versus Keeper
Both LastPass and Keeper password managers are trusted by millions of individuals and thousands of businesses worldwide; but, as our LastPass versus Keeper comparison shows, it is possible for both individuals and businesses to find better value alternatives elsewhere. LastPass (21%) and Keeper (10%) are the two most commonly-used password managers in the U.S. according to a survey conducted by Security.org. Although their positions...
What is Credential Stuffing?
Credential stuffing attacks are common causes of data breaches. Here we explain what a credential stuffing attack is, why they are often successful, and steps that can be taken to stop these attacks from succeeding. What is a Credential Stuffing Attack? Credential stuffing is a type of brute force attack – an attack where multiple attempts are made to guess a correct password. In a traditional brute force attack, a threat actor tries...
EU Reaches Agreement on New Cybersecurity Regulations for Critical Infrastructure Organizations
New legislation is being introduced in the European Union (EU) to ensure critical infrastructure organizations are better protected against destructive cyberattacks. Current legislation covering the security of network and information systems – the NIS Directive – was introduced in 2016 and was the first piece of EU-wide cybersecurity legislation. The NIS Directive required all EU member states to have national cybersecurity...
Critical F5 BIG-IP Flaw is Being Widely Exploited
A critical flaw in F5 BIG-IP systems is being actively exploited by threat actors. BIG-IP systems are software/hardware solutions that are used for access control, application availability, and security. The flaw, tracked as CVE-2022-1388, was disclosed last week by F5 and was assigned a CVSS severity score of 9.8 out of 10. The flaw affects the iControl REST authentication component which is used for communication between the F5...
3 Zero-Days Among 95 Flaws Patched by Microsoft on May 2022 Patch Tuesday
Microsoft has released patches to correct 75 flaws in its products on May 2022 Patch Tuesday, including 3 zero-days, one of which is being actively exploited in MitM attacks. The actively exploited zero-day is tracked as CVE-2022-26925 and is a Windows LSA spoofing vulnerability, which allows attackers to authenticate to domain controllers. According to Microsoft, “An unauthenticated attacker could call a method on the LSARPC...
Phishing Campaign Pushing Jester Malware Targets Ukrainian Citizens Warning of Chemical Attacks
A phishing campaign has been identified that warns of chemical weapon attacks on Ukrainian citizens in an attempt to infect devices with Jester malware. The Computer Emergency Response Team of Ukraine (CERT-UA) has recently issued a security advisory about the mass distribution of these malicious emails targeting Ukrainian citizens. The emails have the subject line “chemical attack” and warn in Ukrainian that information has been...
Popular Password Manager Adds Unique Username Generator
Password managers are low-cost security solutions that can significantly improve security by helping people avoid bad password practices. Oftentimes, all that stands between a hacker and an account containing sensitive data is a password, and the passwords that protect those accounts are often not sufficiently complex. Passwords can be cracked in seconds using brute force tactics and a computer with a reasonably powerful GPU. It may...
U.S. Offers $15 Million in Rewards for Information About Conti Ransomware Leaders & Affiliates
The U.S. Department of State is offering up to $15 million in rewards for information on the Conti ransomware leadership and its affiliates, as was the case in November where similar rewards were offered for information on the Sodinokibi (REvil) and Darkside ransomware groups. The Conti ransomware-as-a-service (RaaS) operation has been highly prolific and is currently the leading RaaS operation. The gang has conducted more than 1,000...
HIPAA Compliance Software
HIPAA compliance software is an application for overcoming the challenges of complying with HIPAA. Depending on the capabilities of the software, it can help compliance officers more easily identify gaps in compliance, more effectively eliminate gaps in compliance, and more accurately track compliance activities to ensure the organization is complying with HIPAA at all times. HIPAA compliance is a “100% task” inasmuch as if you comply...
FBI: More than $43 Billion has been Lost to BEC Scams Since 2016
Business email compromise (BEC) scams are the leading cause of losses to cybercrime. According to the U.S. Federal Bureau of Investigation (FBI), reported losses between June 2016 and December 2021 exceeded $43.3 billion. These scams, also known as email account compromise (EAC), involve compromising a business email account and using it to send emails to individuals responsible for making wire transfers and tricking them into making...
Campaign Identified Delivering Fileless Malware using Shellcode in Windows Event Logs
A new technique has been observed in the wild for delivering fileless malware on targeted devices and evading detection. According to researchers at Kaspersky, the attack involves injecting shellcode into Windows event logs, which sees the attacker hiding in plain sight and delivering fileless Trojans. The encrypted shellcode that includes the payload is embedded into Windows event logs in 8KB blocks and is saved in the binary part of...
Man Convicted for Phishing Scam Resulting in Theft of $23.5 Million from DoD
The losses to phishing scams can be considerable. What starts with a single phishing email can easily result in a costly data breach, malware infection, or the fraudulent transfer of millions of dollars to an attacker-controlled account. Last week, the U.S Department of Justice announced that one of the perpetrators of a phishing scam has been convicted on six counts for his role in a complex phishing scheme and vendor email...
REvil Ransomware Operation Returns
Evidence is mounting that the notorious REvil ransomware operation is back up and running, despite multiple arrests and loss of control of its infrastructure. The notorious and prolific REvil ransomware gang ceased operations in October 2021, following a law enforcement operation that saw the Tor servers that hosted their payment portal hijacked, along with the data leak blog where victims were named. In January this year, the Federal...
Report Shows Slight Improvement in User Password Security
A report published by Bitwarden ahead of World Password Day shows a slight improvement in user password security compared to a similar report published last year. World Password Day was created by Intel in 2013 to raise awareness about the role of complex, unique passwords in securing online accounts. Subsequent World Password Days have been held each year on the first Thursday in May; and, to celebrate the event in 2021, Bitwarden...
How Password Managers Mitigate the Threat from Phishing
The best way to mitigate the threat from phishing is to train employees to be more resilient to phishing attacks, introduce processes to report suspicious communications, and take advantage of technology to fill gaps in employee awareness by preventing them from visiting phishing sites. Unfortunately, few businesses have the time or resources to increase employee awareness training or respond to every report of a suspicious...
Bumblebee is the Malware Loader of Choice for Delivering Malicious Payloads
A new malware loader dubbed Bumblebee is being used by multiple threat actors to deliver malicious payloads to victims’ devices. According to cybersecurity firm Proofpoint, which analyzed the Bumblebee loader, its sole purpose appears to be to download malicious payloads onto infected devices and has been observed being used to deliver the Cobalt Strike, Sliver, and Meterpreter red team frameworks. The researchers identified three...
What Are Zero Knowledge Password Managers?
Many password managers advertise themselves as zero knowledge password managers, claiming that end-to-end encryption prevents vendors and their employees from knowing what credentials are maintained in users’ password vaults. But what are zero knowledge password managers? And what are the advantages and disadvantages of zero knowledge? Possibly the primary benefit of using a password manager is that it can generate and store...
66% of Mid-Sized Firms Suffered a Ransomware Attack in 2021
There was a massive rise in ransomware attacks on mid-sized organizations in 2021, according to the recently published State of Ransomware 2022 report from cybersecurity firm Sophos. The survey was conducted by Vanson Bourne on 5,600 mid-sized organizations in North and South America, Europe, the Middle East, Africa, Asia, and Asia-Pacific and revealed 66% of those organizations had suffered at least one ransomware attack in 2021, up...
American Dental Association Suffers Suspected Ransomware Attack
The American Dental Association (ADA) has recently confirmed to its members that technical difficulties are being experienced due to a cyberattack that occurred over the weekend. The ADA website states that “technical difficulties” are being experienced and efforts are underway to bring its systems back online. While the ADA has not publicly confirmed that this was a cyberattack, notifications have been sent to its 185,000 members via...
Emotet is Once Again the Biggest Malware Threat
In January 2021, the infamous Emotet botnet was shut down following an international law enforcement operation coordinated by Europol and Eurojust. Emotet started life as a banking Trojan and was first detected in 2014. Over the years the malware evolved into a powerful tool that was offered under the malware-as-a-service model to provide other threat actors with access to the devices infected with Emotet, including ransomware gangs...
Why Leet Substitution has Little Impact on Password Strength
While some sources advocate substituting letters with symbols to make passwords harder to crack, evidence exists that leet substitution has little impact on password strength. Consequently, businesses are advised to utilize password generation tools to create genuinely random passwords for each account and take advantage of password managers to save them securely. For those unfamiliar with “leet substitution”, the term is derived from...
Credit Card Company Advice for Online Security
Most leading credit card companies offer similar advice for online security – that you should secure devices used for online transactions, use unique, complex passwords for each online account, reduce your susceptibility to phishing, and set up alerts for certain types of transactions. Credit card companies have a vested interest in providing advice for online security. Under the Fair Credit Billing Act and Electronic Fund...
Cybersecurity Agencies Issue Warning About Cyberattacks by State Sponsored and Pro-Russian Hacking Groups
A joint threat assessment has been published by cybersecurity agencies in the United States, Australia, Canada, New Zealand, and the United Kingdom warning about the threat of cyberattacks by Russian state-sponsored hacking groups and pro-Russian hacking groups. Russian hacking groups are currently engaged in cyberattacks in Ukraine; however, there is concern that cyberattacks could be conducted beyond the Ukraine region in response...
How Accurate are Password Strength Testers?
Password strength testers are becoming more common in the account sign-up process. Their purpose is to indicate whether the passwords chosen by users are weak, good, strong, or very strong – the implication being that good, strong, and very strong passwords will help protect the account from brute force attacks. But how accurate are password strength testers? To find out, we ran a test pitching five variations of commonly-used...
CISA: Hackers Actively Exploiting Windows Print Spooler Privilege Escalation Flaw
On February 2022 Patch Tuesday, Microsoft released a patch to fix a high severity Windows Print Spooler privilege escalation vulnerability, tracked as CVE-2022-22718, which was one of four privilege escalation vulnerabilities in the Windows Print Spooler component to be patched on February 8. The vulnerability was assigned a CVSS severity score of 7.8 out of 10 and was marked as ‘exploitation more likely’. Hackers can...
LinkedIn is the Most Impersonated Brand in Phishing Attacks
The professional social networking site LinkedIn is now the most impersonated brand in phishing attacks according to Check Point Research. In Q1, 2022, 52% of phishing attacks spoofed LinkedIn, which is a 550% increase from the previous quarter when LinkedIn was the 5th most impersonated brand. This is part of an emerging trend in phishing that has seen phishers switch to campaigns seeking corporate social media credentials, which can...
What are Password Salting and Password Peppering?
Password salting and password peppering are two methods of preventing hashed passwords from being deciphered by hackers using brute force techniques or rainbow tables. Unfortunately, users rarely know whether online vendors are salting or peppering passwords, so businesses and individuals still need to take responsibility for protecting online accounts using other methods. In a previous article, we discussed password hashing and...
What is Password Hashing?
Password hashing is a security measure often used to convert a plain text password into a seemingly random string of letters and numbers. The theory behind this security measure is that, if a website’s database of hashed passwords is hacked, data stolen from the database cannot be used to access client accounts. Unfortunately, this is not always the case. When you create an online account, you are most often asked for a username...