Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Password. Show all posts
Ransomware
Black Basta Cyber Security Password Ransomware

Black Basta Hackers Use New Tool to Break Weak Passwords on Remote Systems

 



A cybercriminal group called Black Basta has built a new tool that helps them break into remote systems like VPNs and firewalls by guessing weak passwords. This tool allows them to easily target companies and demand ransom.

According to cybersecurity experts, the tool— named BRUTED, automatically scans the internet to find systems that might be easy to hack. It focuses on popular VPN and firewall services from companies like Cisco, Fortinet, Palo Alto, and others. It also attacks systems used for remote desktop access.

The tool gathers information like IP addresses, website subdomains, and security certificates to help guess passwords specific to each organization. It then sends fake login requests that look like they’re from a real user or device, making it harder to detect.

Since BRUTED runs automatically, it helps hackers attack many targets quickly. This increases their chances of breaking in and earning money from ransomware attacks.

Experts warn that many companies still rely on simple or repeated passwords, which makes their systems easy to hack. Sometimes, attackers use leaked or default passwords that organizations forget to change.

This poor password management exposes businesses to big risks. In fact, weak passwords might have also caused a leak in Black Basta’s own data when a hacker broke into a Russian bank and exposed the gang’s private chats.

Black Basta is known for targeting important industries like healthcare and manufacturing, where even a small disruption can cause major losses. These industries are more likely to pay ransom to avoid shutdowns.

Security experts are urging businesses to act fast—use strong and unique passwords, change default settings, run regular security checks, and train employees about password safety.

Good password habits can help prevent such attacks and protect important systems from hackers like Black Basta.


Read more »
VPN breach
Black Basta Cyber Attacks Cyber Network CyberCrime Cyberhackers CyberThreat Password Ransomware VPN breach

Ransomware Hackers Develop Advanced Tool for VPN Breaches

 


In the Black Basta ransomware group, an automated brute force attack tool referred to as BRUTED has been developed to target and compromise edge networking devices such as firewalls and VPNs, as well as other edge networking devices. By using this sophisticated tool, they can efficiently breach vulnerable internet-facing endpoints, making them able to scale ransomware attacks considerably better than ever before. 

A researcher at EclecticIQ identified the presence of BRUTED when she analyzed internal chat logs related to the ransomware gang, and she found that BRUTED exists. These logs were used to reveal insight into the tool's deployment and revealed that Black Basta has been employing BRUTED to conduct credential-stuffing and brute-force attacks since 2023 against a variety of remote access software programs. This cyber threat has been targeting a wide variety of systems, including SonicWall NetExtender, Palo Alto GlobalProtect, and Citrix NetScaler, highlighting the broad scope of the threat. 

It is Black Basta's intention to improve its operational efficiency by automating brute-force attacks, which in turn allows it to exploit critical infrastructure security vulnerabilities more systematically. As a result of the discovery of BRUTED, organizations relying on internet-connected security solutions are at an even higher risk of cybercrime, as the evolving tactics and sophistication of ransomware groups are becoming more complex. 

The Black Basta ransomware operation has developed an automated brute-force framework known as BRUTED, which has been designed specifically to compromise edge networking devices, such as firewalls and virtual private network access points. As a result of this advanced framework, the group can gain early access to targeted networks, which facilitates large-scale ransomware attacks on vulnerable, internet-connected endpoints, which will lead to a successful attack. 

A recently published study by Arda Büyükkaya, a cyber threat intelligence analyst at EclecticIQ, confirms that the Black Basta ransomware group is using a previously unidentified brute-force framework for stealing data. Known as BRUTED, this framework is specifically crafted to automate the process of compromising enterprise VPNs and firewalls, thus enhancing the group's ability to gain unauthorized access to corporate networks, which is significantly enhanced. 

Multiple reports have emerged throughout 2024 detailing the extensive use of brute-force attacks against these devices and password spray. It is still unclear how these incidents are linked to BRUTED or other threat actor operations, although the issue is still under investigation. This tool has been developed to highlight the increasing sophistication of ransomware tactics and the increasing risk organizations face when relying on internet-connected security infrastructure as part of their security measures. 

A thorough analysis of Büyükkaya's source code has proven that the tool's primary function consists of snooping across the internet and credential stuffing attacks, to attack edge network devices. It has been widely used within corporate environments to implement firewalls and VPN solutions. By its log-naming conventions, BRUTED is referred to as the bruised tool, and researchers at EclecticIQ have concluded that it is used by Black Basta to perform large-scale credential-stuffing attacks. This group gains an initial foothold by exploiting weak or reused credentials, which allows them to move from compromised networks to other compromised ones, and ultimately install ransomware. 

It is also BRUTED's responsibility to assist affiliates, who are responsible for performing initial access operations in ransomware campaigns, as well as to enhance the group's operational efficiency. As the framework automates and scales attacks, it can widen the victim pool and accelerate the monetization process, thus increasing the efficiency of ransomware operations. As a result of this discovery, cybercriminals have become increasingly sophisticated in their tactics, which highlights the need for robust security measures to protect against them. 

Arda Büyükkaya explained that the BRUTED framework will enable Black Basta affiliates to automate and scale their attacks to significantly increase the number of victims they can target, as well as boost their monetization efforts to continue operating ransomware. As a result of the emergence of this brute-forcing tool, edge devices are demonstrating their ongoing vulnerability, especially in light of persistent warnings from private cybersecurity firms and government agencies regarding increased threats targeting VPN services. Even though these advisories have been issued, it remains a lucrative attack vector for cybercriminals to hack passwords for firewalls and virtual private networks (VPNs). 

According to the Qualys team, a blog post a while back highlighted the fact that Black Basta has been using default VPN credentials, brute force techniques involving stolen credentials, and other forms of access to gain initial access to their systems. In this report, the manager of vulnerability research at Qualys Threat Research Unit and a co-author of the report asserted that weak passwords for VPNs and other services that are open to the public continue to pose a significant security risk to organizations. 

Furthermore, Abbasi emphasized that several leaked Black Basta chat logs contained simple or predictable credentials, demonstrating the persistent vulnerabilities that threat actors exploit to infiltrate corporate networks. By implementing the BRUTED framework, threat actors can streamline their ransomware operations, as it enables them to infiltrate multiple networks at the same time with as little effort as possible.

As a result of this automation, cybercriminals have access to greater monetization opportunities, which allows them to scale their attacks more efficiently. The risks posed by such tools must be mitigated by the adoption of strong cybersecurity practices. To protect against these risks, organizations must enforce unique passwords for all edge devices and VPNs. Further, multi-factor authentication (MFA) is an essential component of any security system because it adds another layer of protection that prevents unauthorized access, even when credentials are compromised. To identify potential threats, continuous network monitoring is also crucial. 

Security teams should keep an eye on authentication attempts coming from unfamiliar locations and flag high volumes of failures to log in as an indicator of brute force attacks. Several measures can be implemented to reduce the effectiveness of credential-stuffing techniques, such as rate-limiting measures and account-locking policies. As a result of the growing threat of BRUTED, EclecticIQ has provided a list of IP addresses and domains associated with the framework to the public in response. 

Indicators such as these can be used to update firewall rules so that requests from known malicious infrastructure will be blocked effectively while limiting the tool's reach. BRUTED does not exploit software vulnerabilities to gain access to network edge devices, but maintaining up-to-date security patches remains an important part of cybersecurity. Regularly applying the latest patches ensures that potential vulnerabilities in the network security systems are addressed, thus strengthening the overall resilience of the network security systems.
Read more »
Privacy
Cyberattacks CyberCrime CyberThreat Email Phishing IT Password Password Rest Privacy

Growing Concerns Over Deceptive Master Password Reset Emails

 


A network security risk associated with unauthorized password resets is very significant, as it can expose sensitive information and systems to cyber threats. IT administrators must take care to monitor and validate every password reset, particularly those that involve critical user accounts and service accounts. When such resets occur, administrators typically need detailed contextual information to maintain robust security whenever such resets occur. 

To enhance transparency in password resets and to prevent the possibility of unauthorized access, it is important to notify the respective users as soon as possible when their passwords are reset. Despite this, manual oversight of password resets poses a daunting challenge. It requires considerable effort and vigilance to track every reset, analyze its context, identify high-risk account changes, and validate that they are legitimate. 

As administrators, it can be difficult for them to mitigate security vulnerabilities arising from unauthorized or suspicious password changes, if there is no efficient mechanism in place. Microsoft users are constantly faced with cybersecurity threats, as well as sophisticated attacks based on system vulnerabilities. As the security landscape continues to evolve, it becomes increasingly complex as zero-day exploits actively compromise Windows users, as well as Microsoft Account takeovers that circumvent authentication measures. 

Cybercriminals have become increasingly aggressive against Microsoft 365 users, targeting them with technical loopholes that allow them to manipulate URLs or conduct large-scale brute-force attacks by utilizing basic authentication exploits. This persistent threat highlights the necessity of enhanced security measures within the Microsoft ecosystem. Recently, Microsoft 365 users have been warned of a highly sophisticated attack that manages to evade conventional email security measures. During this latest phishing attack, cybercriminals have embedded phishing lures within legitimate Microsoft communications, making detection considerably harder. 

As these tactics are constantly evolving, organizations and their users must remain vigilant, implement proactive security strategies, and make sure that potential risks are minimized. This type of cybercrime involves deceptive actors impersonating trusted organizations or individuals and deceiving recipients into divulging sensitive information as a result. The fraud is usually carried out by sending emails or sending attachments to unsuspecting recipients that contain harmful links or attachments, which are intended to harvest login credentials, financial information, and other confidential data from those unsuspecting. 

Even though there are different kinds of phishing, deceptive phishing remains one of the most prevalent since it bypasses security defences so effectively. Cybercriminals instead of attempting to compromise a system through technical vulnerabilities, exploit human psychology by crafting appealing messages that seem to be genuine to lure individuals into engaging with malicious content, rather than using technical vulnerabilities. In addition to raising awareness and educating users about the threats that can be posed by phishing, they must know how to identify and prevent such threats to improve their cybersecurity resilience. 

Types of Phishing Attacks


Several different types of phishing attacks operate by utilizing human trust to steal sensitive information. Below is a list of the most common types: 

Phishing emails (or deceptive phishing emails) take advantage of recipients' trust by looking like legitimate organizations so they will divulge their personal and financial information to them. 

Phishing traps: They are created to exploit the vulnerabilities in an organization's IT infrastructure to gain access to its data. An example of spear-phishing is a form of phishing that uses personalized information to look credible to a specific individual, such as an employee or manager. 

A phishing Angler: This type of fraud uses fake social media accounts to gain access to a user's account or to download malicious software onto their computer. Using urgent espionage-related pretexts to extract sensitive business information from high-level executives is referred to as whaling. It is a form of fraud in which someone calls someone who pretends to be an official of a trustworthy organization to obtain personal or financial information. 

A text phishing scam (smishing) takes advantage of SMS message spam to deceive users by sending malicious links or sending fake, urgent emails. In this case, the user is not aware of the fact that his browser settings have changed, causing him to be redirected to fraudulent websites without his knowledge. 

Due to the constantly evolving nature of phishing attacks, security awareness and proactive measures are becoming increasingly important. Several measures can be taken to prevent these attacks, such as multi-factor authentication, email filtering, and caution when dealing with online accounts. 

Understanding Password Reset Processes and Vulnerabilities


To assist users who forgot their passwords on online platforms that require user authentication, most platforms have implemented password reset mechanisms. Various methods of generating a unique, high-entropy reset token that is linked to the user's account are the most commonly used methods, although they vary greatly in security and complexity. 

The platform can request that a user be sent an email containing a reset link, with the token embedded as a query parameter in the link. When the user clicks the link, a verification process is conducted to ensure the token is valid before allowing the user to reset their password. It is generally considered secure because this method relies on the assumption that only the intended user to whom the token is sent has access to their email account. However, attackers can exploit vulnerabilities in this process by manipulating password reset data. 

Exploiting Password Reset Poisoning Attacks


An attacker who has manipulated the password reset URL to steal the user's reset token is called a password reset poisoner. The technique takes advantage of systems that automatically generate username and password reset links based on user-controlled input, such as the Host header. The routine goes as follows: 

As soon as the attacker has obtained the victim's email address or username, they send the victim an email asking for their password to be reset. During this process, they intercept the HTTP request and alter the Host header to replace the legitimate domain with one they control. In an official password reset email, the victim receives an official link that appears to contain a legitimate link. However, once the victim clicks on the official link, he or she is directed to the attacker's domain, so they are unable to reset their password. 

A token is sent to the attacker's server when the victim clicks on the link, whether by hand or automatically using security tools like antivirus scanners. Upon submitting the stolen token to the legitimate website, the attacker gains unauthorized access to the victim's account by resetting the password and then regaining access to the victim's account. 


Mitigation Strategies and Security Best Practices 


Sites need to implement strong security measures to prevent password reset poisoning, especially when it comes to Host header validation, and the enforcement of secure cookie-based authentication so that individual users are not able to access their passwords. The user should also exercise caution if he or she receives emails asking to reset their passwords unexpectedly, ensure URLs are verified before clicking links, and enable multifactor authentication to protect their accounts. Cybercriminals are constantly improving their attack methods. 

To mitigate these threats, proactive cybersecurity awareness and robust security implementation are key. According to the fraudulent email in question, recipients are informed that their email passwords are imminently about to expire, and are advised that once their passwords are about to expire, they will need to contact a system administrator to regain access. 

As a means of creating a sense of urgency, the message asks users to click on the "KEEP MY PASSWORD" button, which appears to authenticate and secure their account. The email communication appears to be carefully crafted so that it appears to be a notification from the web hosting server, which makes it more likely that unknowing individuals will be able to trust it. As a result of clicking the link provided, recipients will be taken to a fraudulent Webmail login page designed to capture their email credentials, which include usernames and passwords, when they click that link. 

As a result of this stolen information, cybercriminals can breach email accounts, obtaining access to personal communications, confidential documents, and sensitive information that is confidential or sensitive. When these accounts have been compromised, they may be used to launch further phishing attacks, distribute malware to contacts within the email system, or launch further phishing attacks once the accounts have been compromised. 

Besides immediate unauthorized access, threat actors may also use stolen credentials to reset passwords for other accounts connected to the account, such as a banking platform, a social media profile, or even a cloud storage platform. Aside from this, compromised accounts and harvested information are often sold on the dark web, thus increasing the risk of identity theft as well as financial fraud. 

Because of the significant security implications these emails have, it is highly recommended that users exercise caution whenever they receive unsolicited emails with links or attachments within them. It is important to verify the legitimacy of these communications before engaging with them so that potential cyber breaches, financial losses, and other cybersecurity threats can be prevented. 

An official representative of 1Password, known as 1PasswordCSBlake, recently provided some insights on how to counter a recent phishing attack targeting master password resets on the 1Password subreddit. A detailed explanation of how cybercriminals approach credentials compromises through fraudulent reset requests was provided, emphasizing the significance of vigilance against such insidious techniques used by cybercriminals to deceive their victims. 

Consequently, users who feel that they have been phished or have clicked on a fraudulent link as a result of this security threat are strongly advised to reach out to support@1password.com immediately for assistance. It is important to act promptly if you want to minimize potential risks and prevent unauthorized access to sensitive data. 

The 1Password infrastructure does not appear to have been compromised, and there are no indications at this time that the system is compromised. The password manager is still secure, and the users' accounts and stored credentials are not affected. To safeguard your personal information from emerging cyber threats, you must keep your personal information aware and adhere to best security practices. 

Best Practices for Preventing Malware Infiltration 


There are many ways for users to mitigate cybersecurity threats, but they need to be cautious when dealing with unexpected or unsolicited e-mails, especially those from unknown sources. As a consequence, one mustn't click on embedded links or open attachments within such messages, since they may contain malicious content that compromises the security of the system as a whole. 

The use of anti-virus software and anti-malware software to safeguard devices against potential threats is essential. Additionally, users should only download applications and files from trusted and official sources, such as verified websites and app stores. As a result, downloading pirated software, key generators, or cracking tools can significantly increase the risk of malware infection. 

Therefore, users need to avoid them as much as possible. Also, it is important to note that engaging with intrusive pop-ups and advertisements on untrustworthy websites may pose a considerable security risk, and this should be avoided if possible. This can be achieved by denying notification permissions for these sites, and by regularly updating operating systems and applications to keep them protected. 

If malicious attachments have already been accessed, it is recommended, to detect and effectively remove any malware infiltrated into the system, that the system be thoroughly scanned using security software that is considered reliable and provides reliable protection against malware.
Read more »
Vulnerability
CyberCrime Cyberhackers Cybersecurity CyberThreat Internet of Things Password Privacy Security Security Risk Vulnerability

Default Password Creates Major Security Risk for Apartment Complexes

 


Under research conducted by security researchers, it was discovered that a widely used door access control system includes an inherently insecure default password. Thousands of buildings across the country have insecure default passwords that can be accessed easily and remotely by anyone. It was discovered by Eric Daigle that there is still a lot of residential and commercial properties in North America that have not yet modified the default passwords for their access control systems, many of them are not even aware that this is a good idea.   

When security researcher Eric Daigle examined an apartment building’s access control panel, he inadvertently discovered one of the most concerning security issues in recent years while inspecting the access control panel. Initially, a routine observation while waiting for a ferry led to the discovery of a critical security flaw affecting hundreds of residential buildings across the country, which caused a widespread financial loss for thousands of people.

In late last year, Eric Daigle became interested in the system when he noticed an unusual access control panel on his normal daily activities. He conducted a short online search for “MESH by Viscount” and found a sales page for its remote access capability, followed by the discovery of a PDF installation guide available for download. It is typical for access control systems to be configured with a default password, which administrators are supposed to change to match their credentials. 

However, Daigle observed that the installation manual did not provide clear instructions regarding how these credentials were to be modified. It was later revealed, after further investigation into the user interface's login page title, that multiple publicly accessible login portals are available for this product. Alarmingly, as a result of this research, he was able to access the first one with default credentials, which highlights a critical security vulnerability. 

The Enterphone MESH door access system is currently owned by Hirsch, and Hirsch has announced that to address this security vulnerability, a software patch will be released shortly that will require users to change their default password, as soon as possible. An internet-connected device will often have a default password, which is often included in the product manual to facilitate the initial setup process. 

There is, however, a significant security risk in requiring end users to manually update these credentials, since if they fail to do so, their systems can be vulnerable to unauthorized access. Hirsch’s door access solutions are not prompted to customers when they are installed, nor are they required to modify the default passwords, leaving many systems at risk of unauthorized access. This vulnerability had been discovered by security researcher Eric Daigle, based on the findings he made, according to his findings. 

The vulnerability has been designated as CVE-2025-26793 as a result of his findings. Modern building security systems have become increasingly integrated with the Internet of Things (IoT) technology, especially in apartment complexes seeking a more advanced alternative to traditional phone-line-based access control systems. Among these key fob systems, Hirsch Mesh features a web-based portal that enables the use of key fobs throughout a large building to be tracked and logged, as well as allowing remote access to various entry points also within the building to be controlled remotely. 

The accessibility of the system's default login credentials, however, raises a crucial security concern because they are openly published in the installation manual, which is easily accessible via an online search, as the installer provides a list of the default login credentials. While waiting at a bus stop for his bus, Eric Daigle made a quick internet search based on the name of the product displayed on the security terminal of the apartment complex across the street. He located the manual in just a few minutes, which identified a way to circumvent the building's security measures. This highlighted a significant flaw in the system's design, leading to a serious risk of abuse. 

The default password that is set on internet-connected devices has historically posed a significant security threat because unauthorized individuals can gain access under the guise of legitimate users, leading to data breaches or the possibility of malicious actors hijacking these devices to carry out large-scale cyberattacks. In recent years, there have been several governments, including the UK, Germany, the US, and other countries, which have been encouraging technology manufacturers to adopt more robust security measures to avoid the security risks associated with using default credentials that were considered insecure in the first place. 

Having been rated as highly vulnerable by the FBI as a result of its ease of exploit, Hirsch's door entry system has been rated as a high threat as well with a severity rating of 10. Exploiting the flaw involves a minimal amount of effort. There is a public documentation available on Hirsch's website, which contains the installation manual for the system, which can be used to obtain the default password. An affected building is vulnerable to unauthorized access if individuals with these credentials log in to the login window of the building's system through the login portal; this highlights a critical security flaw in the system.
Read more »
Technology
AI Antivirus Internet Password Technology

These Four Basic PC Essentials Will Protect You From Hacking Attacks


There was a time when the internet could be considered safe, if the users were careful. Gone are the days, safe internet seems like a distant dream. It is not a user's fault when the data is leaked, passwords are compromised, and malware makes easy prey. 

Online attacks are a common thing in 2025. The rising AI use has contributed to cyberattacks with faster speed and advanced features, the change is unlikely to slow down. To help readers, this blog outlines the basics of digital safety. 

Antivirus

A good antivirus in your system helps you from malware, ransomware, phishing sites, and other major threats. 

For starters, having Microsoft’s built-in Windows Security antivirus is a must (it is usually active in the default settings, unless you have changed it). Microsoft antivirus is reliable and runs without being nosy in the background.

You can also purchase paid antivirus software, which provides an extra security and additional features, in an all-in-one single interface.

Password manager

A password manager is the spine of login security, whether an independent service, or a part of antivirus software, to protect login credentials across the web. In addition they also lower the chances of your data getting saved on the web.

A simple example: to maintain privacy, keep all the credit card info in your password manager, instead of allowing shopping websites to store sensitive details. 

You'll be comparatively safer in case a threat actor gets unauthorized access to your account and tries to scam you.

Two-factor authentication 

In today's digital world, just a standalone password isn't a safe bet to protect you from attackers. Two-factor authentication (2FA) or multi-factor authentication provides an extra security layer before users can access their account. For instance, if a hacker has your login credentials, trying to access your account, they won't have all the details for signing in. 

A safer option for users (if possible) is to use 2FA via app-generated one-time codes; these are safer than codes sent through SMS, which can be intercepted. 

Passkeys

If passwords and 2FA feel like a headache, you can use your phone or PC as a security option, through a passkey.

Passkeys are easy, fast, and simple; you don't have to remember them; you just store them on your device. Unlike passwords, passkeys are linked to the device you've saved them on, this prevents them from getting stolen or misused by hackers. You're done by just using PIN or biometric authentication to allow a passkey use.

Read more »
Password
Cyber Crime Data Breach DDOS Attacks IoT Password

Huge Data Leak Puts 2.7 Billion Records at Risk – What You Should Know

 



A security issue has surfaced involving an unprotected database linked to Mars Hydro, a Chinese company known for making smart devices like LED grow lights and hydroponic equipment. Security researcher Jeremiah Fowler discovered this database was left open without a password, exposing nearly 2.7 billion records.


What Data Was Leaked?  

The database contained sensitive details, including WiFi network names, passwords, IP addresses, and device identifiers. Although no personal identity information (PII) was reportedly included, the exposure of network details still presents serious security risks. Users should be aware that cybercriminals could misuse this information to compromise their networks.


Why Is This Dangerous?  

Many smart devices rely on internet connectivity and are often controlled through mobile apps. This breach could allow hackers to infiltrate users’ home networks, monitor activity, or launch cyberattacks. Experts warn that leaked details could be exploited for man-in-the-middle (MITM) attacks, where hackers intercept communication between devices. 

Even though there’s no confirmation that cybercriminals accessed this database, IoT security remains a growing concern. Previous reports suggest that 57% of IoT devices have critical security weaknesses, and 98% of data shared by these devices is unencrypted, making them prime targets for hackers.


Rising IoT Security Threats  

Cybercriminals often target IoT devices, and botnet attacks have increased by 500% in recent years. Once a hacker gains access to a vulnerable device, they can spread malware, launch large-scale Distributed Denial-of-Service (DDoS) attacks, or infiltrate critical systems. If WiFi credentials from this breach fall into the wrong hands, attackers could take control of entire networks.


How Can Users Protect Themselves?  

To reduce risks from this security lapse, users should take the following steps:

1. Update Device Passwords: Many IoT gadgets use default passwords that are the same across multiple devices. Changing these to unique, strong passwords is essential.

2. Keep Software Up-to-Date: Manufacturers release software patches to fix security flaws. Installing these updates regularly reduces the risk of exploitation.

3. Monitor Network Activity: Watch for unusual activity on your network. Separating IoT devices from personal computers and smartphones can add an extra layer of security.

4. Enhance Security Measures: Using encryption tools, firewalls, and network segmentation can help defend against cyberattacks. Consider investing in comprehensive security solutions for added protection.


This massive data leak stresses the importance of IoT security. Smart devices provide convenience, but users must stay proactive in securing them. Understanding potential risks and taking preventive measures can help safeguard personal information and prevent cyber threats.



Read more »
Windows
ADFS Microsoft Password Phishing Attacks Technology Windows

Hackers Steal Login Details via Fake Microsoft ADFS login pages

Microsoft ADFS login pages

A help desk phishing campaign attacked a company's Microsoft Active Directory Federation Services (ADFS) via fake login pages and stole credentials by escaping multi-factor authentication (MFA) safety.

The campaign attacked healthcare, government, and education organizations, targeting around 150 victims, according to Abnormal Security. The attacks aim to get access to corporate mail accounts for sending emails to more victims inside a company or launch money motivated campaigns such as business e-mail compromise (BEC), where the money is directly sent to the attackers’ accounts. 

Fake Microsoft ADFS login pages 

ADFS from Microsoft is a verification mechanism that enables users to log in once and access multiple apps/services, saving the troubles of entering credentials repeatedly. 

ADFS is generally used by large businesses, as it offers single sign-on (SSO) for internal and cloud-based apps. 

The threat actors send emails to victims spoofing their company's IT team, asking them to sign in to update their security configurations or accept latest policies. 

How victims are trapped

When victims click on the embedded button, it takes them to a phishing site that looks same as their company's authentic ADFS sign-in page. After this, the fake page asks the victim to put their username, password, and other MFA code and baits then into allowing the push notifications.

The phishing page asks the victim to enter their username, password, and the MFA code or tricks them into approving the push notification.

What do the experts say

The security report by Abnormal suggests, "The phishing templates also include forms designed to capture the specific second factor required to authenticate the targets account, based on the organization's configured MFA settings.” Additionally, "Abnormal observed templates targeting multiple commonly used MFA mechanisms, including Microsoft Authenticator, Duo Security, and SMS verification."

After the victim gives all the info, they are sent to the real sign-in page to avoid suspicious and make it look like an authentic process. 

However, the threat actors immediately jump to loot the stolen info to sign into the victim's account, steal important data, make new email filter rules, and try lateral phishing. 

According to Abnormal, the threat actors used Private Internet Access VPN to hide their location and allocate an IP address with greater proximity to the organization.  

Read more »
Password
Bugs Critical Vulnerability Data Breach Enterprise security Organization security Password

Password Management Breached: Critical Vulnerabilities Expose Millions

Password Management Breached: Critical Vulnerabilities Expose Millions

Password management solutions are the unsung heroes in enterprise security. They protect our digital identities, ensuring sensitive info such as passwords, personal details, or financial data is kept safe from threat actors. 

However, in a recent breach, several critical vulnerabilities have been discovered in Vaultwarden, a famous public-source choice for the Bitwarden password management server. The bugs can enable hackers to get illegal access to administrative commands, run arbitrary code, and increase privileges inside organizations using the platform. 

Admin Panel Access via CSRF: CVE Pending (CVSS 7.1)

This flaw allows hackers to enter the Vaultwarden admin panel via a Cross-Site Request Forgery (CSRF) attack. Hackers can send unauthorized requests to the admin panel and adjust its settings by fooling a genuine user into opening a malicious webpage. This needs the DISABLE_ADMIN_TOKEN option to be activated because the authentication cookie will not be sent throughout site boundaries.

Remote Code Execution in Admin Panel: CVE-2025-24364 (CVSS 7.2)

A stronger flaw enables hackers with unauthorized access to the admin panel to run arbitrary code on the server. This bug concerns modifying the icon caching functionality to insert malicious code, which is used to run when the admin interacts with select settings. 

Privilege Escalation via Variable Confusion: CVE-2025-24365 (CVSS 8.1)

The flaw lets hackers widen their privileges inside an organization, they can gain owner rights of other organizations by abusing a variable confusion flaw in the OrgHeaders trait, to potentially access confidential data.

Aftermath and Mitigation

The flaws mentioned in the blog impact Vaultwarden variants <= 1.32.7. Experts have advised users to immediately update to the patched version 1.33.0 or later to fix these issues.

Vaultwardens’s user base must take immediate action to minimize potential threats as it has more than 1.5 million downloads and 181 million Docker pulls, which is a massive figure. 

Breaches at this scale could have a severe impact because password management solutions are the backbone of enterprise security. Businesses using Vaultwarden should immediately conduct threat analysis to analyze their exposure and implement vital updates. Experts also advise reviewing access controls, using two-factor authentication, and looking for any fishy activity.

Read more »
Privacy
Edge Browser Microsoft 365 Password Privacy

Microsoft Edge’s New Password Update: What It Means for Your Online Security

 



Microsoft has finally turned a page in making the internet safer by offering protection against shared passwords. The establishment of sharing the same password among different users, for account management or accessing team resources, was a common practice but unsafe in the past. Such practices increase the likelihood of illegal access to data that might lead to a breach. At the Ignite 2024 developer conference, Microsoft revealed the solution to this problem: encrypted password sharing for users on Microsoft 365.


Simplifying Password Sharing for Microsoft 365 Users 

Soon, a new feature for Microsoft 365 Business Premium, E3, and E5 subscribers will roll out. It lets administrators deploy encrypted passwords in the browser Microsoft Edge for both corporate and web sites. This will be shared amongst designated users, thus allowing them to log on smoothly at these web sites without ever having to see the actual passwords.

According to group product manager for Edge enterprise at Microsoft, Lindsay Kubasik, this feature diminishes the possibility of unauthorized access and enhances organizational security. Because the encrypted passwords are uniformly distributed and only to a configured group of users, it keeps any organization from being exposed to security threats. The deployment will be gradual over the next few months with the idea of improving password management for enterprise users.


Essential Security Tips for Microsoft Edge Users 

While firms benefit from shared encrypted passwords, Microsoft recommends that personal consumers of the Edge browser eliminate password sharing outright. Shared password use may increase vulnerabilities and become an entry point for many cyberattacks.

For users, Edge will automatically encrypt sensitive data such as passwords, credit card details, and cookies when stored locally on a device. This means such data will stay safe, with access limited only to the logged-in user. Even if an attacker gains admin access to the device, they cannot retrieve plaintext passwords unless they also obtain the user’s operating system credentials.  


Best Practices for Password Security

Microsoft is keen on proper security practice, recommending that all users employ strong passwords, two-factor authentication, and even password managers as online account protection tools. Another alternative: passkeys, essentially biometric or device-based authentication methods, can eliminate reliance on a traditional password altogether.


The Bottom Line

Microsoft’s encrypted password sharing marks a pivotal advancement in digital security for enterprise users, setting a new standard for password management. For individual users, adopting recommended security practices remains crucial to staying protected in an increasingly digital world.


Read more »
Password
Cyber Phishing Data Breach Hacking MC2 data Password

MC2 Data Breach Exposes Millions: Stay Protected

 



Cybernews reported on September 23 that background check company MC2 Data suffered a major data breach, exposing 2.2 terabytes of sensitive information. This breach potentially affects about 100 million Americans, raising serious concerns among cybersecurity experts about the risks faced by consumers today.


Why This Breach Matters

This data is considered very sensitive, thought to include passwords, along with identifying details in the form of email addresses. According to Gary Orenstein, Chief Customer Officer at Bitwarden, such information makes it possible for attackers to home in on the high-value targets. With all this, the attackers now have access to current email addresses with other sensitive information and can carry targeted phishing attacks or credential-stuffing attacks on a lot of accounts in the hope of accessing additional ones.

According to Orenstein, one of the scariest things is that hackers may use this data cross-referenced by passwords or slight modifications across many platforms. This may go ahead to help them gain access to several accounts if users have reused or slightly modified the same passwords.


A Growing Threat in Cybersecurity

Take the instance of the MC2 incident; it sharply reminds us that larger trends are existing within cyber threats: data breaches and cyberattacks are on the surge in all sectors. According to Efrat Tabibi, Head of Data at Guardio, "assuming that your sensitive data is always under the threat of being compromised" means "this breach signals assuming that your sensitive data is always vulnerable." This is reality for both consumer and company alike within today's data security landscape.

Tabibi says that the sophistication of attacks is increasing and proactive steps are required. She urges users to utilise such tools that will discover the phishing attacks and alert the user about vulnerabilities and deliver the ability to have real-time protection. "Those days when such tools were optional are over; now they are a must-have," she said.


How to Defend Yourself Against Future Attacks

The fact that breaches such as MC2's have become commonplace dictates that the following is the best course of action consumers can take to protect themselves: experts advise strong, unique passwords for every account and, when possible, that two-factor authentication adds yet another layer of security. Unsolicited emails and messages should be avoided, and personal information should not be requested.

Monitoring accounts to catch any suspicious activity and using a password manager for credential storage and management will be another step. Being one step ahead of attackers, tools that provide real-time phishing and data breach alerts also make their way into the picture.


The Bottom Line

The new data breach by MC2 represents the real threat looming in the cyber space of any organisation, which calls for vigilance on their part. With data being more vulnerable than ever, security experts urge the consumers to seize their weapons and take advantage of the best and readily available tools with best practice to defend their private information. This increased risk calls for not only vigilance but concrete steps in order to remain protected in a growing digital environment.


Read more »
Password
2FA Data Breach Identity Protection Login Security Password

Four Steps to Steer Clear of Data Leaks

 



Within the last few months, we have witnessed the scale of data breaches soar to millions of victims. The most vulnerable victims are usually major companies that process individual data; National Public Data, Medicare, and MC2 Data are all illustrative examples where hundreds of billions of records were leaked and several people become a victim of identity theft, fraud, and other destructive scandals.

Although data leaks are getting alarming day by day, there is also something you can do to protect your personal information. The four key actions that you can undertake to strengthen your online defences and not be a target will be discussed in the following:


Strengthen Your Login Security

As more and more passwords leak out on the web, hackers can use weak or reused passwords much more easily. Since a leaked password leaves cybercriminals with the same password, it can be used to perform credential stuffing attacks, trying the same password combination against different accounts. Risk can be minimised by using different strong passwords for all accounts. This can be achieved using a password manager that keeps them safe.

However, the best password ever designed can still be cracked or guessed, so there is a need for extra layers of security. Two-factor authentication, or 2FA, places a huge barrier to entry, requiring a second form of verification before an account access is given. Two most popular means of 2FA are by email or SMS, but those forms of verification can be intercepted. However, more secure methods include authentication apps or hardware security keys such as YubiKey, whereby gaining possession of the device requires one to log in to any of their accounts.

Other ways to log in include passkeys, which will eventually outpace the usage of passwords. The passkeys are encrypted, specific to your device, and not vulnerable to phishing attacks, thus adding more protection for your accounts. You will also have the opportunity to backup your passkeys or create a back login like the 2FA in case your account loses your device


Secure Your Financial Information

Examples of typical personal information that would be exposed and increase the risk of identity theft in a data breach include a Social Security number. Protecting your financial life comes down to freezing your credit and banking reports. This will prevent someone else from opening accounts in your name. You should check regularly for any suspicious activity on your credit report.

Locking an Identity Protection PIN on the IRS will put further layers of security on your tax filings, so that no one except you can file under your name. It's something that you can get done in days, and a few hours of your time to pay to save yourself from costly and time-consuming fraud.


Be on Your Guard About Communications

The dark web contains so much stolen personal information, making it pretty easy for scammers to write very convincing messages and dial numbers in your name. They could also call pretending to be your bank or a credit card company, as well as someone you know to try and get some more sensitive details. It's really important that you don't have any trust towards unsolicited communications, no matter how truthful they may sound.

If you do receive a message that says an account has been breached, do not click any links and do not provide sensitive personal data over the phone. Reach out to the organisation using official contact channels.

If you are receiving messages supposedly from family or friends, use other communication channels to confirm the request as their accounts may have been hacked.


Don't Rely on Trust Alone

As advanced scams with the aid of artificial intelligence rise, be doubly careful with all your dealings in the digital world. Because scammers are evolving their patterns all the time, it would be even more challenging to distinguish the real one from the fake. Such proactive steps, like securing all accounts, protecting financial information, and confirming any communication, can reduce the danger a person has to face when becoming victimised by cybercrime.

Nothing is foolproof in this changing digital world, but by doing all these, you are making it very difficult for hackers to access your information. Self-protection today may save you from the costly and stressful aftermaths in the future.


Read more »
Web
data security Email Internet Password Technology Web

Beware of These Email Warning Signs to Stay Safe Online

Beware of These Email Warning Signs to Stay Safe Online

Email, the backbone of communications in today's age, also serves as a common vector for cyberattacks, particularly phishing scams. Phishing emails are designed to trick recipients into revealing sensitive information or downloading malicious software. To protect yourself, it’s crucial to recognize the warning signs of a potentially dangerous email. 

1. Suspicious Subject Lines

One of the first things you notice about an email is its subject line. Phishing emails often use alarming or urgent language to grab your attention and prompt immediate action. 

Subject lines like “Urgent: Account Suspended,” “Action Required: Verify Your Identity,” or “Security Alert: Unusual Activity Detected” are red flags. Always approach such emails with caution and verify their authenticity before taking any action.

2. Generic or Overly Personalized Greetings

Phishing emails often use generic greetings such as “Dear Customer” or “Dear User” because they are sent to a large number of recipients. 

On the other hand, some phishing attempts may use overly personalized greetings to create a false sense of familiarity and trust. If the greeting seems off or doesn’t match the usual tone of communication from the supposed sender, it’s worth investigating further.

3. Suspicious Domain Names

Always check the sender’s email address carefully. Phishers often use email addresses that look similar to legitimate ones but contain subtle misspellings or unusual domain names. For example, an email from “support@paypa1.com” (with a numeral ‘1’ instead of the letter ‘l’) is likely a phishing attempt. Hover over the sender’s name to reveal the full email address and scrutinize it for any inconsistencies.

4. High-Risk Words

Phishing emails frequently use high-risk words such as “money,” “investment,” “credit,” and “free.” These words are designed to entice recipients into clicking on links or providing personal information. Be wary of emails that promise financial gains, free gifts, or urgent investment opportunities, especially if they come from unknown sources.

5. Hover Over Links

Before clicking on any link in an email, hover your mouse over it to see the URL it leads to. If the URL looks suspicious or doesn’t match the supposed sender’s website, do not click on it. Phishing links often lead to fake websites designed to steal your information. Instead, visit the official website directly by typing the URL into your browser.

Practical Tips for Email Safety

  • Do not share personal information: Never provide sensitive information such as passwords, credit card numbers, or social security numbers in response to unsolicited emails.
  • Use multiple email addresses: Separate your email addresses for different purposes, such as personal, professional, and online shopping. This can help contain the damage if one of your email addresses is compromised.
  • Keep your software updated: Ensure that your email client, browser, and antivirus software are up to date. Security updates often include patches for vulnerabilities that phishers exploit.

Read more »
Privacy
Cyberattacks CyberCrime Cybernews CyberThreat Data threats Hacking ObamaCare Password Privacy

Hackers Leak 10 Billion Passwords How Users Should Respond

 


Several months ago, security researchers discovered the world's largest collection of stolen passwords and credentials had been uploaded to an infamous criminal marketplace where cybercriminals would trade such credentials for a considerable amount of money. A hacker known as 'ObamaCare' has posted a database which, according to the hacker, contains nearly 10 billion unique passwords built over many years as a result of numerous data breaches and hacks he has been spreading across the web for several years. 

'ObamaCare', a user identified as 'ObamaCare', posted on a popular hacking forum on Thursday a collection of leaked passwords known as 'RockYou2024'. In the past, 'ObamaCare' has outsourced stolen data on the internet several times and it is not the first time they have done so. According to the report, the user had previously shared a database of Simmons & Simmons employees, a lead from the online casino AskGamblers, and applications from Rowan College in New Jersey before taking down the reports. 

The researchers at CyberNews have reported that on July 4, 2014, a hacker using the handle "ObamaCare" posted a file on a hacking forum that contained 9,948,575,739 unique plaintext passwords. The password dump that was recently found on the web is a more recent version of the "RockYou2021" data leak collection that surfaced in June 2021. 

In that particular instance, there were 8.4 billion unique passwords within the stolen collection of passwords at the time. This goldmine of thousands of unique passwords has been expanded by cybercriminals since 2021. The goldmine now includes 1.5 billion new and unique passwords added by these cyber criminals. “The team verified the leak passwords by cross-referencing the RockYou2024 leak passwords with a leaked password checker provided by Cybernews, which showed that these passwords were obtained from a mix of both old and new leaks,” Cybernews researchers wrote. 

There seem to have been a record number of stolen and leaked credentials discovered on the BreachForums criminal underground forum by security researchers from Cybernews. This collection has been the largest collection that has ever been seen on that site. A compilation of RockYou2024 appears to consist of an astonishing 9,948,575,739 unique passwords, all in plaintext form, with a total of 9,948,575,739 passwords. 

The database is said to have been built from an earlier credentials database called RockYou 2021, which contained eight billion passwords, and that has been added to with roughly 1.5 billion new passwords. The credential files cover a period to be measured between the years 2021 and 2024, and a total of 4,000 huge databases of stolen credentials have been estimated to contain information spanning a minimum of two decades in the latest credential file. 

Researchers stated that, in essence, the RockYou2024 leak contains a compilation of passwords that are used by people around the world. They also stated that, according to the researchers, the number of passwords used by threat actors is very large, which translates into a substantial risk of credential-stuffing attacks. There are several ways in which credential stuffing and brute force attacks can be mounted on passwords that have been leaked in such datasets. In credential stuffing attacks, the criminal acts by which they use passwords that have been stolen from one device or account to gain access to another device or account are described as the practice of the criminals. 

There is a premise at the foundation of this attack that users often have a single password for all of their accounts and devices, which allows criminals to access their account information, including other accounts or all their accounts, using that password. It is a process of using trial and error methods to try and guess sign-in information, passwords, and encryption keys for network systems. This is called a brute force attack. In a report published by Cybernews, the researchers said the database, which can be used to target all sorts of services, from online to offline, to internet-facing cameras and industrial hardware, is among the data. 

"By combining the data from RockYou2024 with other leaked databases from hacker forums, marketplaces, and other places where electronic mail addresses and other credentials can be published, it has the potential to trigger a cascade of data breaches, identity thefts, and financial frauds," the researchers stated. The multi-platform password manager that Bitdefender offers offers numerous benefits, including automatic password leak alerts that alert you as soon as your passwords and emails have been exposed online, with the ability to change them immediately. 

Users are advised to utilize a digital identity protection service to monitor their online identity and receive real-time alerts about data breaches and leaks involving their online information. One such service, Bitdefender Digital Identity Protection, offers a comprehensive solution for identity protection. Bitdefender Digital Identity Protection enables users to respond immediately to data breaches and privacy threats. 

Through instant alerts, users can take swift action to prevent damage, such as changing passwords with one-click action items. The service provides real-time monitoring by continuously scanning the internet and the dark web for personal information. Users receive alerts whenever their data is involved in a data breach or leak. Additionally, Bitdefender Digital Identity Protection offers peace of mind by immediately flagging suspicious activity and actively monitoring personal information. Users can rest assured that their digital identity is under constant surveillance. 

Furthermore, the service provides a 360° view of all data associated with a user’s digital footprint. This includes traces from services no longer in use but still retaining the user’s data. Users can also send requests for data removal from service providers, ensuring a more secure online presence. Overall, Bitdefender Digital Identity Protection is recommended for users seeking to safeguard their online identity and stay informed about potential security threats in real-time.
Read more »
password strength
Cyber Security Dangers of default password data security Kaspersky online account security Password Password Crackers password strength

The Speed and Efficiency of Modern Password-Cracking Techniques

 

With minimal expense and a bit of time, passwords can be cracked much faster than expected using a smart brute-force guessing algorithm. A recent analysis by Kaspersky revealed that 59% of 193 million real passwords were cracked in under an hour, with 45% broken in less than a minute. 

However, as explained by Antonov from Kaspersky, "smart guessing algorithms are trained on a data set of passwords to determine the frequency of various character combinations, starting with the most common and working down to the rarest." Although brute-force attacks are popular due to their straightforward approach, they are not the most efficient method for password cracking. Most commonly used passwords contain predictable patterns like dates, names, dictionary words, and keyboard sequences. Incorporating these patterns into the algorithm speeds up the cracking process significantly. 

The Kaspersky study demonstrated the advantage of combining brute-force and smart-guessing techniques. Pure brute force cracked 10% of passwords in under a minute, but this success rate jumped to 45% with the addition of smart-guessing. For passwords cracked between one minute and one hour, the success rate increased from 20% to 59%. Humans are generally not good at creating secure passwords because the choices are rarely random. We tend to use familiar elements that smart-guessing algorithms can easily identify: common names, important dates, and recognizable patterns. 

For example, a YouTube channel asked over 200,000 people to pick a 'random' number between 1 and 100, and most chose from a small set of numbers like 7, 37, 42, 69, 73, and 77. Even when attempting to create random character strings, people often stick to the center of the keyboard. This analysis underscores the importance of creating stronger, less predictable passwords. Using a combination of upper and lower case letters, numbers, and special characters can help enhance password security. 

Additionally, implementing multi-factor authentication (MFA) adds an extra layer of protection, making unauthorized access much more challenging. Regularly updating passwords and avoiding reuse of old ones are also essential practices for safeguarding accounts from being easily compromised. Employing password managers can also aid in generating and storing complex passwords, reducing the reliance on human memory and, thus, the use of predictable patterns. 

As cyber threats continue to evolve, staying informed about the latest security practices and adopting proactive measures will be crucial in defending against sophisticated password-cracking techniques.
Read more »
Password Security
Cyber Hacking Cyber Security data security Hacker attack Password Password Hacking Password Security

The Race Against Time: How Long Does It Take to Crack Your Password in 2024?

In the ever-evolving landscape of cybersecurity, the battle between hackers and defenders rages on. One of the fundamental elements of this battle is the strength of passwords. As technology advances, so too do the methods and tools available to hackers to crack passwords. 

In 2024, the time it takes to crack a password depends on various factors, including its length, complexity, and the resources available to the hacker. Gone are the days when a simple six-character password could provide adequate protection. With the increasing computational power of modern machines and the prevalence of sophisticated hacking techniques, such passwords can be cracked in mere seconds. In 2024, the gold standard for password security lies in lengthy, complex combinations of letters, numbers, and symbols. 

So, how long does it take for a hacker to crack a password in 2024? The answer is not straightforward. It depends on the strength of the password and the methods employed by the hacker. For instance, a short, simple password consisting of only lowercase letters can be cracked almost instantly using a brute-force attack, where the hacker systematically tries every possible combination until the correct one is found.  

However, longer and more complex passwords present a significantly greater challenge. In 2024, state-of-the-art hacking tools utilize advanced algorithms and techniques such as dictionary attacks, where common words and phrases are systematically tested, and rainbow tables, which are precomputed tables used to crack password hashes. These methods can significantly reduce the time it takes to crack a password, but they are still thwarted by sufficiently strong passwords. 

The concept of password entropy plays a crucial role in determining its strength against cracking attempts. Password entropy measures the randomness or unpredictability of a password. A password with high entropy is more resistant to cracking because it is less susceptible to brute-force and dictionary attacks. In 2024, experts recommend using passwords with high entropy, achieved through a combination of length, complexity, and randomness. 

To put things into perspective, let's consider an example. A randomly generated 12-character password consisting of uppercase and lowercase letters, numbers, and symbols has an extremely high entropy. Even with the most advanced cracking techniques available in 2024, it could take billions or even trillions of years to crack such a password using brute-force methods. 

However, the human factor remains a significant vulnerability in password security. Despite the availability of password managers and education on password best practices, many people still choose weak passwords or reuse them across multiple accounts. This behavior provides hackers with ample opportunities to exploit security vulnerabilities and gain unauthorized access to sensitive information. 

The time it takes for a hacker to crack a password in 2024 varies depending on factors such as password strength, hacking techniques, and computational resources. While advances in technology have empowered hackers with increasingly sophisticated tools, the key to effective password security lies in employing strong, unique passwords with high entropy. By staying vigilant and adopting best practices, individuals and organizations can fortify their defenses against malicious cyber threats in the digital age.

Read more »
Password Security
Credential Cyber Security CyberCrime Information Security Password Password Management Password Security

Strengthening Password Security: Addressing Misconceptions and Best Practices

 

According to recent research by the Institution of Engineering and Technology (IET), conducted to mark World Password Day, only one in five people in the UK can correctly identify a secure password over a risky one. This alarming statistic underscores the widespread lack of awareness and understanding when it comes to password security among the public. 

The study revealed that despite expressing concern about the possibility of being hacked in the future, a significant portion of the population continues to engage in risky password practices. For example, 20% of respondents admitted to using the same password for multiple websites and devices, a practice strongly discouraged by cybersecurity experts. 

Additionally, many individuals rely on easily guessable passwords, such as pet names or significant dates, further compromising their online security. Despite the prevailing fear of cyber threats, there exists a notable discrepancy between public perception and best practices in password security. While 84% of respondents believe that hackers are becoming more inventive, many still hold misconceptions about what constitutes a secure password. 

For instance, a significant portion of the population mistakenly believes that replacing letters with numbers in passwords enhances security, when in reality, this practice does little to deter sophisticated cyberattacks. Dr. Junade Ali, a cybersecurity expert and IET fellow, highlighted the critical importance of strong passwords in today's digital landscape. Weak and predictable passwords serve as easy targets for cybercriminals, who employ various tactics, including credential stuffing, to gain unauthorized access to multiple accounts. Credential stuffing exploits the common practice of using the same password across multiple platforms, allowing hackers to compromise multiple accounts with minimal effort. 

To address these vulnerabilities, the IET has issued recommendations aimed at improving password security awareness and practices. Among these recommendations is the suggestion to create randomly generated, long, and unique passwords for each website or online service. Longer passwords are generally more resistant to brute-force attacks and provide an added layer of security against unauthorized access.  

Additionally, the use of a reputable password manager is encouraged to securely store and manage passwords across various platforms. Password managers not only simplify the process of generating and storing complex passwords but also provide alerts in the event of a data breach, allowing users to take immediate action to protect their accounts. 

By following these guidelines and adopting strong password security practices, individuals can significantly enhance their defenses against cyber threats and safeguard their sensitive information online. As cyberattacks continue to evolve in sophistication, proactive measures to strengthen password security are essential in mitigating the risk of unauthorized access and data breaches.
Read more »
Roku
2FA Credential Stuffing Data Breach Password Roku

Roku Security Breach Exposes Over 500,000 User Accounts to Cyber Threats

 


In a recent set of events, streaming giant Roku has disclosed an eminent security breach affecting over half a million user accounts. Following a recent data breach, Roku has uncovered additional compromised accounts, totaling approximately 576,000 users affected by the breach.

Security Breach Details

Last month, Roku announced that around 15,000 customers might have had their sensitive information, including usernames, passwords, and credit card details, stolen by hackers. These stolen credentials were then utilised to gain unauthorised access to other streaming platforms and even to purchase streaming gear from Roku's website. Subsequently, the compromised Roku accounts were sold on the dark web for a mere $0.50 each.

Method of Attack

The hackers employed a tactic known as "credential stuffing" to gain access to the jeopardised accounts. This method relies on using stolen usernames and passwords from other data breaches to gain unauthorised access to various accounts. It highlights the importance of avoiding password reuse across different platforms, no matter how convenient the idea of having one go-to password may seem. 

Proactive Measures by Roku

Roku took proactive steps in response to the security incidents. While investigating the initial breach, the company discovered a second similar incident affecting over 500,000 additional accounts. Roku clarified that there's no evidence indicating that their systems were directly laid on the line. Instead, the hackers likely obtained the credentials from external sources, such as previous data breaches or leaks.

Protecting Your Roku Account

To safeguard users' accounts, Roku has implemented several measures. Firstly, the company has reset the passwords for all affected accounts and initiated direct notifications to affected customers. Additionally, Roku is refunding or reversing any unauthorised charges made by hackers. Furthermore, two-factor authentication (2FA) has been enabled for all Roku accounts, adding an extra layer of security.

User Precautions

Despite Roku's efforts, users are advised to take additional precautions. It's crucial to use strong, unique passwords for each online account, including Roku. Password managers can assist in generating and securely storing complex passwords. Additionally, users should remain watchful for any suspicious activity on their accounts and monitor their bank statements closely.

As Roku continues its investigations, users are urged to stay cautious online. There's a possibility of hackers attempting targeted phishing attacks using stolen information. Therefore, users should exercise caution when interacting with emails purportedly from Roku and verify the authenticity of any communication from the company.

The recent security breaches bear down on the critical need for strong cybersecurity practices by both companies and users. While Roku has taken considerable steps to address the issue, users must remain proactive in protecting their accounts from potential threats. Stay informed and take necessary precautions to safeguard your online ecosystem. 

Read more »
SurveyLama
Data Breach Emails Online Security Password Personal Data SurveyLama

SurveyLama Data Breach Exposes Millions of Users' Information

 



A major data breach has impacted the online survey platform SurveyLama, putting the sensitive data of over four million individuals at risk. The breach, which occurred in February of this year, was confirmed by the company to Troy Hunt, the creator of the well-known website Have I Been Pwned?, which tracks email addresses exposed in data breaches.

What Happened:

Unknown attackers gained unauthorised access to SurveyLama's database, compromising users' names, dates of birth, email addresses, IP addresses, passwords, phone numbers, and postal addresses. This breach leaves users vulnerable to identity theft and phishing scams.

Implications for Users:

SurveyLama rewards its users for completing surveys, making them potential targets for phishing emails. While passwords were stored in encrypted forms (salted SHA-1, bcrypt, and argon2 hashes), some could still be susceptible to brute-force attacks, especially those hashed with SHA-1, which has known vulnerabilities. Users are strongly advised to update their passwords immediately as a precautionary measure.

Protective Measures:

SurveyLama has reportedly notified affected users via email about the breach. However, users should remain cautious of any suspicious emails, particularly those promising rewards in exchange for quick action. Although the stolen information has not yet been publicly posted or sold on the dark web, proactive steps should be taken to secure accounts.

Expert Insight:

Troy Hunt, upon receiving information about the breach, independently verified the data's authenticity. SurveyLama confirmed the security incident and assured users that passwords were stored in encrypted forms. Nonetheless, users are encouraged to reset their passwords not only on SurveyLama but also on other platforms where similar credentials may have been used.

While SurveyLama has taken steps to address the breach and notify affected users, the potential risks remain significant. The possibility of the stolen data being exploited privately or leaked to cybercriminals underscores the importance of immediate action by users to safeguard their personal information.

All in all, the SurveyLama data breach serves as a reminder of the ever-present threats to online security and the importance of vigilance in protecting personal data. Users must stay informed, remain cautious of suspicious activities, and take proactive measures to enhance their online security posture.


Read more »
Subscribe to: Posts (Atom)