Password News, Articles and Updates

URL file attacks spread Quant Loader trojan

A recent spate of attacks using phishing, social engineering, exploits, and obfuscation are being used to spread a Quant Loader trojan capable of distributing ransomware and password stealers.

Would you like productivity, or security?

When engineers work on a new invention, they focus on "getting it to work". This imperative precedes the need to "make it safe".

Credential stuffing suspected: 150 National Lottery accounts compromised

As many as 150 player accounts registered with the UK's National Lottery were compromised, accessed and potentially viewed by an unauthorised party, according to an online statement from Camelot.

Millennial habits may bring an end to the password era

Millennials use passwords less than others and as they come to dominate the workforce, their online authentication habits impact the way employers and technology companies provide access to devices and applications.

Biometrics as additional access route weaker than password-only protection

A society where identity authentication is allowed without users' volition would be a society where democracy is dead. The password as memorised secret is absolutely necessary says Hitoshi Kokumai.

Post-it with password spotted in online photo of Hawaii Agency HQ

The Hawaii Emergency Management Agency has had a lot of explaining to do after an employee pushed the wrong button during a test and pushed out an alert warning residents that a ballistic missile was headed their way.

Intel AMT security issue lets attackers bypass laptop login credentials

Insecure defaults in Intel AMT allow an intruder to completely bypass user and BIOS passwords and TPM and Bitlocker PINs to backdoor almost any corporate laptop in a matter of seconds.

No one is safe: How to stem the global breach epidemic

It's vital that multi-factor authentication systems become the industry standard for securing both customer and internal IT accounts. By replacing the outdated password-username combination, most hackers are outfoxed.

Countdown to PSD2: Kill passwords to stay alive

Adopt dynamic authentication of customers for each interaction they perform, and do it as seamless and frictionless as possible: use the mobile devices we all carry. Too much is at stake to rely on shared secrets' as safeguards.

P455W0rDS: How secure is yours and is it time to retire it?

Relying on usernames and passwords to authenticate user identity is irresponsible. If one of your tweaked passwords is lost or stolen, you should throw all versions of it away as hackers know that people tweak passwords.

Nadine Dorries under scrutiny for comments about password sharing

Nadine Dorries, a Conservative MP, has come under fire for her lax approach to security, sharing her password with her staff, as she sought to describe this behaviour as typical in Westminster when trying to defend MP Damian Green.

Is it time to rethink the password?

The password on its own is not enough to protect an organisation's data, even if you follow best practice says Kevin Timms, adding passwords that are easily entered and remembered are inherently weak and easily compromised.

Social Media - the privileged account no one talks about

Companies seem to be slow to realise that their Twitter, Facebook or LinkedIn accounts and passwords require exactly the same protection as any of their high-risk or high-value internal systems says Jackson Shaw.

Artificial intelligence can fool Captcha security more than half the time

Scientists use vision algorithms to sidestep security systems and machine-read CAPTCHA security words like a human.

Password reuse results in Coinhive DNS Server used to mine Monero

Password reuse resulted in an unknown hacker taking over Coinhive's DNS server and replacing it with a JavaScript in-browserMonero cryptominer.

Iran is being blamed for a cyber-attack against Parliamentary emails

The 23 June 12-hour brute force hack-attack against 9,000 parliamentary email accounts, including minsters and the PM, is now being blamed on Iran.

Hackers target business emails with Netflix scam

Netflix scam steals customers' credit card data, and puts businesses at risk where employees re-use passwords.

'Killing the password' is 'killing democracy'. Don't let it happen.

A society where login without users' volition is allowed would be a society where democracy is dead says Hitoshi Kokumai

Inherent security flaws of single-sign-ons; 2FA without passwords urged

Raz Rafaeli suggests perhaps it's time to rethink authentication altogether, and eliminate password-based "something you know," the Achilles' heel of authentication. That leaves "something you have" and "something you are."

320 m compromised passwords hashes cracked by research 'cracktivists'

CynoSure Prime reports that it has cracked the hashes of virtually all 320 million passwords which security researcher Troy Hunt had put on his 'HaveIBeenPwned' website by early August.

Five steps to avoid the password reset storm - deploying self-service key

Radha Krishnan provides five steps to avoid the post-holiday password reset storm,and advises deploying user self service options where possible.

You can't even trust your Sysadmins to use complex passwords

The majority of sysadmins - 86 percent - use only the most basic username and password authentication to access and protect their main business account on-site.

Brute force attack on Scottish Parliament's email system

Yesterday members of the Scottish Parliament in Holyrood were notified that hackers were trying to crack their email passwords and they were advised to update their passwords.

Insecure IoT devices to be prohibited, US Federal purchases restricted

The US Congress has introduced a bill which aims to prohibit sale of Internet of Things (IoT) devices to the government if they can't be patched or have their password changed.

[updated] UK Parliament records "unauthorised attempts" to access MP accounts

Following the theft and attempted sale of login details believed to belong to MPs, peers and parliamentary staff, Parliament has confirmed it has seen "unauthorised attempts" to access "less than one percent" of those accounts.

ICYMI: Spam leak; password loss; Privacy Shield; hospital hit; app in iframe

In Case You Missed It: Spammer breached; Yahoo/gmail passwords; Privacy Shield concern; malware shuts hospital; 132 apps in iframe malware.

Postscript printers open to password theft through 32-year-old flaw

32-year-old flaws in popular makes of multi-function printers could allow attackers to steal passwords, shut down printers and even cause physical damage.

Wi-Fi can imprint passwords and PINs onto radio signals

Researchers from a collection of universities in China and the US have apparently created a method of discovering passwords by looking for the interference that body movement makes in WiFi signals.

Poor password and username management leaves many home routers vulnerable

About 15 percent of all home routers are unsecure, according to a study recently released by ESET.

As Amazon uncovers login credential list online, does controversial GCHQ password advice still stand?

The unveiling of a new surprise from Amazon may tell us surprising new things about the continuing usefulness of passwords, so does GCHQ's landmark advice still stand?