How did the crooks get in given that the needed access credentials of 4 developers at LastPass were locked up in a secure password vault to which only four developers had access?” Access to the vault password] was accomplished by targeting the DevOps engineer’s home computer and exploiting a vulnerable third-party media software package, which […]
The hacker copied information from backup that contained basic customer account information and related metadata, including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service. The threat actor was also able to copy a backup of customer vault data from the encrypted […]
The American crypto exchange Gemini has leaked the private data of 5.3 million users, which has subsequently been used for targeted phishing attacks. It concerns e-mail addresses and partial telephone numbers. According to Gemini, the data was stolen from an unnamed “third-party” supplier. No further details about the data breach have been provided. Gemini does […]
Online gambling platform DraftKings has been hit by a credential stuffing attack in which attackers managed to break into users’ accounts and steal some $300,000. Credential stuffing uses previously leaked email addresses and passwords to gain automated account access. Attackers check whether they can also log in to website B with credentials stolen from website […]
Analysts see an uptick in token theft from authenticated users, allowing threat actors to bypass MFA protections. Stealing session cookies has become one of the most common ways that attackers circumvent multifactor authentication. For unmanaged devices, they recommend conditional access policies and strong controls.
Creating, remembering and using passwords is tedious, frustrating, time-consuming and not 100% secure, because even the strongest password can be stolen and misused. That is why the Center for Cybersecurity Belgium (CCB) is campaigning from October 2020 to promote better security of accounts. Watch this video here: https://www.youtube.com/watch?v=phLcILslhbQ&feature=emb_logo
To protect accounts related to the US presidential election, Twitter will require a strong password for these accounts. These users are also recommended to set up two-factor authentication. The microblogging service has announced this on its own website. In this way, Twitter wants to protect so-called “high-profile accounts” during the upcoming presidential elections. These include […]
The European Union Agency for Cybersecurity shares its recommendations for improving the security of passwords and authentication methods. If you have questions about Single Sign-On, Password & Multi-factor authentication Management, please check out the EU’s Nr 1 Password Cloud, please call +31 888 SECURE (732873)!
People rarely change their passwords after a data breach of their online service and if they do, the new passwords are often no stronger than the old ones, according to research by researchers at two American universities. 33% of the persons thanged their password on a compromised website had an average of thirty accounts with […]
Europol provides public awareness and prevention by offering a safety guid for the “new normal”after COVID-19.