passwords Archives - IT Security Guru

Fortune 500 Company Names Found in Compromised Password Data

Guru Writer — Thu, 23 Mar 2023 09:35:04 +0000

New research released by Specops Software outlines the most common Fortune 500 company names that show up in compromised password data. The Specops research team analysed an 800 million password subset of the larger Breached Password Protection database to obtain these results. Among the top ten, popular household names like Coca-Cola (16,710 appearances), Starbucks (3,800 appearances) and McDonald’s (2,270 times) appear.

The most common Fortune 500 company to have been found among passwords in the subset was Williams, relating to Shermin Williams and/or Williams Sonoma. “Williams” appears over 72,000 times. The full list, which also includes Microsoft and Bank of America, can be found here.

The research focuses on Fortune 500 company names with more than 8 letters. Short company names naturally have more matches due to the short string of letters matching other words (e.g. while “GE” is a Fortune 500 company, looking for “ge” in compromised password data would match many unrelated phrases).

It is important to note that, despite the companies showing up in these lists, this in no way indicates that they’ve suffered a breach or that their specific passwords have been leaked.

Darren James, Senior Product Manager at Specops Software, explained the results further: “There are many reasons a company name can show up in a compromised password. Whether it’s because the company name overlaps with another word or a consumer is a big fan, the fact remains that these names are showing up within passwords on wordlists attackers are using to attack networks. Organisations would always be smart to block the use of their own organisation name in their users’ passwords with a custom dictionary.”

This research comes shortly after the release of the Specops annual Weak Password Report, which found that ‘password’ is still the most common term used by hackers to breach enterprise networks.

The post Fortune 500 Company Names Found in Compromised Password Data appeared first on IT Security Guru.

One Identity Safeguard now offers free Personal Password Vault

Beth Smith — Wed, 10 Jun 2020 15:40:25 +0000

One Identity has recently introduced a new feature within One Identity Safeguard for Privileged Passwords 6.6, which manages and secures the use of corporate personal passwords to access corporate third-party accounts. Corporate users can store their passwords for online accounts to services within a new Personal Password Vault. By leveraging the feature – which is free for all users at Safeguard licensed companies – organisations can ensure proper control over, as well as policy adherence of personal password use for corporate accounts.

Employees manage their own passwords used to access a variety of online services needed to do their jobs. As an example, they access third-party travel services, order supplies, or leverage SaaS products to create materials or manage workflows. They often are not federated with the company access management system and do not adhere to best practices or corporate policy with regard to the security and maintenance of those passwords. The Safeguard Personal Password Vault addresses these potential vulnerabilities.

“Privileged accounts mean much more than access to the foundational systems for enterprise IT; they can mean the accounts used to procure materials, be productive, and even book travel,” said Darrell Long, vice president for product management at One Identity. “Managing personal passwords used to access these services is a critical part of an organisation’s security and compliance strategy. We innovated the new Safeguard Personal Password Vault to provide a convenient way to securely store and manage those passwords – across all employees in the organisation.”

Administrators can now audit compliance activity to passwords stored in the vaults. Users can be reminded to change passwords according to organisation policy; and password vault functionality enables users to create new randomised passwords. Access to specific passwords can be granted to other users, in case the primary user is out of the office, and password vault access can be deprovisioned as necessary.

The new feature is available immediately, and the basic service is free for all employees of Safeguard customers. For more information on One Identity Safeguard for Privileged Passwords, visit the One Identity website.

The post One Identity Safeguard now offers free Personal Password Vault appeared first on IT Security Guru.

Iran Responsible for Parliament Cyber-Attack

The Gurus — Tue, 17 Oct 2017 09:45:58 +0000

It has emerged that Iran was behind the cyber attack on the UK Parliament in June this year; the attack attempted to break account holders’ passwords. It is unclear as to why, or what hackers where after.
Read Full Story
ORIGINAL SOURCE: Information Security Magazine

The post Iran Responsible for Parliament Cyber-Attack appeared first on IT Security Guru.

'Very weak' passwords put NHS hospitals at hacking risk

The Gurus — Thu, 17 Aug 2017 09:28:30 +0000

NHS hospitals are at risk of further devastating cyber attacks because staff are using “very weak” passwords, a new report reveals. Health chiefs warned that one in four official user accounts granting access to sensitive patient data and vital systems are inadequately protected, while many organisations are failing to update their security software. Around 10 per cent of administrator accounts, used by those who oversee IT systems, were also using weak passwords.The private industry briefing by NHS Digital has emerged three months after the global WannaCry attack, which pitched the health service into chaos.
View Full Story
ORIGINAL SOURCE: The Telegraph

The post 'Very weak' passwords put NHS hospitals at hacking risk appeared first on IT Security Guru.

Passwords have finally evolved into something hackers will hate

The Gurus — Wed, 05 Apr 2017 08:49:07 +0000

The use of patterns or shapes in place of passwords is set to displace the hacker’s favourite – the old-fashioned vulnerable fixed ID code which can so easily be captured and re-used – according to the two British inventors behind Shayype^TM.

Shayype is many times more secure than passwords, gives users new hacker-resistant login codes every time, yet is far easier to recall and use than passwords.

Already one UK firm – leading insurance quotation site 3XD – has announced plans to trial Shayype as soon as possible to protect customers and its own website from hacking. CEO David Fulluck said: “Urgent action is required across the financial technology sector in the wake of the alarming number of hacks and data breaches currently happening. But until now, the big question has been – how? What’s so interesting about Shayype is that it takes vulnerable static passwords out of the equation completely, but is easier to use.”

Another businessman, Alan Bentley, managing director of Peterborough-based IPM Global Mobility added: “”I have long been concerned about protecting IPM’s systems from Cyber-attack. I am also concerned that many IT specialists have taken a laisse faire attitude that however you try to protect your systems from attack it remains a question of when, not if.”

Now electronics engineer Jon Beal and journalist Jonathan Craymer who came up with the new system aim to launch a crowdfunding campaign to support vital usability testing on thousands of people.

Mr Craymer said: “Arguably cyber-crime is the biggest fixable threat the world faces right now. Anything connected to the rest of the world can be hacked so easily, simply because fixed passwords or ID codes are still the attackers’ favourite way in. The answer is to change the code you enter every time, without increasing complexity or forcing people to carry devices.

“We’re hoping we’ve managed to do something the tech giants failed to do – find a simple replacement for passwords, PINs, door-codes etc. But Shayype is far more than this. We hope it will give back ordinary people the control they deserve over identity, privacy and help to re-build trust in the online world.”

The post Passwords have finally evolved into something hackers will hate appeared first on IT Security Guru.

North Korea Hacked Into Emails of Seoul Officials: Report

The Gurus — Mon, 01 Aug 2016 10:09:19 +0000

Investigations showed 56 people — including officials at the foreign, defense and unification ministries — had their email passwords stolen by a “North Korea-operated group” from January to June, Yonhap said, citing the Supreme Prosecutors’ Office.
The prosecutors’ office could not be reached for comment by AFP.
Yonhap said the hackers set up 27 phishing sites using a free web-hosting server in January and posed as portal sites run by the foreign ministry, universities and defense-related companies to steal the passwords.
An investigation is still ongoing to see if any confidential information may have been leaked.
The latest cyber attack comes just days after South Korean police said the North stole the personal data of over 10 million customers at South Korean online shopping mall Interpark.

Original Source: SecurityWeek
View the full here.

The post North Korea Hacked Into Emails of Seoul Officials: Report appeared first on IT Security Guru.

Adopting a User-Centric Approach to Protect Sensitive Data

The Gurus — Mon, 20 Jun 2016 08:43:34 +0000

The world has changed. With more users accessing data outside the corporate firewall and from mobile devices, businesses can now allow for more flexible work environments. But this increased access has also brought an upsurge in the risk of data breaches and threats from hackers.
Recent high-profile breaches have heightened overall market awareness of security, not just within the CSO community, but among CEOs and boards of directors as well.
Protecting the sensitive data within an organisation’s work systems is no longer just about building an impenetrable network perimeter; it is also about securing users against phishing and social engineering attacks and data breaches, and protecting data in cloud applications and on mobile devices. This requires a contextual, risk-based approach based on user identity, historical patterns of behaviours, and the request itself.
Identity is the new boundary
Before cloud, organisations secured their data within virtual network perimeters protected by firewalls, data loss prevention systems, virtual private networks (VPNs) and intrusion detection/prevention systems. However, as enterprises make the transition towards the cloud, and with IT no longer controlling every application or device that accesses corporate data, managing access is becoming increasingly challenging.
The network perimeter is now a field of constantly changing variables, context and policy, defined by each user, and more specifically, by their identity. It’s up to each organisation to protect those identities in a user-centric way, regardless of the user’s location or the device they are using.
As a result, rather than just focusing on devices and infrastructure, organisations like Gatwick Airport and Peterborough City Council are concentrating on the user. By using contextual data about users, devices, and patterns of behaviour, they can more accurately detect unauthorised attempts to access corporate information, and better mitigate the risk of a security breach.
Passwords are becoming a thing of the past
According to Okta’s latest Businesses @ Work Report, organisations use anywhere between 10 and 16 apps – an increase of about 20 percent in just one year. Because most people use dozens of applications, there’s a natural tendency to reuse passwords across all personal and professional channels, or leave them written on pieces of paper for all to see. “Password fatigue” inherently makes every application less secure, so a stolen Financial Times password might compromise a user’s Salesforce.com or Active Directory account. It also means that users themselves have become a potential threat to organisations’ data security. In fact, according to IBM, insiders are responsible for more than half of data breaches worldwide.
In response, in order to protect themselves against the range of attacks that rely on stealing user credentials, many organisations are adopting multi-factor authentication (MFA). MFA improves security by using single-use, expiring token to exchange authentication and authorisation data between a trusted identity provider and an application. It involves the use of two or more different types of authentication — such as a password plus a temporary key which is sent to a user’s phone, dongle, email address, or app — to secure corporate data and avoid highly targeted social engineering attacks, such as phishing or pretexting. That way, businesses can ensure the right people have the right access to sensitive information, and reduce the risk of unauthorised access.
While traditional forms of MFA have depended on cumbersome hard tokens or easily discoverable security questions, a new generation of MFA technology now enables IT and security teams to take a user-centric approach to application security. Okta’s data reveals that businesses are moving away from the traditional security questions — such as “What’s your mother’s maiden name?” or “What was the name of your first pet?”— as a second form of verification, and choosing more modern forms of MFA to secure their environments, like push authentication, which enables users to verify their identity with a single tap on their mobile device without the need to type a code.
Protecting data with automated provisioning
Organisations around the world have suffered consequences when they don’t properly manage user identities. In addition to MFA, more and more businesses are implementing solutions that provide a simple way for them to protect sensitive information, by giving IT more control over the different applications, access points and user types that will be connected to its cloud systems.
In order to ensure that users have the right amount of access, and that access is given and taken away at the right time, organisations are managing access with single sign-on (SSO) and provisioning. Provisioning enables IT to make real-time updates as employees and contractors come and go, and gives them visibility into users’ behaviour to detect when something is not right. With automated deprovisioning tools, the IT team can deactivate a corporate identity across all enterprise resources within seconds, so that once an employee or freelancer has left the company, crucial data cannot leave with them.
Staying in control of the network
With almost any technology at their fingertips, employees will use whatever they need to get their work done — even if that means using tools or practices that could unintentionally create a security risk for the organisation through a simple error. Therefore, the real security issue that businesses need to address is not how secure the cloud is, but rather how to improve visibility and control across on-prem and cloud systems, while also enabling the business to grow through simplifying user access to cloud and mobile technology.
In order to quickly reduce concerns over visibility of users, devices and applications, organisations must adapt to the ever-changing environment. By implementing a user-centric security strategy based on identity, they can empower users to access any application they need, easily and securely.

The post Adopting a User-Centric Approach to Protect Sensitive Data appeared first on IT Security Guru.

50 million iMesh records up for sale on dark web

The Gurus — Wed, 15 Jun 2016 11:57:33 +0000

iMesh, a now defunct service that was once one of the biggest P2P sites in the US, reportedly suffered a data breach in 2013 which has now led to a huge database of 51 million users’ credentials going for sale on the dark web. This is the latest in a string of huge databases coming up online, after the recent breach at MySpace and LinkedIn led to tens of millions of users’ info being loaded onto the dark web.
The hacker behind this leak, Peace, has set an asking price of just half a bitcoin, which converts to roughly £245 ($350). Such a low price is surprising at first, however starts to make sense with a little closer analysis.
Javvad Malik, Security Advocate at AlienVault, told us that the low price would primarily be due to the face that“iMesh is now defunct, so the value is only in seeing if users have reused the passwords elsewhere. The other factors would boil down to market pressures. There are other big breaches out there so in order to sell, it needs to be priced competitively.”
Itsik Mantin, Director of Security Research at Imperva, added that it was likely the data had been aggregated from various sources and that with such a large trove of data, you can expect brute force attacks to become a lot easier and a lot more frequent. He added that “to prevent brute force attacks security officers should not only rely on password policies, but should also take specific detection measures like rate limiting login attempts, detecting login attempts from automated browsers, being cautious about logins from unexpected countries and anonymous sources and comparing login data to popular passwords and stolen credentials.”
It seems again that the all too common malpractice of using the same password for different online services is what the hackers are gambling on to make their hacking attempts worthwhile. Lamar Bailey, Senior Director of Security R&D at Tripwire, advised users to “create strong unique passwords for each site they visit and that is harder than it sounds given the sheer number of sites people visit every day. The best way to accomplish this is to use a password generator and vault to keep track of your passwords. Many of the products have very minimal costs and they will remind you to change passwords and alert you of breaches to sites you access.”
So it’s another big breach in the news, will we ever learn? The issue is that so much data has been left online by web users, giving hackers reams of intelligence to work off should they decide to target you. Lisa Baergen, Director of NuData Security, explained to us why this matters:
“While it’s good practise to change your usernames and passwords often, victims of a breach need to understand that every single piece of identifiable information exposed is important. Credentials from various breaches are sold in packages on the dark web used, and used to build a “Fullz”, or full online identify profile. These full profiles are sold for higher value than just pieces, because the more complete the information, the more fraud can (and likely will) take place.
“For example, if I’m a hacker and gain access to geographical data on John Smith from breach one e.g. LinkedIn, and bank account information from breach two, I can fill out a loan application or apply for a new credit card as John regularly would. OR more frighteningly, gain access to your work credentials, where the damage could be colossal.
“Where credit card fraud was all the rage a couple years ago, it is this kind of account takeover and new account fraud that is on the painful and dramatic rise. We saw in our own database of nearing 81 billions of behavioural events annually, a 10% month-over-month increase in new account fraud.”

The post 50 million iMesh records up for sale on dark web appeared first on IT Security Guru.

Cluster of “megabreaches” compromises a whopping 642 million passwords

The Gurus — Wed, 01 Jun 2016 10:59:11 +0000

Less than two weeks after more than 177 million LinkedIn user passwords surfaced, security researchers have discovered three more breaches involving MySpace, Tumblr, and dating website Fling that all told bring the total number of compromised accounts to more than 642 million.
“Any one of these 4 I’m going to talk about on their own would be notable, but to see a cluster of them appear together is quite intriguing,” security researcher Troy Hunt observed on Monday. The cluster involves breaches known to have happened to Fling in 2011, to LinkedIn in 2012, and to Tumblr 2013. It’s still not clear when the MySpace hack took place, but Hunt, operator of the Have I been pwned? breach notification service, said it surely happened sometime after 2007 and before 2012.

Original Source: Ars Technica
VIew the full story here.

The post Cluster of “megabreaches” compromises a whopping 642 million passwords appeared first on IT Security Guru.

65 million Tumblr users’ email addresses, passwords sold on dark web

The Gurus — Tue, 31 May 2016 11:11:02 +0000

Email addresses and hashed and salted passwords of 65 million Tumblr users are being sold online by “peace_of_mind,” aka “Peace”, the individual that recently offered for sale LinkedIn users’ data dating back to a 2012 breach.
The account credentials stolen from Tumblr are also old – according to researcher Troy Hunt, they were stolen in the site’s February 2013 breach.
Tumblr warned about it earlier this month, but neglected to tell how many users are affected.

Original Source: Help Net Security
View the full story here

The post 65 million Tumblr users’ email addresses, passwords sold on dark web appeared first on IT Security Guru.