Hackers Breached Colonial Pipeline Using Compromised Password
An anonymous reader quotes a report from Bloomberg: The hack that took down the largest fuel pipeline in the U.S. and led to shortages across the East Coast was the result of a single compromised password, according to a cybersecurity consultant who.....»»
Passwords under seven characters can be easily cracked
Any password under seven characters can be cracked within a matter of hours, according to Hive Systems. The time it takes to crack passwords increases Due to the widespread use of stronger password hashing algorithms to protect data, the time it take.....»»
UK outlaws awful default passwords on connected devices
The law aims to prevent global-scale botnet attacks. Enlarge (credit: Getty Images) If you build a gadget that connects to the Internet and sell it in the United Kingdom, you can no longer make the default password "pass.....»»
Week in review: Two Cisco ASA zero-days exploited, MITRE breach, GISEC Global 2024
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359) A state-sponsored threat actor has managed to compromise Cis.....»»
How to change your Yahoo password on desktop and mobile
Updating your Yahoo account password is very easy. Here’s instructions on how to do it on a desktop PC or mobile device......»»
Some users are randomly getting locked out of their Apple ID accounts
Overnight, a notable portion of iCloud users were getting logged out of their accounts across all of their devices, and the only way back in was to perform a password reset.Web-based iCloud login pageThe log-outs weren't — or aren't, it's not clear.....»»
Hackers try to exploit WordPress plugin vulnerability that’s as severe as it gets
WP Automatic plugin patched, but release notes don't mention the critical fix. Enlarge (credit: Getty Images) Hackers are assailing websites using a prominent WordPress plugin with millions of attempts to exploit a high-.....»»
Most people still rely on memory or pen and paper for password management
Bitwarden surveyed 2,400 individuals from the US, UK, Australia, France, Germany, and Japan to investigate current user password practices. The survey shows that 25% of respondents globally reuse passwords across 11-20+ accounts, and 36% admit to usi.....»»
CISOs are nervous Gen AI use could lead to more security breaches
Malicious Gen AI use is on top of everyone's mind, as hackers create convincing phishing emails......»»
Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359)
A state-sponsored threat actor has managed to compromise Cisco Adaptive Security Appliances (ASA) used on government networks across the globe and use two zero-day vulnerabilities (CVE-2024-20353, CVE-2024-20359) to install backdoors on them, Cisco T.....»»
Nation-state hackers exploit Cisco firewall 0-days to backdoor government networks
Perimeter devices ought to prevent network hacks. Why are so many devices allowing attacks? Enlarge (credit: Getty Images) Hackers backed by a powerful nation-state have been exploiting two zero-day vulnerabilities in Ci.....»»
Hackers are using developing countries for ransomware practice
Businesses in Africa, Asia, and South America hit before moving on to Western targets. Enlarge (credit: Getty Images) Cyber attackers are experimenting with their latest ransomware on businesses in Africa, Asia, and Sout.....»»
Apple @ Work: Over 52% of workers try to memorize and reuse the same password across multiple apps at work
Apple @ Work is brought to you by Kolide by 1Password, the device trust solution that ensures that if a device isn’t secure, it can’t access your apps. Close the Zero Trust access gap for Okta. Learn more or watch the demo. World Password Da.....»»
Hackers are carrying out ransomware experiments in developing countries
Businesses in Africa, Asia, and South America hit before moving on to western targets. Enlarge (credit: Getty Images) Cyber attackers are experimenting with their latest ransomware on businesses in Africa, Asia and South.....»»
Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028)
For nearly four years and perhaps even longer, Forest Blizzard (aka Fancy Bear, aka APT28) has been using a custom tool that exploits a specific vulnerability in Windows Print Spooler service (CVE-2022-38028). Dubbed GooseEgg, the tool is a launcher.....»»
Hackers infect users of antivirus service that delivered updates over HTTP
eScan AV updates were delivered over HTTP for five years. Enlarge (credit: Getty Images) Hackers abused an antivirus service for five years in order to infect end users with malware. The attack worked because the service.....»»
Windows vulnerability reported by the NSA exploited to install Russian malware
Microsoft didn't disclose the in-the-wild exploits by Kremlin-backed group until now. Enlarge (credit: Getty Images) Kremlin-backed hackers have been exploiting a critical Microsoft vulnerability for four years in attack.....»»
Windows vulnerability reported by the NSA exploited to install Russian backdoor
Microsoft didn't disclose the in-the-wild exploits by Kremlin-backed group until now. Enlarge (credit: Getty Images) Kremlin-backed hackers have been exploiting a critical Microsoft vulnerability for four years in attack.....»»
MITRE breached by nation-state threat actor via Ivanti zero-days
MITRE has been breached by attackers via two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Ivanti’s Connect Secure VPN devices. The attackers have also managed to move laterally and compromise the company network’s VMware i.....»»
Here’s how to protect against iPhone password reset attacks [U]
One of the latest attacks on iPhone sees malicious parties abuse the Apple ID password reset system to inundate users with iOS prompts to take over their accounts. Here’s how you can protect against iPhone password reset attacks (often called “MF.....»»
A key Apple app is rumored to be getting a major upgrade in macOS 15
A comprehensive update is apparently in the pipeline for the Calculator app: here's what could be coming......»»