Research, news and updates on threats and cybersecurity
National Institute of Standards and Technology (NIST) has been substantially revising its password guidelines since 2017. Previous recommendations have been changed, including combining symbols, letters, and numeric to create complex passwords; changing passwords frequently; or requiring users to generate passwords of a specified length. The changes address findings from NIST related to the human factors that cause users to create …
Password audits have become more difficult. New data breaches expose credentials every day. These are quickly fed into hackers’ cracking dictionaries, changing which passwords you need to keep out. Verizon’s DBIR found 81% of data breaches were caused by compromised, weak, and reused passwords. Traditional algorithmic complexity rules are no longer considered a key factor in password strength. NIST password …
Today is World Password Day and despite proclamations that passwords are going the way of the Dodo, they are still a fundamental part of our digital lives. However, they remain a weak link in our approach to cybersecurity and it’s time for us all to rethink how we create and use passwords to protect our identities from cybercriminals. So, we …
Today is World Password Day and organizations are unfortunately still reliant on archaic password strategies that put the onus on users to create and remember numerous complex and constantly changing password strings. It’s no wonder that this approach is an abject failure. Enterprises need to take steps to address the password problem and ensure that only strong, unique and uncompromised …
Recent research from Enterprise Management Associates (EMA) found that a staggering 60% of organizations have experienced a security breach in the past year. Digging into the details, the leading source of breaches (24.4%) was once again due to compromised user passwords. The findings also highlighted that a further 16.1% of breaches were down to a user sharing credentials with an …
The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements aimed at ensuring sensitive data is protected, privacy is maintained, and networking systems are robust enough to withstand cyber-attacks. PCI standards aren’t specific to any one country or organization, but rather function as a global set of standards that everyone can adhere to. As with almost …
As we rapidly move everything online in response to the global pandemic, this has put passwords front and center again. With the latest Marriott breach, it’s like groundhog day when it comes to passwords with both organizations and users failing to take the necessary measures to step up their password hygiene. Passwords remain a weak link and are the source …
A recent survey found that pandemic-related fraud is top of mind for consumers, with 52 percent of respondents saying they’re more worried about being victimized by a scam than normal. Thirty-two percent believe they have already been targeted by some form of attack, and 44 percent have noticed an uptick in calls, texts and emails from unknown numbers and sources. …
As the world struggles to navigate the coronavirus new normal there is one community eager to take advantage of this crisis: hackers. As Enzoic’s COO, Josh Horwitz, put it in a recent article for Electronic Health Reporter, “With scams ranging the gamut from a coronavirus tracker that installs malware onto visitors’ devices to takeover of teleconferencing software to fraudulent company …
Earlier today, news broke that unknown activists have posted nearly 25,000 credentials belonging to the National Institutes of Health, the World Health Organization, the Gates Foundation and other organizations engaged in the fight against the coronavirus pandemic. According to Souad Mekhennet and Craig Timberg at the Washington Post, “The lists, whose origins are unclear, appear to have first been posted …
