The password attacks of 2023: Lessons learned and next steps

The relentless onslaught of password-based cyber attacks underscores the alarming ease with which cybercriminals can exploit vulnerable credentials to inflict damage.
Password attacks take many forms: from phishing schemes that dupe employees into handing over their login information, to underground markets where bad actors can sell or purchase stolen credentials.
Either way, having a valid password allows bad actors to do everything from stealing data to taking over critical business systems.
Nearly half of incidents cited in Verizon's 2023 Data Breach Investigations Report involved compromised passwords.
The incident involved the company's own Norton Lifelock Password Manager.
Norton said the incident involved close to a million customers, of whom 6,500 had data compromised.
In late August, the online charity that helps divert reusable goods from landfills sent out an urgent request asking members to change their passwords.
In an online form, a hacker claimed the breach included up to seven million accounts, with details such as user IDs, e-mails and hashed passwords.
The organization said the attack may have begun years ago when a server was exposed, adding that changing credentials was particularly important if members are using the same ones for other services.
How to recover when password security gets compromised.
This means sending clear communication to all employees and customers to immediately change their passwords.
Businesses can simplify this process for their employees through a self-service password reset tool to minimize calls to the helpdesk.
If you haven't already walked through the steps to handling a cybersecurity incident, you'll need to bring the appropriate stakeholders together to develop an action plan.
Effective data breach disclosure needs to be comprehensive and clear, with next-best steps included.
Advise on any recommendations to safeguard information, such as the password reset directive described above.
Defending your business against password attacks isn't a matter of reinventing the wheel.
Employees should be regularly trained in password security and informed about the dangers of using the same passwords across multiple services.
Tools like Specops Password Policy, which continuously scans your Active Directory for compromised passwords, allows businesses to move from reactive to proactive password security.
Passwords provide a key to some of the most valuable information and systems in the world.
Your end-users are reusing passwords - that's a big problem.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 20 Dec 2023 16:20:21 +0000


Cyber News related to The password attacks of 2023: Lessons learned and next steps

7 Lessons Learned From Designing DefCon's Cloud Village CTF - Well-designed CTFs expose individuals and teams to operational challenges, novel attack paths, and creative scenarios that can be later applied in their work both as offensive and defensive security professionals. Not all CTFs are created equal, and ...
11 months ago Darkreading.com
The password attacks of 2023: Lessons learned and next steps - The relentless onslaught of password-based cyber attacks underscores the alarming ease with which cybercriminals can exploit vulnerable credentials to inflict damage. Password attacks take many forms: from phishing schemes that dupe employees into ...
1 year ago Bleepingcomputer.com
Best Password Generators of 2024 to Secure Your Accounts - Overview of best password generators to secure online accounts. We have various password generators to help us protect our accounts and practical barriers to protect our sensitive information. We have compiled this list of the best password ...
6 months ago Cyberdefensemagazine.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
How to Share a Wi-Fi Password: A Step-by-Step Guide - You can unsubscribe at any ...
2 months ago Techrepublic.com
Password Advice for the Rest of Us - Cisco Blogs - The key function you’re wanting out of a password manager is the ability to create passwords that are at least twenty (20) characters long, with all the typical mix of letters, numbers and symbols, as well as the ability to create a unique password ...
2 months ago Feedpress.me
Securden Password Vault Review 2024: Security, Pros & Cons - Securden Password Vault is a password management solution geared towards supervising multiple accounts and sensitive login credentials. Yes, Securden Password Vault can be accessed for free. If you're looking for an enterprise-level password solution ...
10 months ago Techrepublic.com
6 Best Enterprise Password Managers for 2024 Rated - Password managers are security tools that store, manage, and share authorization credentials safely for individual users and groups. In this article, I evaluate the top password managers and their ability to deliver and support solutions for ...
9 months ago Esecurityplanet.com
Protect your Active Directory from these Password-based Vulnerabilities - Deploying a security solution like Specops Password Policy enhances the protection of passwords, which are frequently exploited as an initial entry point by attackers. In this attack, the perpetrator, typically using a compromised low-level account ...
1 year ago Bleepingcomputer.com
Data's Perilous Journey & Lessons Not Learned From the Target Breach - COMMENTARY. The breach that struck retail giant Target in 2013 was not just a wake-up call but a cold shower to the industry - a harsh illumination of the sprawling vulnerabilities within third-party interactions and the grim consequences of ...
1 year ago Darkreading.com
Understand the pros and cons of enterprise password managers - To counter these threats, corporate IT security teams are turning to business-grade password managers to help centralize and streamline password and credential management. A password manager is a credential vault that gives IT teams a unified digital ...
10 months ago Techtarget.com
LastPass now requires 12-character master passwords for better security - LastPass notified customers today that they are now required to use complex master passwords with a minimum of 12 characters to increase their accounts' security. Even though LastPass has repeatedly said that there is a 12-character master password ...
11 months ago Bleepingcomputer.com
5 Lessons Learned from Windows Remote Desktop Honeypot Report - Recently, the SANS Institute released their annual Windows Remote Desktop Honeypot Report, providing comprehensive insights into the nature of malicious activity in a Windows environment. In order to understand how your own Windows network can be ...
1 year ago Bleepingcomputer.com
Open Source Password Managers: Overview, Pros & Cons - There are many proprietary password managers on the market for those who want an out-of-the box solution, and then there are open source password managers for those wanting a more customizable option. In this article, we explain how open source ...
9 months ago Techrepublic.com
From the SOC to Everyday Success: Data-Driven Life Lessons from a Security Analyst - Many of you have likely noticed that I enjoy looking for life lessons in the real-world that we can apply to the challenges we face in the security domain. I'd like to try and take the lessons I learned during my time as a security analyst working in ...
5 months ago Securityweek.com
Kaspersky Unveils New Flagship Product Line for Business, Kaspersky Next - PRESS RELEASE. Woburn, MA - April 16, 2024 - Today Kaspersky introduced its new flagship product line, Kaspersky Next, combining robust endpoint protection with the transparency and speed of EDR, alongside the visibility and powerful tools of XDR. ...
8 months ago Darkreading.com
Failing Upwards - One of the phrases my early boss in pentesting taught me and adopted was failing upwards in a career. This leads to hard decisions between hanging up part of your subject matter expertise and focusing on managing and leading teams or do you continue ...
10 months ago Blog.zsec.uk
What We Learned from These 3 API Security Breaches - If we look closely, there are lessons to be learned from these five fateful API attacks that can help any organisation secure its APIs better. The scenario: The helpdesk ticketing platform Zendesk was exposed to attackers thanks to a SQL injection ...
9 months ago Itsecurityguru.org
The year of Mega Ransomware attacks with unprecedented impact on global organizations - A Staggering 1 in every 10 organizations worldwide hit by attempted Ransomware attacks in 2023, surging 33% from previous year, when 1 in every 13 organisations received ransomware attacks Throughout 2023, organizations around the world have each ...
11 months ago Blog.checkpoint.com
Top 6 LastPass Alternatives for 2024 - LastPass is a popular choice for managing passwords and sensitive information for individuals and businesses. While the tool still enjoys global patronage, it's not a bad idea to consider other password managers that can serve as worthy alternatives ...
10 months ago Techrepublic.com
Cybersecurity Management Lessons from Healthcare Security Breaches - 2024 looks like it will only increase the number of affected individuals considering the scale of ransomware attacks from the first half of the year in the USA, Canada, and Australia. Unusual activity detected on May 8, 2024, caused Ascension ...
6 months ago Esecurityplanet.com
Mint Mobile discloses new data breach exposing customer data - Mint Mobile has disclosed a new data breach that exposed the personal information of its customers, including data that can be used to perform SIM swap attacks. Mint is a mobile virtual network operator owned by T-Mobile, offering budget, pre-paid ...
11 months ago Bleepingcomputer.com
The Next One Billion Lives - Last week, Cisco shared the news that we've achieved our ten-year goal to positively impact one billion lives through the Cisco Foundation, Social Impact grants, and Networking Academy - one year ahead of schedule. As the leaders of these ...
1 year ago Feedpress.me
ShadowRay Vulnerability: 6 Lessons for AI & Cybersecurity - This exposure is under active attack, yet Ray disputes that the exposure is a vulnerability and doesn't intend to fix it. The dispute between Ray's developers and security researchers highlights hidden assumptions and teaches lessons for AI security, ...
8 months ago Esecurityplanet.com
Secure Password Hashing in Java - In the domain of digital security, password hashing stands as a critical line of defense against unauthorized access. The landscape of hashing algorithms has evolved significantly, with some methods becoming obsolete and newer, more secure techniques ...
11 months ago Feeds.dzone.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)