Collaborate Disseminate
“Win11 builds now have a DEFAULT account lockout policy to mitigate RDP and other brute force password vectors,” David Weston of Enterprise and OS Security at Microsoft, announced, just as the company confirmed that it will resume the rollo… Continue reading Microsoft adds default protection against RDP brute-force attacks
Customers of automaker General Motors (GM) and wedding planning company Zola have had customer accounts compromised through credential stuffing, and the criminals have used the access to redeem gift cards. What is credential stuffing? Credential stuffi… Continue reading GM, Zola customer accounts compromised through credential stuffing
Online accounts getting hijacked and misused is an everyday occurrence, but did you know that account pre-hijacking attacks are also possible? Inspired by previous research on preemptive account hijacking by way of single sign-on (SSO) technology, rese… Continue reading Account pre-hijacking attacks possible on many online services
In this interview with Help Net Security, Itay Levy, CEO of Identiq, talks about the importance of fraud detection when it comes to protecting an organization but also its customers. Consumers have moved most of their activities online, which has led t… Continue reading Fraud detection is great, but you also need prevention
Fifty-eight million consumers had a new account opened without their authorization in the last 12 months, a 21% increase compared to 2020, yet less than half of Americans know how to protect their data and identities. Unauthorized account openings driv… Continue reading Unauthorized account openings increased by 21% in the last 12 months
SpyCloud researchers recovered more than 4.6 billion pieces of personally identifiable information and nearly 1.5 billion stolen account credentials from 854 breach sources in 2020, the company announced in its 2021 Credential Exposure Report. Credenti… Continue reading Credential exposure trends: You need a better password
Microsoft will introduce this month a new security alert that will notify enterprise security teams when an employee is being targeted by suspected nation-state attackers. The notification will appear in the dashboard of Microsoft Defender for Office 3… Continue reading Microsoft to alert enterprise security teams when nation-state attackers target their employees
Multi-factor authentication (MFA) that depends on one of the authentication factors being delivered via SMS and voice calls should be avoided, Alex Weinert, Director of Identity Security at Microsoft, opined. That’s not to say that MFA should be … Continue reading Microsoft advises users to stop using SMS- and voice-based MFA
Attempted account takeover (ATO) attacks swelled 282 percent between Q2 2019 to Q2 2020, Sift reveals. Likewise, ATO rates for physical ecommerce businesses — those that sell physical goods online —jumped 378 percent since the start of the COVID-19 pan… Continue reading As ATO attacks surge, consumers expect merchants to protect them from fraud
Video conferencing platform Zoom is finally offering all users the option to enable two-factor authentication (2FA) to secure their accounts against credential stuffing attacks and attacks leveraging phished login credentials. How to enable Zoom 2FA on… Continue reading How to add 2FA to your Zoom account