Collaborate Disseminate
This is interesting research and data: With Google accounts as a case-study, we teamed up with the University of California, Berkeley to better understand how hijackers attempt to take over accounts in the wild. From March 2016 to March 2017, we analyzed several black markets to see how hijackers steal passwords and other sensitive data. […] Our research tracked several… Continue reading Google’s Data on Login Thefts
This is interesting research and data: With Google accounts as a case-study, we teamed up with the University of California, Berkeley to better understand how hijackers attempt to take over accounts in the wild. From March 2016 to March 2017, we analyzed several black markets to see how hijackers steal passwords and other sensitive data. […] Our research tracked several…
The post Google’s Data on Login Thefts appeared first on Security Boulevard.
When it comes to loosing access to their accounts, phishing is a greater threat to users than keyloggers and third-party breaches, researchers have found. How many valid credentials? The group, which includes researchers from Google, University of California, Berkeley, and the International Computer Science Institute, scoured private and public forums, paste sites, and search index sites from March 2016 to March 2017, and identified 788,000 potential victims of keyloggers; 12.4 million potential victims of phishing … More → Continue reading Phishing is a greater threat to users than keyloggers and third-party breaches
I’m setting up a development and production environment for a web application. It uses some remote APIs for which you need a key to access them. You don’t want those in your code, as well as the database credentials.
I have … Continue reading How to handle sensitive data like API-keys and DB passwords on production
Is there a way to share logins/passwords with a number of individuals, basing on their public network profile?
Example: a number of people working together in the office should have access credentials to some publicly avail… Continue reading Sharing credentials based on the network profile
Popular blog comment hosting service Disqus and market research company Forrester Research announced late on Friday that they’ve suffered a breach. While the latter was apparently limited to content made available to Forrester clients through Forrester.com, the former resulted in the theft of account data for some 17.5 million users. The Forrester incident “There is no evidence that confidential client data, financial information, or confidential employee data was accessed or exposed as part of the … More → Continue reading Disqus, Forrester Research suffer data breach
What’s the best practice for storing database credentials for an auto scaling environment, yet also requiring the ability to update database information?
For instance I have an auto-scaling site on AWS. At present there is o… Continue reading Storing database credentials for multi server, multi db environment
More often than not, the human element is the weakest link in the security chain. This fact is heavily exploited by cyber attackers, and makes phishing and spear-phishing attempts the most likely and most effective method to start an attack. If the attackers are after a specific target there’s seemingly no end to the different lures they can come up with, as digital civil liberties activists at Free Press and Fight For the Future have … More → Continue reading Activists targeted with barrage of creative phishing attempts
Apple said that macOS’ native Gatekeeper security feature would protect against a Keychain attack disclosed this week, but researcher Patrick Wardle said that won’t help against Mac malware signed with an Apple certificate. Continue reading Gatekeeper Alone Won’t Mitigate Apple Keychain Attack
Researcher Patrick Wardle has discovered a critical vulnerability that allows an attacker to dump passwords in plaintext from the macOS Keychain. The vulnerability is in macOS High Sierra, Sierra and El Capitan, and has yet to be patched. Continue reading macOS High Sierra Available—And Vulnerable to Keychain Attack