Collaborate Disseminate
In 2023, malicious email threats bypassing secure email gateways (SEGs) increased by more than 100%, according to Cofense. In just two years, Cofense identified over 1.5 million malicious emails bypassing their customers’ SEGs, signaling a 37% increase… Continue reading Secure email gateways struggle to keep pace with sophisticated phishing campaigns
The speed of cyberattacks continues to accelerate at an alarming rate, according to CrowdStrike. Adversaries increasingly exploit stolen credentials The speed of cyberattacks continues to accelerate at an alarming rate. The report indicates that the av… Continue reading Attack velocity surges with average breakout time down to only 62 minutes
Picus Security has revealed a rise in hunter-killer malware, highlighting a significant shift in adversaries’ capability to pinpoint and thwart advanced enterprise defenses, including next-gen firewalls, antivirus programs, and EDR systems. There… Continue reading Understanding the tactics of stealthy hunter-killer malware
AnyDesk Software GmbH, the German company behind the widely used (and misused) remote desktop application of the same name, has confirmed they’ve been hacked and their production systems have been compromised. The statement was published on Frida… Continue reading AnyDesk has been hacked, users urged to change passwords
If I have a program that runs on a regular basis, such as a cron job or systemd timer and it needs to access a secure resource like a hsm or encrypted database, what are the best practices to store/access the credentials to it?
From the Password Check FAQ:
"To check your credentials, Chrome first encrypts your username and password. Then it sends the encrypted credentials to Google for comparison against an encrypted list of known breached data. If Chrome d… Continue reading Can Google not obtain our passwords from Chrome’s "password check" service? [closed]
42% of businesses report employees with BYOD devices in business settings that use tools like WhatsApp have led to new security incidents, according to SafeGuard Cyber. Messaging platforms like WhatsApp, Telegram, Slack, and Teams face constant threats… Continue reading WhatsApp, Slack, Teams, and other messaging platforms face constant security risks
TL;DR
I’m trying to implement a fake user account that has multiple sets of credentials that can be used. Instead of a specific password, any one password from a list of them could be used to authenticate to the account. By doing so, we c… Continue reading Windows AD – Fake User Account with Multiple Passwords to Detect Password Spray
Interesting article about a surprisingly common vulnerability: programmers leaving authentication credentials and other secrets in publicly accessible software code:
Researchers from security firm GitGuardian this week reported finding almost 4,000 unique secrets stashed inside a total of 450,000 projects submitted to PyPI, the official code repository for the Python programming language. Nearly 3,000 projects contained at least one unique secret. Many secrets were leaked more than once, bringing the total number of exposed secrets to almost 57,000…
Continue reading Leaving Authentication Credentials in Public Code
The risk of personal and professional data being stolen by nefarious actors looms larger than ever, according to Trend Micro. Understanding the risks associated with data theft, which include identity theft, financial loss, reputational harm, and the p… Continue reading Infostealers and the high value of stolen data