Password Management

Phishing email leads to Denver area health care breach

February 07, 2012

Hackers may have accessed the personal health data belonging to patients of Denver area-based Metro Community Provider Network, a nonprofit health care provider for low-income individuals and families.
 

Yahoo deploys two-factor authentication for email

December 20, 2011

The feature, which is currently available for users in the U.S. Canada, India, and the Philippines, requires a second form of verification beyond a password for any "suspicious" login attempt.
 

Thirteen patches from Microsoft, including Duqu fix

December 13, 2011

Tuesday's baker's dozen of security patches from Microsoft includes a fix for a vulnerability that helped spread the dangerous information-stealing Duqu trojan, which targets industrial control systems.
 

Microsoft YouTube channel hacked

October 24, 2011

Hackers over the weekend accessed Microsoft's YouTube channel to swap out videos with their own. It is unclear what the intruders' motive was, but they may have been able to access the account by stealing its login credentials from a Microsoft employee, Graham Cluley, senior technology consultant at anti-virus firm Sophos, said in a blog post Sunday. One of the unauthorized videos posted was titled "Bingo" and featured an animated video game character shooting another character. By Monday morning, the channel was operating normally. The incident followed hackers last week taking over the Sesame Street YouTube channel to display pornographic videos.
 

Porn hackers take over "Sesame Street" YouTube station

October 17, 2011

The YouTube channel for the long-running television series "Sesame Street" was back operating normally on Monday after hackers briefly gained access to swap out educational videos with X-rated pornography.
 

Mac OS X Lion flaw allows illicit password changes

September 20, 2011

An Apple operating system flaw could allow any user to obtain stored password hash data through an openly readable directory.
 

"Morto" worm spreading via Remote Desktop connections

August 29, 2011

Security firms have just spotted a new worm, but experts don't think it will run rampant because there is no vulnerability involved.
 

Microsoft's 16 patches include one for "cookiejacking"

June 09, 2011

Microsoft is prepping a large security update for Tuesday, with plans to deliver 16 patches to fix 34 vulnerabilities across its product line.
 

If I ran the zoo

Randy Abrams, director of technical education, ESET May 24, 2011

What might a hacker do with the Sony PlayStation Network database?
 

GAO slams IRS for data protection missteps

March 17, 2011

With the tax filing deadline a month away, the IRS is feeling the heat from the U.S. Government Accountability Office over lax data security practices.
 

The domino effect of Gawker's poor password practices

Roman Yudkin, chief technology officer, Confident Technologies December 22, 2010

Poor authentication standards encourage bad passwords and enable the data breach at Gawker to harm security across the web.
 

Gawker breach prompts LinkedIn, Yahoo password resets

December 16, 2010

The recent theft of approximately 1.3 million account details from the servers of Gawker has prompted password resets at a number of popular websites.
 

Twitter spam campaign linked to Gawker breach

December 13, 2010

A massive spam campaign that has rapidly spread on Twitter has been linked to a recent security breach of online media company Gawker Media.
 

Google releases security checklist

October 18, 2010

Google has created an 18-part checklist to help users better secure their computer, browser, Google account and Gmail settings. Among the tips Google suggests are that users choose unique passwords for their various online accounts, that they "periodically" change their passwords and that they never respond to messages or phone calls requesting their usernames or passwords. — DK
 

Microsoft fixes Ormandy zero-day, four other bugs

July 13, 2010

Microsoft on Tuesday pushed out four patches to address five vulnerabilities in Microsoft Windows and Office. It also marks the last security update for Windows 2000 and XP Service Pack 2.
 

Widespread attacks continue against WordPress sites

May 11, 2010

A new campaign to hack WordPress websites and serve rogue anti-virus is underway, according to security researchers.
 

Brokerage firm fined $375,000 over breach

April 13, 2010

The Financial Industry Regulatory Authority (FINRA) announced Monday it has fined Montana-based brokerage firm D.A. Davidson & Co. over a December 2007 breach that exposed the personal information of approximately 192,000 customers. The company's database was compromised via SQL injection, allowing attackers to steal the names and Social Security numbers of customers. Prior to the breach, D.A. Davidson did not have adequate safeguards, such as encryption, to protect customer information, FINRA said. A company spokeswoman told SCMagazineUS.com that no clients have fallen victim to ID theft, but the company settled to put the matter behind it. — AM
 

Apache.org hit by targeted XSS attack

April 13, 2010

The Apache Software Foundation is advising users to change their passwords after hackers launched a successful attack against its infrastructure.
 

Security training won't solve the negligent insider threat

Phil Lieberman, CEO, Lieberman Software April 07, 2010

Technology is necessary to stave off hacker attempts because humans cannot always be perfect.
 

GAO report says IRS still has security holes to close

March 22, 2010

The Internal Revenue Service is making strides toward improving its information security posture, but significant shortfalls remain, according to a new report from the U.S. Government Accountability Office (GAO).
 

Let's get back to reality

Lysa Myers, director of research, West Coast Labs March 10, 2010

Reality sets in not longer after taking an information security job, as step two of this author's "Five Stages of Employment" series continues.
 

Twitter accounts compromised in torrent site scam

February 03, 2010

Twitter this week reset the passwords on an unknown number of accounts after discovering malicious file-sharing sites were set up to steal user login information.
 

RockYou hack reveals most common password: '123456'

January 22, 2010

A recent analysis of 32 million passwords, obtained in the RockYou.com hack, has revealed that nearly 300,000 individuals used '123456' as their password.
 

Yahoo, Gmail passwords also phished in far-reaching scam

October 06, 2009

Microsoft's Live Hotmail was not the only target in what appears to be a widespread phishing ploy targeting unsuspecting webmail users.
 

Microsoft acknowledges Windows Live ID breach

October 05, 2009

Microsoft confirmed Monday that the credentials of thousands of Microsoft Windows Live ID accounts were posted online late last week.
 

Twitter hack spurs cloud computing security debate

July 16, 2009

Is cloud computing or Twitter to blame for Wednesday's revelation that a hacker was able to access sensitive company communications?
 

Three charged with hijacking corporate phone systems

June 15, 2009

Three Filipino residents have been charged with hacking into the telephone systems of U.S. companies, enabling callers to run up some $55 million in charges.
 

Nonprofit releases security configuration standards for iPhone

May 29, 2009

Organizations issuing iPhones to their employers can now apply security configuration best practices, which were introduced this week by the Center for Internet Security.
 

Convenience or security?

February 24, 2009

Consumers would prefer to use the same one or two passwords for all websites they access and have little interest in using password management solutions or adopting a federated identity framework, such as OpenID, according to a survey released Tuesday from Gartner. Four thousand U.S. adults polled in September said they are unwilling to sacrifice convenience for security, consistent with previous findings. As a result, site owners must provide a "compelling justification" for customers to use additional security, according to Gartner. — DK
 

Key to the vault: Stock Yards Bank & Trust and Imprivata

February 13, 2009

A biometric solution helps Stock Yards Bank & Trust manage passwords and aids in compliance efforts, reports Greg Masters.
 
Powered by Disqus
Popular Topics
Analyst Reports & Industry Surveys Android Anonymous Breaches & Exposures Canada Data Breaches DNS Education Finance Government Hackers Hacktivism Health Care Lawbreakers & Cybercrime Lawsuit Legislation LulzSec Malware Mobile Applications Mobile Devices Patch Management PCI Compliance SC Awards 2012 Trojans Vulnerabilities & Flaws