credentials - Security Ticks

Balancing usability and security in the fight against identity-based attacks

Artificial Intelligence, attacks, credentials, cybersecurity, Don't miss, Features, Hot stuff, human error, identity, News, opinion, Push Security / SecurityTicks

Balancing usability and security in the fight against identity-based attacks 2025-01-17 at 08:04 By Mirko Zorz In this Help Net Security interview, Adam Bateman, CEO of Push Security, talks about the rise in identity-based attacks, how they’re becoming more sophisticated each year, and how AI and ML are both fueling these threats and helping to […]

React to this headline:

Balancing usability and security in the fight against identity-based attacks Read More »

The shocking speed of AWS key exploitation

automation, AWS, Clutch Security, credentials, Don't miss, GitHub, Hot stuff, News, security practices / SecurityTicks

The shocking speed of AWS key exploitation 2024-12-02 at 21:19 By Zeljka Zorz It’s no secret that developers often inadvertently expose AWS access keys online and we know that these keys are being scraped and misused by attackers before organizations get a chance to revoke them. Clutch Security researchers performed a test to see just

React to this headline:

The shocking speed of AWS key exploitation Read More »

Faraway Russian hackers breached US organization via Wi-Fi

APT, brute-force, credentials, Don't miss, enterprise, government-backed attacks, Hot stuff, MFA, News, Russian Federation, wireless / SecurityTicks

Faraway Russian hackers breached US organization via Wi-Fi 2024-11-25 at 19:03 By Zeljka Zorz Forest Blizzard, a threat group associated with Russia’s GRU military intelligence service, repeatedly breached a US-based organization via compromised computer systems of nearby firms, which they leveraged to authenticate to the target’s enterprise Wi-Fi network. The repeated attacks Volexity, a company

React to this headline:

Faraway Russian hackers breached US organization via Wi-Fi Read More »

Simplifying decentralized identity systems for everyday use

authentication, credentials, cybersecurity, Don't miss, Features, Hot stuff, identity, News, opinion, Privacy, standards, WatchGuard / SecurityTicks

Simplifying decentralized identity systems for everyday use 2024-10-30 at 07:04 By Mirko Zorz In this Help Net Security interview, Carla Roncato, VP of Identity at WatchGuard Technologies, discusses how companies can balance privacy, security, and usability in digital identity systems. She emphasizes modern techniques like biometrics and passkeys to replace knowledge-based authentication methods and highlights

React to this headline:

Simplifying decentralized identity systems for everyday use Read More »

AI and deepfakes fuel phishing scams, making detection harder

Artificial Intelligence, credentials, cybercrime, cybersecurity, News, report, survey, Teleport / SecurityTicks

AI and deepfakes fuel phishing scams, making detection harder 2024-10-24 at 06:03 By Help Net Security AI impersonation is now the hardest vector for cybersecurity professionals to protect companies against, according to Teleport. The study, which surveyed 250 senior US and UK decision-makers, shows that social engineering remains one of the top tactics cybercriminals use

React to this headline:

AI and deepfakes fuel phishing scams, making detection harder Read More »

The Internet Archive breach continues

credentials, data breach, Don't miss, Hot stuff, Internet Archive, News / SecurityTicks

The Internet Archive breach continues 2024-10-21 at 12:46 By Zeljka Zorz Cybersecurity troubles are not over for the Internet Archive (IA), the nonprofit organization behind the popular digital library site: after the recent DDoS attacks, defacement and data breach, an email sent via its Zendesk customer service platform has shown that some of its IT

React to this headline:

The Internet Archive breach continues Read More »

The NHI management challenge: When employees leave

authentication, credentials, cybersecurity, Don't miss, Entro, Expert analysis, Expert corner, framework, Hot stuff, News, Non Human Identities, opinion / SecurityTicks

The NHI management challenge: When employees leave 2024-10-15 at 08:01 By Help Net Security An employee is exiting your organization. Regardless of the terms of departure, an ex-staffer has the potential when they leave or change roles to impact a wide range of non-human identities, digital credentials, and other secrets. Those secrets include the credentials

React to this headline:

The NHI management challenge: When employees leave Read More »

The role of self-sovereign identity in enterprises

1Kosmos, authentication, credentials, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, identity, identity management, News, opinion, regulation / SecurityTicks

The role of self-sovereign identity in enterprises 2024-10-08 at 07:31 By Help Net Security As personal data becomes increasingly commodified and centralized, the need for individuals to reclaim control over their identities has never been more urgent. Meanwhile, traditional identity systems used by enterprises often expose sensitive information to unnecessary risk, leaving both users and

React to this headline:

The role of self-sovereign identity in enterprises Read More »

Cracking the Cloud: The Persistent Threat of Credential-Based Attacks

Cloud, cloud security, credentials, Identity & Access / SecurityTicks

Cracking the Cloud: The Persistent Threat of Credential-Based Attacks 2024-10-01 at 16:01 By Kevin Townsend Credentials are still the most common entry point for bad actors, even as businesses deploy multi-factor authentication (MFA) to strengthen defenses. The post Cracking the Cloud: The Persistent Threat of Credential-Based Attacks appeared first on SecurityWeek. This article is an

React to this headline:

Cracking the Cloud: The Persistent Threat of Credential-Based Attacks Read More »

Reducing credential complexity with identity federation

authentication, credentials, cybersecurity, Descope, Don't miss, Features, Hot stuff, identity management, News, opinion, SSO / SecurityTicks

Reducing credential complexity with identity federation 2024-10-01 at 07:01 By Mirko Zorz In this Help Net Security interview, Omer Cohen, Chief Security Officer at Descope, discusses the impact of identity federation on organizational security and user experience. He explains how this approach streamlines credential management and enhances security by leveraging trusted identity providers while simplifying

React to this headline:

Reducing credential complexity with identity federation Read More »

Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts

account hijacking, Cloud, credentials, Don't miss, Hot stuff, Microsoft, Microsoft Entra ID, News, privileged accounts, Ransomware / SecurityTicks

Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts 2024-09-30 at 17:01 By Zeljka Zorz Storm-0501, an affiliate of several high-profile ransomware-as-a-service outfits, has been spotted compromising targets’ cloud environments and on-premises systems. “Storm-0501 is the latest threat actor observed to exploit weak credentials and over-privileged accounts to move from organizations’

React to this headline:

Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts Read More »

Hackers breaching construction firms via specialized accounting software

brute-force, credentials, Don't miss, enterprise, Hot stuff, Huntress, News, privileged accounts, SMBs / SecurityTicks

Hackers breaching construction firms via specialized accounting software 2024-09-18 at 17:16 By Zeljka Zorz Firms in the construction industry are getting breached by hackers via internet-exposed servers running Foundation accounting software, Huntress researchers are warning. “We’re seeing active intrusions among plumbing, HVAC, concrete, and similar sub-industries,” they noted. A way into corporate networks Ohio-based Foundation

React to this headline:

Hackers breaching construction firms via specialized accounting software Read More »

Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633)

credentials, Don't miss, Dynatrace, enterprise, file-sharing, Fortra, Hot stuff, News, SQL injection, Tenable, vulnerability / SecurityTicks

Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633) 2024-08-28 at 12:02 By Zeljka Zorz Organizations using Fortra’s FileCatalyst Workflow are urged to upgrade their instances, so that attackers can’t access an internal HSQL database by exploiting known static credentials (CVE-2024-6633). “Once logged in to the HSQLDB, the attacker can perform malicious operations in the database. For

React to this headline:

Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633) Read More »

Hide yo environment files! Or risk getting your cloud-stored data stolen and held for ransom

AWS, cloud security, credentials, data theft, Don't miss, extortion, Hot stuff, misconfiguration, News, Palo Alto Networks / SecurityTicks

Hide yo environment files! Or risk getting your cloud-stored data stolen and held for ransom 2024-08-15 at 17:16 By Zeljka Zorz Cybercriminals are breaking into organizations’ cloud storage containers, exfiltrating their sensitive data and, in several cases, have been paid off by the victim organizations to not leak or sell the stolen data. “The attackers

React to this headline:

Hide yo environment files! Or risk getting your cloud-stored data stolen and held for ransom Read More »

Stolen Credentials Have Turned SaaS Apps Into Attackers’ Playgrounds

Black Hat, credential stuffing, credentials, Identity & Access, SaaS / SecurityTicks

Stolen Credentials Have Turned SaaS Apps Into Attackers’ Playgrounds 2024-08-08 at 18:01 By Kevin Townsend SaaS app log analysis highlights the rapid smash and grab raid: in, steal, and leave in 30 minutes. The post Stolen Credentials Have Turned SaaS Apps Into Attackers’ Playgrounds appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Stolen Credentials Have Turned SaaS Apps Into Attackers’ Playgrounds Read More »

Risk related to non-human identities: Believe the hype, reject the FUD

access control, credentials, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, identity, identity management, News, opinion, Sweet Security / SecurityTicks

Risk related to non-human identities: Believe the hype, reject the FUD 2024-07-15 at 08:01 By Help Net Security The hype surrounding unmanaged and exposed non-human identities (NHIs), or machine-to-machine credentials – such as service accounts, system accounts, certificates and API keys – has recently skyrocketed. A steady stream of NHI-related breaches is causing some of

React to this headline:

From passwords to passkeys: Enhancing security and user satisfaction

authentication, Compliance, credentials, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, passwordless, passwords, regulation, Stytch / SecurityTicks

From passwords to passkeys: Enhancing security and user satisfaction 2024-06-20 at 07:01 By Mirko Zorz In this Help Net Security interview, Julianna Lamb, Stytch CTO, discusses the advantages of passwordless authentication. Eliminating passwords reduces data breaches and improves user experience by simplifying the login process. Lamb also addresses the technical challenges and economic implications of

React to this headline:

From passwords to passkeys: Enhancing security and user satisfaction Read More »

Medibank breach: Security failures revealed (lack of MFA among them)

Australia, credentials, data breach, Don't miss, extortion, Hot stuff, Medibank, MFA, News / SecurityTicks

Medibank breach: Security failures revealed (lack of MFA among them) 2024-06-18 at 17:31 By Zeljka Zorz The 2022 Medibank data breach / extortion attack perpetrated by the REvil ransomware group started by the attackers leveraging login credentials stolen from a private computer of an employee of a Medibank’s IT contractor. According to a statement by

React to this headline:

Medibank breach: Security failures revealed (lack of MFA among them) Read More »

The number of known Snowflake customer data breaches is rising

cloud security, credentials, data breach, data theft, Don't miss, enterprise, extortion, Hot stuff, News, Snowflake / SecurityTicks

The number of known Snowflake customer data breaches is rising 2024-06-10 at 15:46 By Zeljka Zorz LendingTree subsidiary QuoteWizard and automotive parts provider Advance Auto Parts have been revealed as victims of attackers who are trying to sell data stolen from Snowflake-hosted cloud databases. Snowflake says that their investigation is still ongoing, but continues to

React to this headline:

The number of known Snowflake customer data breaches is rising Read More »

361 million account credentials leaked on Telegram: Are yours among them?

account hijacking, consumer, credentials, Data leak, data theft, Don't miss, enterprise, HIBP, Hot stuff, Malware, News, passwords, Telegram, tips / SecurityTicks

361 million account credentials leaked on Telegram: Are yours among them? 2024-06-04 at 15:03 By Zeljka Zorz A new trove of 361 million email addresses has been added to Have I Been Pwned? (HIBP), the free online service through which users can check whether their account credentials and other data has been compromised in one

React to this headline:

361 million account credentials leaked on Telegram: Are yours among them? Read More »