Cyber Security Threat Center

Slack resets passwords exposed in 2015 breach

• Frank Crast
• July 19, 2019
• Data Breach / Data Privacy / Password Management

Slack has reset passwords for close to 1% of overall Slack accounts in response to new information learned from 2015 security breach.

Continue Reading

DHS warns of Iranian cybersecurity threats, issues guidance

• Frank Crast
• June 26, 2019
• Cybersecurity Attacks / Data Privacy / Malware / Mobile Security / Password Management / Phishing

The Director of the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about recent Iranian cybersecurity threats. The statement also included suggested tips and best practices to stay safe online.

Continue Reading

Nansh0u campaign targets Windows MS-SQL and PHPMyAdmin servers

• Frank Crast
• May 30, 2019
• Configuration Management / Cybersecurity Attacks / Malware / Password Management

A China-based cyber campaign dubbed "Nansh0u" has targeted tens of thousands of unsecured Windows MS-SQL and PHPMyAdmin servers worldwide.

Continue Reading

Flipboard confirms data breach, resets passwords

• Frank Crast
• May 29, 2019
• Data Breach / Password Management

News aggregator Flipboard warned that an unauthorized person gained access to subset of user account data and cryptographically protected passwords.

Continue Reading

Facebook says Millions of Instagram passwords stored in clear text

• Frank Crast
• April 19, 2019
• Application Security / Cryptography / Password Management

Facebook provided an update to a previously disclosed incident involving insecurely storing "tens of thousands" of Instagram users' passwords on internal servers in clear text. Facebook now says that "millions" of Instagram accounts are now impacted.

Continue Reading

HawkEye Reborn: Password Stealer and Keylogger threat

• Frank Crast
• April 15, 2019
• Cybersecurity Attacks / Malware / Password Management

Cisco's Talos security team has observed ongoing malware distribution campaigns that use a new version of a keylogger and password stealer "HawkEye Reborn v9."

Continue Reading

Xwo botnet scans for exposed web services and default passwords

• Frank Crast
• April 3, 2019
• Application Security / Malware / Password Management / System Hardening

A newly discovered botnet dubbed Xwo has been scanning the internet for exposed web services and default passwords. The malware was discovered by AT&T's Alien Labs back in March and is related to malware families MongoLock and Xbash.

Continue Reading

Firefox 66 is out with many new feature enhancements

• Frank Crast
• March 19, 2019
• Password Management / Security Updates & Patches

Mozilla has released Firefox 66 that includes many new features, such as blocking websites from automatically playing sound. Users can also use the new Firefox to add individual sites to an exceptions list or turn off the blocking feature.

Continue Reading

Password Checkup helps protect accounts from data breaches

• Frank Crast
• February 7, 2019
• Data Breach / Password Management

Google has released a new Chrome extension "Password Checkup" that warns users if their account username and passwords are known to be unsafe and leaked as part of past data breaches.

Continue Reading

WordPress plugin maker WPML website hacked

• Frank Crast
• January 22, 2019
• Data Breach / Identity & Access Management / Password Management / Server Security

Popular WordPress plugin maker WPML said their website was hacked over the weekend and led to the loss of customer data. The culprit was an ex-employee who exploited a backdoor planted on an unsecured web server.

Continue Reading