Search This Blog

Showing posts with label Authentication. Show all posts

Ahead of Data Privacy Day, Here are Best Password Practices to Safeguard Yourself


This week is Data Privacy Day, a day dedicated to raising awareness about how to protect your data and information online. The risks associated with the collection, processing, and storage of personal data are increasing, both on an individual and corporate level. 

Even today, most people are unsure how to respond when their rights are violated as a result of a data breach or leak. Keeper Security is sharing password best practices in order to keep accounts and data safe from threat actors. The goal is to educate consumers and businesses about privacy and to assist them in protecting themselves from the growing threat of data breaches.

Even when so-called passwordless options such as biometrics are used, the security of an individual's identity, data, and online accounts is heavily reliant on the strength of their passwords. Individuals must understand the difference between weak and strong passwords, especially since a breach could affect the organization for which they work, causing millions of dollars in damages. Data shows that stolen or weak passwords are responsible for 81% of hacking-related data breaches.

"Data Privacy Day provides an opportunity to elevate the critical importance of cybersecurity in all of our lives. The digital transformation shows no signs of slowing down, and with ever more connected devices from smartphones to smart fridges, we must all take concrete steps to protect ourselves," said Darren Guccione, CEO, and Co-founder at Keeper Security. 

He further added, "it is imperative everyone utilize strong and unique passwords for all of their accounts and store those passwords in a secure, encrypted vault to reduce their risk of an attack. The existential reality is that anyone can become a victim of cybercrime."

Think before you share, open, or click

One critical step to online safety is to avoid sharing personal information with anyone unless absolutely necessary. Keep an eye out for links in emails from suspicious or unknown senders, and learn how to spot phishing attempts. Download attachments only when you are certain they are safe.

Because it is human nature to believe what we see, aesthetics and user interface frequently trick users into clicking on a malicious, incorrect URL. The important thing is to make sure the URL matches the authentic website. When a password manager is used, it detects when the URL of a site does not match what is in the user's vault. This is an essential tool for preventing the most common types of attacks, such as phishing scams.

Improve your password habits by doing the following:
  • Do not use any easy-to-guess character combinations.
  • Prevent using the same password for multiple accounts and incorporating any personal information.
  • Keystroke patterns and short passwords should also be avoided.
  • As a password, avoid using repeated letters or numbers.
  • Use long combinations of letters, symbols, and numbers instead.
  • Creating a memorable phrase called a passphrase by randomly replacing certain letters with numbers or symbols.
  • Creating mnemonic passwords, for example, based on significant events.
Implementing a secure password manager is the best way for online users to secure their passwords. Individuals can use an effective password manager to generate random character combinations for their passwords and save them in a password vault. Users will no longer need to write them down or remember them, which makes them more vulnerable to breaches.

A password manager with zero trust and zero knowledge creates an even more secure environment for users to store their passwords. Even in the worst-case scenario of a breach, the stored data is encrypted in cypher text, which means it cannot be accessed or read by a human or machine.

Nelnet Servicing breach over 2.5 Million Student Loan Data

A hack on technology services supplier Nelnet Servicing affected more than 2.5 million persons with students with student loan accounts with EdFinancial and the Oklahoma Student Loan Authority. 

The provider claims that hackers accessed its systems without authorization in June and continued to do so through July 22. There have been about 2,501,324 people who were affected by the data breach.

The information that was made public includes full name, place of residence, email address, contact details, and social security number. 

Hackers can exploit the aforementioned data by employing a number of tricks like phishing, social engineering, impersonation, and other tactics. The danger of exposure is amplified because loans are such a delicate subject.

Nelnet informed Edfinancial and OSLA that the attackers initially gained access by taking advantage of a vulnerability in its systems.

Nelnet claims to have stopped the hack as soon as the security vulnerability was discovered, but a later review, which was finished on August 17, 2022, found that some student loan account registration data may have been obtained.

Customers who might be impacted have already been informed by EdFinancial and OSLA, although EdFinancial made it clear that not all of its clients are affected as Nelnet Servicing is not its only technology supplier. 

It has been suggested that people use the free identity theft protection services offered by EdFinancial and OSLA if their data may have been affected by the event. Furthermore, due to the data breach, the provider of technical services could be subject to a class action lawsuit. 

The law firm "Markovits, Stock & DeMarco" yesterday began an inquiry into the possibility of a class action lawsuit due to the magnitude of this data breach occurrence.

According to a letter sent to impacted borrowers, "we urge you to be alert against incidences of identity theft and fraud over the following 24 months, by examining your account statements and keeping an eye on your free credit reports for suspicious activity and to spot errors."

It is advised that those who receive the notices sign up for Experian's IdentityWorks service right once to shield themselves from fraud, and they should also keep a watch for any other incoming correspondence.

Microsoft: Large-Scale AiTM Phishing Attacks Against 10K+Organizations


More than 10,000 companies were targeted in a large-scale phishing campaign that used adversary-in-the-middle (AiTM) phishing sites. Microsoft identified a large-scale phishing effort that employed adversary-in-the-middle (AiTM) phishing sites to steal passwords, hijack a user's sign-in session, and circumvent authentication even when the victim had activated MFA. 

Threat actors utilise AiTM phishing to set up a proxy server between a target user and the website the user desires to access, which is the phishing site controlled by the attackers. The proxy server enables attackers to intercept communications and steal the target's password and a session cookie. 

Threat actors started business email compromise (BEC) attacks against other targets after obtaining the credentials and session cookies needed to access users' mails. Since September 2021, Microsoft specialists think the AiTM phishing effort has targeted over 10,000 companies. 

Phishing using AITM 

By impersonating the Office online authentication page, the landing sites utilised in this campaign were meant to attack the Office 365 authentication process. Microsoft researchers discovered that the campaign's operators utilise the Evilginx2 phishing kit as its AiTM infrastructure. Threat actors utilised phishing emails with an HTML file attachment in several of the attacks seen by the experts. The message alerted recipients that they had a voice message in order to deceive them into opening the file.
The analysis published by Microsoft states, “This redirector acted as a gatekeeper to ensure the target user was coming from the original HTML attachment. To do this, it first validated if the expected fragment value in the URL—in this case, the user’s email address encoded in Base64—exists. If the said value existed, this page concatenated the value on the phishing site’s landing page, which was also encoded in Base64 and saved in the “link” variable.”

“By combining the two values, the succeeding phishing landing page automatically filled out the sign-in page with the user’s email address, thus enhancing its social engineering lure. This technique was also the campaign’s attempt to prevent conventional anti-phishing solutions from directly accessing phishing URLs.” 

After capturing the session cookie, the attackers inserted it into their browser to bypass the authentication procedure, even if the receiver had activated MFA for his account. Microsoft advises organisations to use systems that enable Fast ID Online (FIDO) v2.0 and certificate-based authentication to make their MFA deployment "phish-resistant."

Microsoft also advises establishing conditional access controls if an attacker attempts to utilise a stolen session cookie and monitoring for suspicious or anomalous activity, such as sign-in attempts with suspicious features and odd mailbox operations. 

“This AiTM phishing campaign is another example of how threats continue to evolve in response to the security measures and policies organisations put in place to defend themselves against potential attacks. While AiTM phishing attempts to circumvent MFA, it’s important to underscore that MFA implementation remains an essential pillar in identity security. MFA is still very effective at stopping a wide variety of threats; its effectiveness is why AiTM phishing emerged in the first place," concludes the report.