Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Password Security. Show all posts
Ransomwares
corporate cyber attacks Cyber Security Cyber Security Tool Cyberattack Cyberthreart Data protection data security Enterprise security Ingram Micro Password Security ransomware attacks Ransomwares

Why Major Companies Are Still Falling to Basic Cybersecurity Failures

 

In recent weeks, three major companies—Ingram Micro, United Natural Foods Inc. (UNFI), and McDonald’s—faced disruptive cybersecurity incidents. Despite operating in vastly different sectors—technology distribution, food logistics, and fast food retail—all three breaches stemmed from poor security fundamentals, not advanced cyber threats. 

Ingram Micro, a global distributor of IT and cybersecurity products, was hit by a ransomware attack in early July 2025. The company’s order systems and communication channels were temporarily shut down. Though systems were restored within days, the incident highlights a deeper issue: Ingram had access to top-tier security tools, yet failed to use them effectively. This wasn’t a tech failure—it was a lapse in execution and internal discipline. 

Just two weeks earlier, UNFI, the main distributor for Whole Foods, suffered a similar ransomware attack. The disruption caused significant delays in food supply chains, exposing the fragility of critical infrastructure. In industries that rely on real-time operations, cyber incidents are not just IT issues—they’re direct threats to business continuity. 

Meanwhile, McDonald’s experienced a different type of breach. Researchers discovered that its AI-powered hiring tool, McHire, could be accessed using a default admin login and a weak password—“123456.” This exposed sensitive applicant data, potentially impacting millions. The breach wasn’t due to a sophisticated hacker but to oversight and poor configuration. All three cases demonstrate a common truth: major companies are still vulnerable to basic errors. 

Threat actors like SafePay and Pay2Key are capitalizing on these gaps. SafePay infiltrates networks through stolen VPN credentials, while Pay2Key, allegedly backed by Iran, is now offering incentives for targeting U.S. firms. These groups don’t need advanced tools when companies are leaving the door open. Although Ingram Micro responded quickly—resetting credentials, enforcing MFA, and working with external experts—the damage had already been done. 

Preventive action, such as stricter access control, routine security audits, and proper use of existing tools, could have stopped the breach before it started. These incidents aren’t isolated—they’re indicative of a larger issue: a culture that prioritizes speed and convenience over governance and accountability. 

Security frameworks like NIST or CMMC offer roadmaps for better protection, but they must be followed in practice, not just on paper. The lesson is clear: when organizations fail to take care of cybersecurity basics, they put systems, customers, and their own reputations at risk. Prevention starts with leadership, not technology.
Read more »
Password Security
Common Password Complex Password Cyber Security cybercriminals data security education sector Educational Institutes Password Password Security

Weak Passwords Still Common in Education Sector, Says NordVPN Report

 

A new study by NordVPN has revealed a serious cybersecurity issue plaguing the education sector: widespread reliance on weak and easily guessable passwords. Universities, schools, and training centres continue to be highly vulnerable due to the reuse of simple passwords that offer minimal protection.  

According to NordVPN’s research, the most frequently used password across educational institutions is the infamous ‘123456’, with over 1.2 million instances recorded. This is closely followed by other equally insecure combinations like ‘123456789’ and ‘12345678’. Shockingly, commonly used words such as ‘password’ and ‘secret’ also rank in the top five, making them among the least secure options in existence. 

Karolis Arbaciauskas, head of business product at NordPass, emphasized that educational institutions often store a wealth of sensitive data, including student records and staff communications. Yet many are still using default or recycled passwords that would fail even the most basic security check. He warned that such practices make schools prime targets for cybercriminals. 

The consequences of this weak security posture are already visible. One of the most notable examples is the Power Schools breach, where personal information, including names, birthdates, and contact details of nearly 62 million students and educators, was compromised. These incidents highlight how vulnerable educational data can be when simple security measures are neglected.  

Cybercriminals are increasingly targeting schools not just for monetary gain but also to steal children’s identities. With access to personal information, they can commit fraud such as applying for loans or credit cards in the names of underage victims who are unlikely to detect such activity due to their lack of a credit history. 

To mitigate these risks, NordVPN recommends adopting stronger password practices. A secure password should be at least 12 characters long, combining uppercase and lowercase letters, numbers, and special symbols. One example is using a memorable phrase with substitutions, like turning a TV show quote into ‘Streets;Ahead6S&AM!’. Alternatively, using a trusted password manager or generator can help enforce robust security across accounts. 

As digital threats evolve, it’s critical that educational institutions update their cybersecurity hygiene, starting with stronger passwords. This simple step can help protect not only sensitive data but also the long-term digital identities of students and staff.
Read more »
Password Security
2FA 2FA security Account security Bug Fixes Coinbase Cyber Security online account protection Password Security

Coinbase Fixes Account Log Bug That Mistakenly Triggered 2FA Breach Alerts

 

Coinbase has resolved a logging issue in its system that led users to wrongly believe their accounts had been compromised, after failed login attempts were mistakenly labeled as two-factor authentication (2FA) failures. As first uncovered by BleepingComputer, the bug caused the platform to misreport login errors. Specifically, attempts made with incorrect passwords were incorrectly shown in the user activity log as “second_factor_failure” or “2-step verification failed.” 

This mislabeling gave the false impression that an attacker had entered the correct password but was blocked at the 2FA stage, which naturally raised alarm among Coinbase users. Several customers reached out to BleepingComputer, expressing concern that their accounts might have been breached. Many reported using unique passwords exclusively for Coinbase, found no signs of malware on their devices, and noticed no other suspicious account activity—adding to their confusion. Coinbase later confirmed the issue, clarifying that attackers had never made it past the password stage. 

The system had mistakenly classified these failed attempts as 2FA errors, even though the second authentication factor was never triggered. To correct the confusion, Coinbase issued an update that now properly logs such attempts as “Password attempt failed” in the account activity logs, removing any misleading implication of a 2FA failure. Such inaccuracies, while seemingly minor, can trigger unnecessary panic. Some affected users reset all their passwords and spent hours scanning their systems for threats—precautions prompted solely by the misleading logs. 

Security experts also warn that errors like this can become tools for social engineering. Misleading logs could be exploited by attackers to trick users into thinking their credentials had been stolen, potentially coercing them into revealing more information or clicking malicious links. Coinbase customers are frequently targeted in phishing and social engineering campaigns. These attacks often involve SMS messages or spoofed phone calls designed to trick victims into giving up 2FA tokens or login details.  

While there is no confirmed case of the mislabeled logs being used in such scams, BleepingComputer noted that some users had reported it. Regardless, Coinbase reiterated that it never contacts customers via phone or text to request password changes or 2FA resets. Any such communication should be treated as a scam attempt.
Read more »
Password Security
Account security blocking unauthorized access Customer Data Cyber Security Data Safety User Data Password Security

Zello Urges Password Resets Amid Potential Security Incident

 

Zello, a widely used push-to-talk mobile service with over 140 million users, has advised customers to reset their passwords if their accounts were created before November 2, 2024. This precautionary measure follows what appears to be a new security concern, though the exact nature of the issue remains unclear. Zello's actions suggest possible unauthorized access to user accounts. 
 

Zello’s Advisory and User Notification 

 
Starting November 15, 2024, users began receiving notifications from Zello recommending password changes. The notification stated: > 

“As a precaution, we are asking that you reset your Zello app password for any account created before November 2nd, 2024. We also recommend that you change your passwords for any other online services where you may have used the same password.” 
 
The notification also provided a link to a support page with instructions on how to reset passwords through the Zello app. 

Potential Causes: Data Breach or Credential Stuffing? 

 
While Zello has yet to provide further clarification, the lack of detailed communication has raised concerns among users. Efforts by media outlets to obtain a response from the company have been unsuccessful. 
 

The timing and scope of the notice suggest two possibilities: 

 
1. A Data Breach – Unauthorized access to Zello’s systems, potentially compromising user data. 
2. Credential Stuffing – A cyberattack method where attackers use stolen login credentials from other platforms to gain access to Zello accounts. 
 
Notably, the advisory affects only accounts created before November 2, 2024, indicating that the security event may have occurred around that date. 


Past Security Incidents 

This is not the first time Zello has faced a security issue. In 2020, the company experienced a data breach that compromised customer email addresses and hashed passwords, prompting a similar password reset. 

The Importance of Cybersecurity for Essential Services 

 
Zello plays a critical role in communication for sectors such as first responders, transportation, and hospitality, making robust security measures essential. The incident underscores the importance of adopting strong cybersecurity practices: 
- Use Unique, Complex Passwords: Avoid reusing passwords across multiple platforms. 
- Enable Two-Factor Authentication (2FA): Adds an additional layer of security and significantly reduces the risk of unauthorized access. 

User Vigilance and the Need for Transparency 


While Zello’s proactive warning is a positive step, users are calling for greater transparency regarding the root cause of the issue and the measures being taken to prevent future incidents. Organizations like Zello, which support essential communication services, have a heightened responsibility to ensure platform integrity and promptly address security vulnerabilities. 
 
In the meantime, users are strongly encouraged to follow Zello’s instructions and reset their passwords immediately. Taking these precautions can help safeguard personal data and reduce exposure to potential cyber threats. 

As cybersecurity threats continue to evolve, both service providers and users must remain vigilant to ensure the safety and security of their digital ecosystems.
Read more »
Password Security
Acunetix vulnerability administrative privileges Cyber Security device takeover risk IoT device vulnerability Network Security Password Security

Critical Security Flaw in SEIKO EPSON Devices Allows Unauthorized Access

 

A recent security vulnerability identified as CVE-2024-47295 poses a serious risk for several SEIKO EPSON devices, potentially granting attackers administrative control. This vulnerability stems from a weak initial password setup within SEIKO EPSON’s Web Config software, which manages network device settings for products like printers and scanners.

Web Config, a tool for configuring SEIKO EPSON devices via web browsers, lacks an administrative password on affected models when first connected to a network without prior configuration. This absence of a password allows any network user to establish a new password, gaining full access to the device.

The vulnerability report notes, “If the administrator password on the affected device is left blank, anyone accessing it through Web Config can set a new password.” An attacker with administrative rights could manipulate device settings, interrupt operations, or use the device to infiltrate broader network systems.

Currently, there is no available patch to fix this vulnerability. SEIKO EPSON urges users to set an administrative password immediately upon installation and network connection. The company’s Security Guidebook stresses this step in section 3, advising users to configure Web Config settings and secure the device with a strong password to block unauthorized access and mitigate the risk of this exploit.

SEIKO EPSON also advises caution with all networked devices. Unsecured IoT devices are frequently targeted by cybercriminals, and the CVE-2024-47295 vulnerability has received a CVSS score of 8.1, highlighting its high-risk level. Best practices to reduce risk include:

  • Using Strong, Unique Passwords: Set complex passwords during initial setup and avoid defaults.
  • Restricting Network Access: Limit access to trusted users and networks only.
  • Monitoring Device and Network Activity: Regularly review configurations and monitor network traffic for unusual activity.
With these steps, users can enhance device security and safeguard against potential threats.
Read more »
User Security
Complex Password Cyber Security Password Entropy Password Security User Security

Complicated Passwords Make Users Less Secure, Security Experts Claim

 

Using a variety of character types in your passwords and changing them on a regular basis are no longer considered best practices for password management.

This is according to new standards published by the United States National Institute of Standards and Technology, which develops and publishes guidelines to assist organisations in safeguarding their information systems.

The new guidelines were published in September 2024 as part of NIST's second public draft of SP 800-63-4, the most recent iteration of its Digital Identity guidelines. 

Change in password recommendations

Over the years, conventional wisdom recommended having complex passwords that included upper and lower case characters, numbers, and symbols. This complexity was intended to make passwords difficult to guess or crack using brute force assaults. 

However, these complex requirements frequently resulted in users developing bad habits, such as repeating passwords or selecting too basic ones that barely fit the rules, such as "P@ssw0rd123." Over time, NIST discovered that this emphasis on complexity was counterproductive, compromising security in practice. 

In its most recent guidelines, NIST has shifted away from enforcing complexity limits and towards encouraging longer passwords. There are a number of causes for this shift: 

Customer behaviour 

According to research, users frequently fail to remember complicated passwords, prompting them to reuse passwords across several sites or rely on easily guessable patterns, such as substituting letters with similar-looking numbers or symbols. The necessity by many organisations to change your password every sixty to ninety days—a practice that NIST no longer advises—further encouraged this behaviour. 

Password entropy 

Password strength is frequently tested using entropy, a measure of unpredictability. In other words, the total number of possible password combinations. The greater the number of potential options, or entropy, the more difficult it is for cybercriminals to crack the password using brute-force or guessing techniques. 

While complexity can contribute to entropy, length has a far greater impact. A lengthier password with more characters offers an exponentially greater number of possible combinations, making it more difficult for attackers to guess, even if the characters are simple. 

Human element

Long passwords that are easy to remember, such as passphrases composed of multiple basic words. For example, "big dog small rat fast cat purple hat jelly bat" in password form is "bigdogsmallratfastcatpurplehatjellobat" without the spaces, which is both secure and user-friendly. 

A password like this provides a balance between high entropy and convenience of use, preventing users from engaging in risky behaviours such as writing down passwords or reusing them.
Read more »
YubiKey
Cyber Security Digital Identity Eucleak Password Security YubiKey

Protecting Your Digital Identity: The Impact of EUCLEAK on FIDO Devices

Protecting Your Digital Identity: The Impact of EUCLEAK on FIDO Devices

A new vulnerability has emerged that poses a significant threat to FIDO devices, particularly those using the Infineon SLE78 security microcontroller. Thomas Roche of Ninja Labs discovered the flaw. This vulnerability, dubbed “EUCLEAK,” has raised concerns among security experts and users alike, as it allows threat actors to clone YubiKey FIDO keys.

The EUCLEAK Vulnerability

EUCLEAK is a sophisticated attack that targets the Elliptic Curve Digital Signature Algorithm (ECDSA) secret keys stored within FIDO devices. These keys are crucial for the authentication process, ensuring that only authorized users can access certain systems and data. The ability to extract and clone these keys undermines the security of the affected devices, potentially allowing unauthorized access.

The attack requires physical access to the device, specialized equipment, and advanced knowledge in electronics and cryptography. This means that while the attack is technically feasible, it is not easily executed by the average threat actor. However, the implications of such an attack are severe, especially for high-value targets where physical access to devices is a realistic threat.

Impact on YubiKey Devices

Yubico’s YubiKey 5 Series, which is widely used for two-factor authentication (2FA) and other security purposes, is among the affected devices. Yubico has acknowledged the vulnerability and rated the risk as moderate. The company has emphasized that the attack’s complexity and the need for physical access mitigate the overall risk to users.

Despite this, the discovery of EUCLEAK highlights the importance of continuous vigilance and improvement in the field of cybersecurity. As attackers develop more sophisticated methods, security measures must evolve to stay ahead of potential threats.

Mitigation and Response

In response to the EUCLEAK vulnerability, Yubico and other manufacturers using the Infineon SLE78 microcontroller are likely to implement firmware updates and other security measures to protect their devices. Users are advised to stay informed about updates and follow best practices for device security, such as keeping their firmware up to date and being cautious about physical access to their devices.

Additionally, organizations that rely on FIDO devices for authentication should review their security policies and consider additional layers of protection. This might include using multiple forms of authentication and regularly auditing their security infrastructure to identify and address potential vulnerabilities.

Impact on Companies vs Users

The EUCLEAK vulnerability has far-reaching impact on the cybersecurity landscape. For one, it highlights the evolving nature of security threats. Even devices designed with robust security measures can be vulnerable to sophisticated attacks. This realization should prompt both manufacturers and users to adopt a mindset of continuous improvement and vigilance.

For manufacturers, this means investing in ongoing research and development to identify and mitigate potential vulnerabilities before they can be exploited. It also means being transparent with users about risks and providing timely updates and support.

For users, the EUCLEAK vulnerability says a lot about the importance of physical security. While digital threats often dominate the conversation, physical access to devices remains a critical vector for attacks. 

Users should be mindful of where and how they store their security keys and consider additional protective measures, such as using tamper-evident seals or secure storage solutions.
Read more »
Stolen Credentials
Credential Theft Cyber Security Cyber Threats initial access breaches Malware attacks Password Security Stolen Credentials

Rising Threat of Stolen Credentials and Initial Access Breaches

 

Weak or reused passwords continue to pose significant risks for organizations, as criminals increasingly exploit stolen credentials to access user accounts. This trend has fueled a thriving market for stolen credentials and the initial access they provide. The ENISA Threat Landscape 2023 report highlights a year-over-year growth in the Initial Access Broker (IAB) market, with credentials being the primary commodity for sale.

Stealer malware frequently infiltrates victim machines through social engineering tactics, primarily phishing, and sometimes through paid distribution schemes using the Emotet and Qakbot botnets. Other campaigns entice users to download seemingly legitimate software via malvertising.

ENISA anticipates that future social engineering campaigns will adapt to new defensive measures aimed at protecting credentials from abuse.

Increasing Challenges with Stolen Credentials
Organizations face growing challenges with stolen credentials. The Verizon 2024 Data Breach Investigation Report (DBIR) reveals a 180% increase in attacks exploiting vulnerabilities to initiate breaches compared to the previous year. Stolen credentials were the leading initial action in breaches, accounting for 24%, just ahead of ransomware at 23%.

Fraudsters employ various methods to steal credentials, including malware that steals passwords and sells them on the dark web. Popular tools for this purpose include Redline, Vidar, and Raccoon Stealer. The FBI has warned of cybercriminals using search engine advertisements to impersonate brands and direct users to malicious sites that host ransomware to steal login credentials.

Credentials can also be compromised through brute force attacks, where cybercriminals use tools to test password combinations until the correct one is found. These methods range from simple trial and error to more sophisticated dictionary attacks, exploiting common password choices.

Potential for Major Breaches
The Solarwinds attack, described by Microsoft Corp President Brad Smith as "the largest and most sophisticated attack the world has ever seen," exemplifies the potential danger of stolen credentials. A compromised SolarWinds password was discovered on a private Github repository, where an intern had set the password "solarwinds123" on an account with access to the company's update server.

Other notable examples include the Dropbox breach, which impacted millions of users. A Dropbox employee reused a password from a LinkedIn breach, where millions of passwords were accessed by thieves.

ENISA notes that while abusing valid accounts for initial access is not a new technique, it remains effective for cybercriminals. Misconfigured accounts and those with weak passwords are particularly vulnerable. Although multi-factor authentication (MFA) can prevent many attacks, it is not foolproof, with actors intercepting MFA codes and harassing users with push notifications.

ENISA expects credentials to remain a focal point for cybercrime actors despite technical protective measures, as these actors continually find ways around them.

Cybersecurity experts recognize the danger of stolen credentials and the necessity of strong security measures. However, complacency is not an option. The threat posed by stolen credentials is constantly evolving, necessitating ongoing adaptation.

Organizations must enforce the creation of strong passwords resistant to brute force attacks and other forms of exploitation. Specops Password Policy can help build robust password policies by:

  • Generating personalized dictionary lists to prevent the use of commonly used words within the company.
  • Providing immediate and interactive updates to users when changing passwords.
  • Restricting the use of usernames, display names, certain words, consecutive characters, incremental passwords, and repeating parts of previous passwords.
  • Applying these features to any GPO level, computer, individual user, or group within the organization.
  • Continuously scanning for and blocking over 4 billion compromised passwords, ensuring that breached passwords are found daily.
Increasing overall password security, enforcing good password hygiene, and eliminating weak passwords enhance the security of Active Directory environments and privileged accounts. Organizations must prepare their defenses by scanning for password vulnerabilities in Active Directory to detect weak and compromised passwords.
Read more »
Subscribe to: Posts (Atom)