Nicholas Weaver – Computer Security Articles

LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

September 22, 2023 admin A Little Sunshine, data breaches, International Computer Science Institute, karim toubba, lastpass breach, Nicholas Weaver, The Coming Storm, Web Fraud 2.0, wladimir palant

Credit to Author: BrianKrebs| Date: Fri, 22 Sep 2023 23:41:09 +0000

The password manager service LastPass is now forcing some of its users to pick longer master passwords. LastPass says the changes are needed to ensure all customers are protected by their latest security improvements. But critics say the move is little more than a public relations stunt that will do nothing to help countless early adopters whose password vaults were exposed in a 2022 breach at LastPass.

Independent Krebs

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

September 5, 2023 admin 1password, A Little Sunshine, adblock plus, Ars Technica, chainalysis, data breaches, karim toubba, lastpass breach, metamask, Nicholas Weaver, nick bax, plex, taylor monahan, The Coming Storm, unciphered, Web Fraud 2.0, wladimir palant

Credit to Author: BrianKrebs| Date: Wed, 06 Sep 2023 00:21:07 +0000

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious people throughout the tech industry has led some security experts to conclude that crooks likely have succeeded at cracking open some of the stolen LastPass vaults.

Independent Krebs

Barracuda Urges Replacing — Not Patching — Its Email Security Gateways

June 8, 2023 admin barracuda networks, caitlin condon, cve-2023-2868, email security gateway, International Computer Science Institute, Latest Warnings, Mandiant, Nicholas Weaver, Rapid7, Time to Patch

Credit to Author: BrianKrebs| Date: Thu, 08 Jun 2023 20:17:06 +0000

It’s not often that a zero-day vulnerability causes a network security vendor to urge customers to physically remove and decommission an entire line of affected hardware — as opposed to just applying software updates. But experts say that is exactly what transpired this week with Barracuda Networks, as the company struggled to combat a sprawling malware threat which appears to have undermined its email security appliances in such a fundamental way that they can no longer be safely updated with software fixes.

Independent Krebs

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

February 28, 2023 admin A Little Sunshine, Allison Nixon, data breaches, International Computer Science Institute, Minecraft, Nicholas Weaver, roblox, Security Keys, SIM swapping, T-Mobile, tmo up, unit 221b, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Tue, 28 Feb 2023 16:14:57 +0000

Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests. In each case, the goal of the attackers was the same: Phish T-Mobile employees for access to internal company tools, and then convert that access into a cybercrime service that could be hired to divert any T-Mobile user’s text messages and phone calls to another device.

Independent Krebs

Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn

October 20, 2022 admin A Little Sunshine, Amazon, anastacia brown, apple, binance, employment fraud, indeed, jay pinho, LinkedIn, Mandiant, Nicholas Weaver, signalhire, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Thu, 20 Oct 2022 17:07:34 +0000

On October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc. The next day, half of those profiles no longer existed. A similarly dramatic drop in the number of LinkedIn profiles claiming employment at Amazon comes as LinkedIn is struggling to combat a significant uptick in the creation of fake employee accounts that pair AI-generated profile photos with text lifted from legitimate users.

Independent Krebs

Experian, You Have Some Explaining to Do

July 10, 2022 admin A Little Sunshine, arthur rishi, emory roan, Equifax, Experian, john turner, Latest Warnings, Nicholas Weaver, privacyrights.org, TransUnion, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Mon, 11 Jul 2022 04:07:15 +0000

Twice in the past month KrebsOnSecurity has heard from readers who’ve had their accounts at big-three credit bureau Experian hacked and updated with a new email address that wasn’t theirs. In both cases the readers used password managers to select strong, unique passwords for their Experian accounts. Research suggests identity thieves were able to hijack the accounts simply by signing up for new accounts at Experian using the victim’s personal information and a different email address.

Independent Krebs

DEA Investigating Breach of Law Enforcement Data Portal

May 12, 2022 admin A Little Sunshine, data breaches, Department of Justice, domain block list, Doxbin, drug enforcement administration, el paso intelligence center, emergency data request, Epic, esp.usdoj.gov, FBI, ICSI, kt, lapsus$, law enforcement inquiry and alerts, leia, national seizure system, Ne'er-Do-Well News, Nicholas Weaver, nss, spamhaus, The Coming Storm, u.s. drug enforcement agency

Credit to Author: BrianKrebs| Date: Thu, 12 May 2022 11:00:30 +0000

The U.S. Drug Enforcement Administration (DEA) says it is investigating reports that hackers gained unauthorized access to an agency portal that taps into 16 different federal law enforcement databases. KrebsOnSecurity has learned the alleged compromise is tied to a cybercrime and online harassment community that routinely impersonates police and government officials to harvest personal information on their targets.

Independent Krebs

Your Phone May Soon Replace Many of Your Passwords

May 7, 2022 admin A Little Sunshine, apple, FIDO Alliance, google, johannes ullrich, microsoft, Nicholas Weaver, sampath srinivas, sans, Security Tools, spycloud, steve bellovin, World Wide Web Consortium

Credit to Author: BrianKrebs| Date: Sat, 07 May 2022 13:31:17 +0000

Apple, Google and Microsoft announced this week they will soon support an approach to authentication that avoids passwords altogether, and instead requires users to merely unlock their smartphones to sign in to websites or online services. Experts say the changes should help defeat many types of phishing attacks and ease the overall password burden on Internet users, but caution that a true passwordless future may still be years away for most websites.

← Previous