Passwordstate Warns of Ongoing Phishing Attacks Following Data Breach

Click Studios, the Australian software firm which confirmed a supply chain attack affecting its Passwordstate password management application, has warned customers of an ongoing phishing attack by an unknown threat actor.
“We have been advised a bad actor has commenced a phishing attack with a small number of customers having received emails requesting urgent action,” the company said in an
The Hacker News – Read More

3.2 Billion Leaked Passwords Contain 1.5 Million Records with Government Emails

A staggering number of 3.28 billion passwords linked to 2.18 billion unique email addresses were exposed in what’s one of the largest data dumps of breached usernames and passwords.
In addition, the leak includes 1,502,909 passwords associated with email addresses from government domains across the world, with the U.S. government alone taking up 625,505 of the exposed passwords, followed by the
The Hacker News – Read More

Alert — There’s A New Malware Out There Snatching Users’ Passwords

A previously undocumented malware downloader has been spotted in the wild in phishing attacks to deploy credential stealers and other malicious payloads.
Dubbed “Saint Bot,” the malware is said to have first appeared on the scene in January 2021, with indications that it’s under active development.
“Saint Bot is a downloader that appeared quite recently, and slowly is getting momentum. It was
The Hacker News – Read More

NIST and HIPAA: Is There a Password Connection?

When dealing with user data, it’s essential that we design our password policies around compliance. These policies are defined both internally and externally.
While companies uphold their own password standards, outside forces like HIPAA and NIST have a heavy influence. Impacts are defined by industry and one’s unique infrastructure. How do IT departments maintain compliance with NIST and HIPAA?
The Hacker News – Read More

SolarWinds Blame Intern for Weak Password That Led to Biggest Attack in 2020

As cybersecurity researchers continue to piece together the sprawling SolarWinds supply chain attack, top executives of the Texas-based software services firm blamed an intern for a critical password lapse that went unnoticed for several years. 
The said password “solarwinds123” was originally believed to have been publicly accessible via a GitHub repository since June 17, 2018, before the
The Hacker News – Read More