HackDig : Dig high-quality web security articles

How to enable Facebook’s hardware key authentication for iOS and Android

Since 2017 desktop users have had the opportunity to use physical security keys to log in to their Facebook accounts. Now iOS and Android users have the same option too. Physical security keys are a more secure option for two-factor authentication (2FA) than SMS (which is vulnerable to SIM swap attacks and phishing), and apps that generate codes or push noti
Publish At:2021-03-22 21:24 | Read:207 | Comments:0 | Tags:How-tos 2fa facebook mfa security keys IOS android

Industrial Remote Access: Why It’s Not Something to Fear

Increased uptime? Check. Better access to outside expertise? Check. Improved first-time-fix rate? Check.These are just some of the benefits of industrial remote access. Yet many customers are reluctant to embrace remote access. Not only that, but incidents such as the breach at the Oldsmar water utility might increase organizations’ reluctance to use remote
Publish At:2021-02-18 06:38 | Read:349 | Comments:0 | Tags:ICS Security MFA remote access Utilities water

Cybercriminals want your cloud services accounts, CISA warns

On January 13 the Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about several recent successful cyberattacks on various organizations’ cloud services. What methods did the attackers use? In the initial phase, the victims were targeted by phishing emails trying to capture the credentials of a cloud service account. Once the at
Publish At:2021-01-14 18:42 | Read:355 | Comments:0 | Tags:Awareness bec brute force cisa cloud services IOCs mfa pass-

“I have full control of your device”: Sextortion scam rears its ugly head in time for 2021

Malwarebytes recently received a report about a fresh spate of Bitcoin sextortion scam campaigns doing the rounds. Bitcoin sextortion scams tend to email you to say they’ve videoed you on your webcam performing sexual acts in private, and ask you to pay them amount in Bitcoin to keep the video (which doesn’t exist) private. This type of blackm
Publish At:2021-01-07 15:06 | Read:493 | Comments:0 | Tags:Social engineering bitcoin blackmail email 2020 BitCoin Scam

Spotify resets some user logins after hacker database found floating online

A team of researchers working for vpnMentor has found a treasure trove in the form of an unsecured Elasticsearch database containing over 380 million records. The trove contained login credentials and other data belonging to Spotify users. So what’s Spotify doing leaving its user data hanging around on an unsecured database? Answer: It’s not.
Publish At:2020-11-25 13:36 | Read:459 | Comments:0 | Tags:Reports 2fa credential stuffing database Elasticsearch mfa P

RegTech explained: a crucial toolset for the financial industry

Every organization in the financial industry needs to meet certain regulatory obligations, even if it’s just filing a tax return or submitting an annual report. In certain industries, such as financial services, they’ve added their own additional sets of rules that must be adhered to. For example, organizations who take and process credit card payments
Publish At:2020-11-06 13:17 | Read:613 | Comments:0 | Tags:Explained AI big data cloud compliance financials identity t

How to Leverage MTD Solutions to Comply with NIST 800-124r2 Guidelines

Prior to the global pandemic, we were beginning to see a shift in companies realizing the need for mobile device and app security. Private and public sector organizations alike, began to see how hackers were breaching and compromising mobile devices and – in turn – putting their employees and the companies themselves at risk.  And then came COVI
Publish At:2020-09-08 14:42 | Read:1170 | Comments:0 | Tags:Mobile Threat Defense COVID-19 MFA MTD NIST VPN

10 best practices for MSPs to secure their clients and themselves from ransomware

Lock-downs and social distancing may be on, but when it comes to addressing the need for IT support—whether by current of potential clients—it’s business as usual for MSPs. And, boy, is it a struggle. On the one hand, they keep an eye on their remote workers to ensure they’re still doing their job securely and safely in the comfort of their own homes.
Publish At:2020-05-24 07:20 | Read:1163 | Comments:0 | Tags:How-tos account management B2B backup backups best MSP pract

Watch out for Office 365 and G Suite scams, FBI warns businesses

byJohn E DunnThe menace of Business Email Compromise (BEC) is often overshadowed by ransomware but it’s something small and medium-sized businesses shouldn’t lose sight of.Bang on cue, the FBI Internet Crime Complaint Center (IC3) has alerted US businesses to ongoing attacks targeting organisations using Microsoft Office 365 and Google G Suite.Warnings
Publish At:2020-03-10 10:50 | Read:1352 | Comments:0 | Tags:BEC Google Microsoft Security threats business email comprom

99% of compromised Microsoft enterprise accounts lack MFA

byJohn E DunnCybercriminals compromise 0.5% of all Microsoft enterprise accounts every month because too few customers are using multi-factor authentication (MFA), the company has revealed.In a presentation uploaded to YouTube from the recent RSA Security Conference, director of Identity Security Alex Weinert said 1.2 million accounts were compromised in Jan
Publish At:2020-03-09 08:17 | Read:1216 | Comments:0 | Tags:2-factor Authentication Microsoft Privacy Security threats W

Explained: the strengths and weaknesses of the Zero Trust model

In a US court of law, the accused are deemed to be innocent until proven guilty. In a Zero Trust security model, the opposite is true. Everything and everyone must be considered suspect—questioned, investigated, and cross-checked—until we can be absolutely sure it is safe to be allowed. Zero Trust is a concept created by John Kindervag in 2010 during his
Publish At:2020-01-28 16:50 | Read:1564 | Comments:0 | Tags:Explained byod cloud framework identity management insider t

Threat spotlight: Phobos ransomware lives up to its name

Ransomware has struck dead on organizations since it became a mainstream tool in cybercriminals’ belts years ago. From massive WannaCry outbreaks in 2017 to industry-focused attacks by Ryuk in 2019, ransomware’s got its hooks in global businesses and shows no signs of stopping. That includes a malware family known as Phobos ransomware, named afte
Publish At:2020-01-10 16:50 | Read:2628 | Comments:0 | Tags:Threat spotlight brute force coveware crysis crysis ransomwa

When can we get rid of passwords for good?

Or perhaps I should have asked, “Can we ever get rid of passwords for good?” The security world knows passwords are a problem. Products ship with default passwords that are never changed. People reuse old passwords or adopt easy-to-guess passwords that hackers easily defeat via brute force. Or users simply can’t keep up with having to re
Publish At:2019-10-16 23:20 | Read:1899 | Comments:0 | Tags:Awareness 2fa authentication mfa passwords

Dropbox User Credentials Stolen: A Reminder To Increase Awareness In House

Trust is an important part of online business today, especially in light of so many high profile data breaches and stolen identities. Most recently, according to ARS Technica, an anonymous hacker made a series of posts to Pastebin, claiming that the posts contained login credentials for hundreds of Dropbox users. The hacker also claimed that near
Publish At:2014-10-14 22:55 | Read:4320 | Comments:0 | Tags:Security Symantec Security Insights Blog 2-factor authentica