dcsimg
April 21, 2020

The passwordless present: Will biometrics replace passwords forever?

When it comes to securing your sensitive, personally identifiable information against criminals who can engineer countless ways to snatch it from under your nose, experts have long recommended the use of strong, complex passwords. Using long passphrases with combinations of numbers, letters, and symbols that cannot be easily guessed has been the de facto security guidance for more than 20 years. … [Read more...]

Filed Under: Apple, behaviometrics, biometrics, brute force, CCC, Chaos Computer Club, Dirk Engling, DNA testing, eyeDisk, facebook, facial recognition, fingerprint recognition, fingerprint scanning, Frank Rieger, gait recognition, Google, Henry Classification System, iris recognition, iris scanning, João de Barros, John Seymour, Madhusudhan R, passwords, PenTest Partners, privacy, Samsung, Samsung Galaxy, Shashidhara R, signature analysis, Sir W.J. Herschel, speaker recognition, TouchID, voice deepfake, voice recognition
January 10, 2020

Threat spotlight: Phobos ransomware lives up to its name

Ransomware has struck dead on organizations since it became a mainstream tool in cybercriminals’ belts years ago. From massive WannaCry outbreaks in 2017 to industry-focused attacks by Ryuk in 2019, ransomware’s got its hooks in global businesses and shows no signs of stopping. That includes a malware family known as Phobos ransomware, named after the Greek god of fear. Phobos is … [Read more...]

Filed Under: brute force, coveware, crysis, crysis ransomware, dharma, Dharma ransomware, disorganised crime, mfa, Multi-Factor Authorization, Phobos, Phobos NextGen, Phobos NotDharma, Phobos ransomware, raas, ransomware, Ransomware as a Service, rdp, remote desktop protocol, Server Message Block, SMB, Sodinokibi, threat spotlight, virtual private networks, vpn
March 21, 2019

Are hackers gonna hack anymore? Not if we keep reusing passwords

Enterprises have a password problem, and it’s one that is making the work of hackers a lot easier. From credential stuffing to brute force and password spraying attacks, modern hackers don’t have to do much hacking in order to compromise internal corporate networks. Instead, they log in using weak, stolen, or otherwise compromised credentials. Take the recent case of Citrix as an example. The FBI … [Read more...]

Filed Under: brute force, credential stuffing, cybercrime, enterprise, enterprises, hackers, Hacking, password managers, password spraying, reusing passwords, weak passwords
September 21, 2018

Simple Authentication and Security Layer (SASL) vulnerabilities

Simple Authentication and Security Layer (SASL) is an authentication layer used in Internet protocols. SASL is not a protocol, but rather a framework that provides developers of applications and shared libraries with mechanisms for authentication, data integrity–checking, and encryption. Within the framework and a few of its plugins, there are a couple of known vulnerabilities that we want to make … [Read more...]

Filed Under: authentication, brute force, cybercrime, denial of service, Exploits, mailserver, sasl, Simple Authentication and Security Layer, vulnerabilities
September 14, 2018