Tag Archive for: stronger

LastPass prompting users to set a stronger master password

/in


LastPass security breach | Promo image

LastPass faced a major attack in 2022 after hackers gained access to sensitive user data through an exploit found on the computer of one of the engineers working for the company. More than two years after this incident, LastPass has now announced new measures to better protect users’ data, who will now be required to set a stronger master password.

LastPass now requires stronger master password

In a blog post on Wednesday, LastPass says that users will now be asked to set a new master password to protect their account on the platform. This new password needs to be at least 12 characters long, whereas previously the master password only needed to be 8 characters long.

According to the company, while the National Institute of Standards and Technology (NIST) says that passwords must be at least 8 characters long, more advanced password cracking and brute force techniques have motivated the company to set a new, stronger standard. The password must also contain at least one special character, a number and an upper case letter.

The company reinforces that since last year, all new users or existing users who needed to reset their master password were already asked to set a 12-character password. With today’s change, everyone will be required to update their LastPass master password. LastPass also says it will check a database to make sure the new password hasn’t been leaked before.

By now enforcing a minimum 12-character master password requirement, along with the PBKDF2 iteration increases we delivered earlier this year, we are proactively helping our customers create stronger and more resilient encryption keys for accessing and encrypting their LastPass vault data.

A major security incident

LastPass doesn’t explicitly mention the security incident that affected the company in 2022, saying only that the changes “are being implemented in response to the constantly changing cyber threat environment.”

At the time, hackers gained access to data such as passwords, names, emails, addresses, phone numbers and more from LastPass customers. Last year, LastPass revealed that the credentials for the Amazon AWS servers used by the…

Source…

Stronger ransomware protection finally pays off

/in


60% of companies are ‘very’ to ‘extremely’ concerned about ransomware attacks, according to latest research from Hornetsecurity.

ransomware protection awareness

Businesses acknowledge ransomware risk

Hornetsecurity revealed that 92.5% businesses are aware of ransomware’s potential for negative impact. Still, just 54% of respondents said their leadership is ‘actively involved in conversations and decision-making’ around preventing such attacks. 39.7% said they were happy to ‘leave it to IT to deal with the issue’.

“Our survey is a timely reminder that ransomware protection is key to ongoing success. Organizations cannot afford to become victims –ongoing security awareness training and multi-layered ransomware protection is critical to ensure there are no insurmountable losses,” said Daniel Hofmann, CEO of Hornetsecurity.

Reassuringly, 93.2% of respondents rank ransomware protection as ‘very’ to ‘extremely’ important in terms of IT priorities for their organization, and 87.8% of respondents confirmed they have a disaster recovery plan in place for a ransomware attack.

However, that leaves 12.2% of organizations without a disaster recovery plan. Of those companies, more than half cited a ‘lack of resources or time’ as the primary reason. Additionally, one-third of respondents said a disaster recovery plan is ‘not considered a priority by management’.

Organizations urged to stay alert as ransomware evolves

Since 2021, Hornetsecurity has found relatively small changes in the percentage of respondents saying their organizations have fallen victim to a ransomware attack: 21.1% in 2021, 23.9% in 2022, but a new low of 19.7% in 2023.

Additionally, companies that reported paying a ransom are down from 9.1% in 2021 to 6.9% in 2023.

Some of the data in this survey show positive results, with most respondents reporting they understand the importance of protection, and a drop in ransomware attack victims in 2023, showing companies are becoming more vigilant in their data protection.

However, ransomware attacks continue to evolve, so organizations must maintain this vigilance. In 2023, 81% of respondents reported they are receiving end-user training in comparison to 2021,…

Source…

How to use Google passkeys for stronger security on Android

/in


Still signing into your Google account by tapping out an actual password? That’s, like, so 2022.

Now, don’t get me wrong: The tried-and-true password is perfectly fine, especially if you’re using it in conjunction with two-factor authentication. But particularly for something as important as your Google account, you want to have the most effective security imaginable to keep all your personal and/or company info safe.

And starting this week, you’ve got a much better way to go about that.

Go, go, Google passkeys

So here it is: Google just announced the first official availability of something called passkeys as a way to sign into Google services. In the simplest possible terms, using a passkey means anytime you’d traditionally be prompted to put in your Google account password, you’ll instead be able to securely authenticate yourself via your phone’s face identification system or fingerprint scanner.

[Get fresh Googley advice and insight in your inbox every Friday with my Android Intelligence newsletter. Three new things to try every Friday!]

Why’s that so much better, you might be wondering? Well, I’ll tell ya:

Source…

NCC Alerts On Stronger Cyber Security Measures

/in


The Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has urged organisations to adopt stronger cyber security measures like ensuring their employees use strong, unique passwords for every account and enabling multi-factor authentication wherever it is supported to prevent ransomware attacks.

The warning was contained in an advisory issued at the weekend by the NCC director of public affairs, Reuben Muoka, even as it advised organisations to ensure regular systems backup.

The advisory came after the Yanluowang threat actors gained access to Cisco’s network using an employee’s stolen credentials after hijacking the employee’s personal Google account containing credentials synced from their browser.

Ransomware is a malware designed to deny a user or organisation access to files on their computer until they pay the attackers. Cisco reported the security incident on its corporate network but said it did not identify any impact on its business although the threat actors had published a list of files from this security incident on the dark web on August 10.

NCC-CSIRT estimated potential damage from the incident to be critical while predicting that successful exploitation of the ransomware will result in ransomware deployment to compromise computer systems, sensitive products and customers’ data theft and exposure, as well as huge financial loss to organisations by incurring significant indirect costs and could also mar their reputations.

The team said; “The first step to preventing ransomware attacks is to ensure that employees are using strong, unique passwords for every account and enabling multi-factor authentication wherever it’s supported.”

It further disclosed that “In response to the attack, Cisco has immediately implemented a company-wide password reset. Users of Cisco products should ensure a successful password reset.“

As a precaution, the company has also created two Clam AntiVirus signatures (Win.Exploit.Kolobko-9950675-0 and Win.Backdoor.Kolobko-9950676-0) to disinfect any potentially compromised assets.

Clam AntiVirus Signatures (or ClamAV) is a multi-platform antimalware toolkit that can detect a wide…

Source…