Good Password Advice from the FBI

February 22, 2020 by Dave

The Portland office of the FBI released some password advice this week that was picked up by ZD Net. They suggest that just using pass phrases of multiple words, even without changes in case, numbers, punctuation, etc., is a good strategy because they’re easier for people to remember. What makes them good passwords is their length. Longer passwords take longer to crack. If you make your pass phrase long enough, it’s a good password even if its a series of words from the dictionary.

Dark Reading Attacks/Breachs

Microsoft Exchange Server Exploits Hit Retail, Government, Education March 5, 2021

Mandiant researchers identify a range of victims affected in attacks targeting newly reported Microsoft Exchange Server vulnerabilities.

5 Ways Social Engineers Crack Into Human Beings March 5, 2021

These common human traits are the basic ingredients in the con-man's recipe for trickery.

Business Apps Spoofed in 45% of Impersonation Attacks March 4, 2021

Business-related applications like those from Microsoft, Zoom, and DocuSign are most often impersonated in brand phishing attacks.

Healthcare Still Seeing High Level of Attacker Activity March 4, 2021

Interest in vaccines is driving all sorts of activity, reports say, from vaccine-specific phishing to growing bot traffic on healthcare sites.

New Social Security Scam Spoofs Government Badges March 4, 2021

Criminals text or email photos of fake government identification badges to trick people into sending money.

Qualys Is the Latest Victim of Accellion Data Breach March 4, 2021

Security vendor confirms attackers exploited a previously disclosed vulnerability in the enterprise firewall technology to breach its network.

More Details Emerge on the Microsoft Exchange Server Attacks March 3, 2021

The attacks seem more widespread than initially reported, researchers say, and a look at why the Microsoft Exchange Server zero-days patched this week are so dangerous.

How SolarWinds Busted Up Our Assumptions About Code Signing March 3, 2021

With so much automation in code writing process, results are rarely double-checked, which opens the door to vulnerabilities and downright danger.

How Enterprises are Developing Secure Applications March 3, 2021

Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.

Microsoft Fixes Exchange Server Zero-Days Exploited in Active Attacks March 2, 2021

Microsoft fixes multiple Exchange Server vulnerabilities being weaponized in attacks from a group it believes operates out of China.