Good Password Advice from the FBI

February 22, 2020 by Dave

The Portland office of the FBI released some password advice this week that was picked up by ZD Net. They suggest that just using pass phrases of multiple words, even without changes in case, numbers, punctuation, etc., is a good strategy because they’re easier for people to remember. What makes them good passwords is their length. Longer passwords take longer to crack. If you make your pass phrase long enough, it’s a good password even if its a series of words from the dictionary.

Dark Reading Attacks/Breachs

How to Help Spoil the Cybercrime Economy August 11, 2020

Cybercrime increasingly is turning into a commodity. Stolen PII data and hijacked cloud accounts especially propel the spread, research shows.

Gamifying Password Training Shows Security Benefits August 10, 2020

When picking passwords, users often fall back on certain insecure patterns, but good habits can be learned using simple games, a group of researchers find.

Better Business Bureau Warns of New Visa Scam August 10, 2020

Visa limitations due to the novel coronavirus have given rise to a wave of scams aimed at visa-seekers.

Q2 DDoS Attacks Triple Year Over Year: Report August 10, 2020

Distributed denial-of-service attacks have stayed consistently high throughout 2020, a shift from normal attack trends that researchers attribute to COVID-19.

Reddit Attack Defaces Dozens of Channels August 7, 2020

The attack has defaced the channels with images and content supporting Donald Trump.

Researcher Finds New Office Macro Attacks for MacOS August 7, 2020

Building successful macro attacks means getting past several layers of security, but a Black Hat speaker found a way through.

IoT Security During COVID-19: What We've Learned & Where We're Going August 7, 2020

Vigilance and ongoing training combined with an integrated security framework are key aspects of a successful strategy in the fight against the latest crop of pandemic opportunists.

Dark Reading Video News Desk Returns to Black Hat August 6, 2020

UPDATED: Coming to you prerecorded from in front of carefully arranged bookcases around the world ...!

Exploiting Google Cloud Platform With Ease August 6, 2020

Security engineer Dylan Ayrey and Cruise senior infrastructure security engineer Allison Donovan describe fundamental weaknesses in GCP identity management that enable privilege escalation and lateral movement.

Office 365's Vast Attack Surface & All the Ways You Don't Know You're Being Exploited Through It August 6, 2020

Mandiant incident response managers Josh Madeley and Doug Bienstock describe how thoroughly Microsoft 365 (formerly known as Office 365) extends into corporate networks, describe both sophisticated and simple attacks they've detected, and suggest mitigations as businesses rely more heavily on the cloud.