Good Password Advice from the FBI

February 22, 2020 by Dave

The Portland office of the FBI released some password advice this week that was picked up by ZD Net. They suggest that just using pass phrases of multiple words, even without changes in case, numbers, punctuation, etc., is a good strategy because they’re easier for people to remember. What makes them good passwords is their length. Longer passwords take longer to crack. If you make your pass phrase long enough, it’s a good password even if its a series of words from the dictionary.

Dark Reading Attacks/Breachs

A Startup With NSA Roots Wants Silently Disarming Cyberattacks on the Wire to Become the Norm May 11, 2021

Trinity Cyber takes a new spin on some traditional network-security techniques, but can its approach catch on widely?

Adobe Issues Patch for Acrobat Zero-Day May 11, 2021

The vulnerability is being exploited in limited attacks against Adobe Reader users on Windows.

Application Attacks Spike as Criminals Target Remote Workers May 11, 2021

Application-specific and Web application attacks made up 67% of all attacks in 2020 as criminal strategies shifted in the pandemic.

Critical Infrastructure Under Attack May 11, 2021

Several recent cyber incidents targeting critical infrastructure prove that no open society is immune to attacks by cybercriminals. The recent shutdown of key US energy pipeline marks just the tip of the iceberg.

Colonial Pipeline Cyberattack: What Security Pros Need to Know May 10, 2021

As the massive US pipeline operator works to restore operations after a DarkSide ransomware attack late last week, experts say it's a cautionary tale for critical infrastructure providers.

Tulsa Deals With Aftermath of Ransomware Attack May 10, 2021

Weekend attack shuts down several city sites and service.

Four Plead Guilty to RICO Conspiracy Involving Hosting Services for Cybercrime May 10, 2021

The "bulletproof hosting" organization hosted malware including Zeus, SpyEye, Citadel, and the Blackhole Exploit Kit.

Exchange Exploitation: Not Dead Yet May 10, 2021

The mass exploitation of Exchange Servers has been a wake-up call, and it will take all parties playing in concert for the industry to react, respond, and recover.

How North Korean APT Kimsuky Is Evolving Its Tactics May 7, 2021

Researchers find differences in Kimsuky's operations that lead them to divide the APT into two groups: CloudDragon and KimDragon.

FBI, NSA, CISA & NCSC Issue Joint Advisory on Russian SVR Activity May 7, 2021

The report provides additional details on tactics of Russia's Foreign Intelligence Service following public attribution of the group to last year's SolarWinds attack.