Good Password Advice from the FBI

February 22, 2020 by Dave

The Portland office of the FBI released some password advice this week that was picked up by ZD Net. They suggest that just using pass phrases of multiple words, even without changes in case, numbers, punctuation, etc., is a good strategy because they’re easier for people to remember. What makes them good passwords is their length. Longer passwords take longer to crack. If you make your pass phrase long enough, it’s a good password even if its a series of words from the dictionary.

Dark Reading Attacks/Breachs

Chinese APT Groups Targeted Enterprise Linux Systems in Decade-Long Data Theft Campaign April 7, 2020

Organizations across multiple industries compromised in a systematic effort to steal IP and other sensitive business data, BlackBerry says.

Cybercriminals Hide Malware & Phishing Sites Under SSL Certificates April 7, 2020

More than half of the top 1 million websites use HTTPS, researchers report, but not all encrypted traffic is safe.

71% of Security Pros See Threats Jump Since COVID-19 Outbreak April 7, 2020

Phishing is the top threat, followed by websites offering false information about the pandemic, malware, and ransomware attacks.

Using Application Telemetry to Reveal Insider & Evasive Threats April 7, 2020

Data from application processes and other systems leave a trail of threat crumbs that can be used to detect and shut down attacks.

More Attackers Have Begun Using Zero-Day Exploits April 6, 2020

Vendors of offensive cyber tools have made it easy for any threat group with the right funds to leverage unpatched bugs, FireEye says.

Misconfigured Containers Again Targeted by Cryptominer Malware April 6, 2020

An attack group is searching for insecure containers exposing the Docker API and then installing a program that attempts to mine cryptocurrency. It's not the first time.

Microsoft: Emotet Attack Shut Down an Entire Business Network April 6, 2020

The infection started with a phishing email and spread throughout the organization, overheating all machines and flooding its Internet connection.

FBI Warns of BEC Dangers April 6, 2020

A new PSA warns of attacks launched against users of two popular cloud-based email systems.

Mozilla Patches Two Critical Zero-Days in Firefox April 6, 2020

The latest release of Firefox brings fixes for two Critical vulnerabilities already seen exploited in the wild.

Why Humans Are Phishing's Weakest Link April 6, 2020

And it's not just because they click when they shouldn't... they also leave a trail of clues and details that make them easy to spoof