Cyber Security Articles & News

We Need to Talk About NIST’s Dropped Password Management Recommendations

Passwords and their protection are among the most fundamental, essential aspects of enterprise data security. They also make up the bane of most users’ relationships with their enterprise devices, resources and assets. It seems no matter how stringent or lax your password policy is, the directive will be met with dissension from a significant portion of your staff. It’s frustrating for everyone — the IT department, C-suite and employees.

Read More >
TUNE IN: Kevin Mitnick is Going Down!

Kevin Mitnick and I are passionately debating the right password policy, using our decades of knowledge and real-life hacking experience.

Listen to it all go down. Register at https://event.on24.com/wcc/r/1856107/295DE6CAB72FFD67B1323DDF19759750?partnerref=SpiceRG2

Ever since the National Institute of Standards and Technology (https://www.nist.gov) submitted Special Publication 800-63 (https://pages.nist.gov/800-63-3/), Digital Identity Guidelines, for review a few years ago, the computer security world has been debating or intentionally ignoring its newest recommended password policies which run starkly contrarian to decades of previous advice. The new advice is so contrary to decades of previous advice, from the same organization, that virtually no one believes it. Certainly, almost no one is using it.

Read More »
Social Engineering - From the Trojan Horse to Firewalls

Social Engineering is, without a doubt, the oldest computer hack. A loose term defining a range of hacks and scams, social engineering has persisted through countless centuries of human history. Simple in premise, difficult to defend against, and constantly evolving, social engineering represents one of the single greatest threats to information security in the history of technology.

It’s easy to forget that even the most secure firewall combined with the latest and greatest security software is still operated by a human being behind the keyboard. That extra-tight security is only as secure as the person operating the machine. This often presents the easiest method of entry into a secure system, as human beings are much easier to trick than machines.

Read More »
The weakest link in safety is still man. Kevin Mitnick showed us how to outsmart us

Over the past 16 years, Kevin Mitnick's team of hackers broke into every company whose security he checked. - Those evil hackers are always looking for the weakest link in the security chain. In my opinion, most often these are people, not technology - said Mitnick on stage during the Business Insider Inside Trends conference at the Koneser Center in Prague. He showed that hackers are copying even the security cards of their victims during visits to office bathrooms.

Read More »
Famous and notorious hacker: ‘I’ve always done it for the challenge. Even though it was illegal'

It started as simple tricks with McDonalds, but then Kevin Mitnicks became more dangerous. Today he is an IT security consultant.

He has been on the blacklist of the US federal police, the famous and infamous hacker Kevin Mitnick, and his hacking history counts hundreds of attacks on technical systems.

Read More »
Facebook hack: What to do if you were one of the 50 million people who had their information exposed

Sheryl Sandberg, Mark Zuckerberg and me. And there's a good chance you, too.

Read More »
Yes, Google’s Security Key Is Hackable

Here is an article by Roger Grimes, Data-Driven Defense Evangelist at KnowBe4

Ever since Google told the world that none of its 85,000 employees had been successfully hacked (https://krebsonsecurity.com/2018/07/google-security-keys-neutralized-employee-phishing/) since they started implementing Security Keys, like Yubico’s YubiKey (https://www.yubico.com/products/yubikey-hardware/), I’ve been contacted by friends and the media about my thoughts.

Read More »
Lack of Security Awareness Training Allowed Russians to Hack American Election

KnowBe4, provider of the world's largest security awareness training and simulated phishing platform, analyzed the official indictment of the Russian GRU officers charged with interfering in the 2016 U.S. presidential election.

Read More »
BOOK REVIEW: Cybersecurity Classic The Art of Deception

Cybersecurity Classic The Art of Deception

The Art of Deception is a brilliant cybersecurity book written by legendary hacker Kevin Mitnick. In stunning detail, he shares how social engineering works — how he and other hackers con people into giving up passwords, account numbers, and social security numbers. Deception is how hackers acquire the keys to the kingdom. Published in 2002, it remains a cybersecurity classic. The primary point of his book? In cybersecurity, we, humans, are the weakest link.

Read More »
Phishing Attack Bypasses Two-Factor Authentication

Hacker Kevin Mitnick demonstrates a phishing attack designed to abuse multi-factor authentication and take over targets' accounts.

Businesses and consumers around the world are encouraged to adopt two-factor authentication as a means of strengthening login security. But 2FA isn't ironclad: attackers are finding ways to circumvent the common best practice. In this case, they use social engineering.

Read More »