Hardly a month goes by without new reports on attacks exploiting vulnerable password-based authentication systems. Earlier this month, analysts at Morhus Labs discovered a malicious bot campaign they named GoldBrute. Mode of Attack GoldBrute is a botnet that aims to hack Remote Desktop Protocols (RDP) that have weak credentials. The bot scans through IPs from a list of 1.5M RDP servers [...]
In May, researchers from security firm Guardicore uncovered a massive campaign by Chinese hackers to break into online Windows servers and to infect them with cryptocurrency miners. Cryptominers are special malware that hijack the resources of the infected machine to solve complicated mathematical equations and collect cryptocurrency rewards. As explained by the security researchers, the hackers used sophisticated techniques along the [...]
Phishing is a serious and ever-present threat to businesses and individuals The development of increasingly sophisticated methods coupled with high success rates has caused phishing attacks to double over the past year. While phishing comes in many forms, all phishing methods are in essence an attempt to extract credentials from an unsuspecting user through some form of trickery or outright manipulation. [...]
Company Extends Passwordless Authentication Solution to European Enterprises; Establishes Presence in the United Kingdom, France and Italy TEL AVIV, Israel, May 30, 2019 /PRNewswire/ -- Secret Double Octopus, the pioneer of Passwordless Enterprise Authentication, today announced its expansion into the European market with a presence in the UK, France, and Italy. Customers and service providers across Europe will have direct access to local sales and technical support. The company's expansion comes as [...]
Telecom giant Verizon Wireless recently released their annual Data Breach Investigation Report for 2019. The Report lays out a data-driven assessment of threat trends and other stats on information-breach incidents over the previous year. Looking over the Report’s 78 pages, several important realities about the state of authentication security come to light. Stolen Passwords are Still #1 Threat The 2019 report [...]
We’ve all seen the classic hacker movie set-up. A master cyber criminal breaks into a network using his superior skills and top notch equipment. This is the type of story that’s really fun to watch. But it’s also science fiction. In the real world hackers usually don’t orchestrate elaborate hacks to penetrate systems. They aim to steal credentials. Why hack when [...]
While today’s tech world is fast developing individual accounts rights and privileges, many organizations are using shared credentials to access shared resources. Shared resources can be tied to pretty much any platform or network tool, from email accounts, to servers and databases. An organization may end up using shared accounts for a variety of reasons. Sometimes the particular online tool leaves [...]
If we could sum up our message at Secret Double Octopus, it would be that password authentication is outdated and dangerous. While the general risks of weak authentication are well known, often users don’t quite understand the full implications of this threat. We therefore decided to use this post to provide a more comprehensive overview of all the vulnerabilities of passwords--and [...]
Password management apps have become a common tool for both the individual consumer and businesses. On the surface, the attraction of these platforms is understandable. Password managers provide easy solutions for many of the tasks that go into keeping a handle on login credentials, from managing passwords for different accounts to sharing options between users. While the adoption of password managers [...]
Howdy,
