#1 Trusted Cybersecurity News Platform
The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Most Trusted Cyber Security and Computer Security Analysis: Breached Password

Why Ransomware in Education on the Rise and What That Means for 2023

Why Ransomware in Education on the Rise and What That Means for 2023

October 24, 2022The Hacker News
The breach of LA Unified School District (LAUSD) highlights the prevalence of password vulnerabilities, as criminal hackers continue to use breached credentials in increasingly frequent ransomware attacks on education. The Labor Day weekend breach of LAUSD brought significant  districtwide disruptions to access to email , computers, and applications. It's unclear what student or employee data the attackers exfiltrated. There is a significant trend in ransomware breaches in education, a highly vulnerable sector. The transitory nature of students leaves accounts and passwords vulnerable. The open environments schools create to foster student exploration and the relative naivete in the sector regarding cybersecurity invite attacks.  The breach at LAUSD and what happened afterward Four days post-breach, reports came that criminals had offered credentials for accounts inside the school district's network  for sale on the dark web  months before the attack. The stolen credential
Why Holidays Put Your Company at Risk of Cyber Attack (And How to Take Precautions)

Why Holidays Put Your Company at Risk of Cyber Attack (And How to Take Precautions)

December 09, 2021The Hacker News
It is a time when many are thinking of their families and loved ones, time off work, and gift-giving – the holidays. However, while many have their minds outside the realm of work during the holiday season, often, this is when attackers plan their most sinister attacks.  So how can you take precautions to protect your organization during these times? Why holidays put your company at risk of cyberattack Attackers today do not have a soft spot for businesses and give companies a break at any time of the year, especially not during holidays. On the contrary, any time of the year where companies may be less prepared to fend off a cyberattack is an opportunity for successful compromise. As a result, the holidays put your company at a higher risk of cyberattack.  Most end-users do not think about cybersecurity when surfing the web or receiving emails with holiday deals during the season. As a result, many let their guard down to a certain degree and become preoccupied and distracted m
Before and After a Pen Test: Steps to Get Through It

Before and After a Pen Test: Steps to Get Through It

October 21, 2021The Hacker News
An effective cybersecurity strategy can be challenging to implement correctly and often involves many layers of security. Part of a robust security strategy involves performing what is known as a penetration test (pen test). The penetration test helps to discover vulnerabilities and weaknesses in your security defenses before the bad guys discover these. They can also help validate remedial efforts and solutions put in place to overcome previously discovered security vulnerabilities.  Let's look more closely at the pen test. What is included in a penetration test? How are they performed, and by whom? What steps should be taken after a penetration test? What is a penetration test? 1 — Simulated cyberattack A penetration test is, for all practical purposes, a simulated cyberattack on your business. However, it is carried out by the "good guys." An outside resource often conducts a penetration test, whether a third-party security consulting company or another security entity. Securit
How Companies Can Protect Themselves from Password Spraying Attacks

How Companies Can Protect Themselves from Password Spraying Attacks

August 12, 2021The Hacker News
Attackers are using many types of attacks to compromise business-critical data. These can include zero-day attacks, supply chain attacks, and others. However, one of the most common ways that hackers get into your environment is by compromising passwords. The password spraying attack is a special kind of password attack that can prove effective in compromising your environment. Let's look closer at the password spraying attack and how organizations can prevent it. Beware of compromised credentials Are compromised credentials dangerous to your environment? Yes! Compromised credentials allow an attacker to "walk in the front door" of your environment with legitimate credentials. They assume all the rights and permissions to systems, data, and resources the compromised account can access. The compromise of a privileged account is even worse. Privileged accounts are accounts that have high levels of access, such as an administrator user account. These types of accounts r
How Does Your AD Password Policy Compare to NIST's Password Recommendations?

How Does Your AD Password Policy Compare to NIST's Password Recommendations?

January 07, 2021The Hacker News
End-user passwords are one of the weakest components of your overall security protocols. Most users tend to reuse passwords across work and personal accounts. They may also choose relatively weak passwords that satisfy company password policies but can be easily guessed or brute-forced. Your users may also inadvertently use  breached passwords  for their corporate account password. The  National Institute of Standards and Technology (NIST)  has a cybersecurity framework that helps organizations address common cybersecurity pitfalls in their environment, including weak, reused, and breached passwords. This post will take a closer look at the NIST password guidelines and see how you can effectively audit your password policies to ensure these meet the standards recommended by NIST. NIST Password Guidelines and Best Practices Specific guidance around passwords is addressed within the chapter titled  Memorized Secret Verifiers . NIST has several recommendations in regards to passwords
Deals — IT Courses and Software

Sign up for our cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.