I had to share this article by Mr. Krebs for a variety of reasons, not the least of which is I have seen ATM’s like this in the wild. It happens far too often and admins and users alike ignore the pitfalls for the sake of convenience. Beware!
A patch for the most recent vulnerability in LastPass has been released. Please review your browser extensions and patch accordingly.
This is a valuable cautionary tale and it happens more often than any of us want to admit. Insider threats are very real and should be considered as a valid risk in every level of IT Security planning.
This is an interesting read on password/passphrase length by the team at KnowBe4.
This is an intriguing draft document by NIST concerning SMS and two-factor authentication. This is a commonly used technique for many two-factor providers so conversion to more secure methods may take time. This is certainly not a finalized recommendation and adoption will take time if it moves forward.
This is a very good, common sense explanation of the “zero-day” vulnerability that has been discussed in the press for the popular password manager LastPass. I agree that caution is warranted, but I do not believe it is time to wholesale abandon the product or the use of password managers in general. Watch for the patch and apply as soon as possible.
Cisco has released their Mid-Year Cybersecurity report. Enjoy!