Guest Post: Are You Making These Common Password Mistakes? Here’s What You Need to Know 

Posted in Commentary with tags on May 15, 2025 by itnerd

By Egidijus Navardauskas –  Head of Security at Hostinger

Weak passwords remain one of the biggest drivers of data breaches, with over 80% of incidents linked to compromised credentials. To better understand why so many passwords fail to offer real protection, Hostinger’s experts analyzed thousands of real-world entries across multiple leaked datasets. Using a combination of machine learning and behavioural analysis, we identified the most common password mistakes and why users keep making them.

Here are the top mistakes identified:

1. Using Short Passwords

Insight: 21.7% of the passwords we analyzed were under 8 characters – all of them were cracked instantly.

Why it Happens: Short passwords are quicker to type and easier to remember. But they’re also the first to fall to brute-force attacks.What You Can Do Now: Make sure your password is at least 12 characters long, ideally using a phrase or sentence you’ll remember.

2. Using “Unique” Passwords

Insight: Passwords that look unique (like “minebluecar67”) are often made from low-entropy patterns that are easy to break.Why it Happens: People choose familiar word-number combinations, thinking they’re safer than generic passwords. But these formats are highly predictable.

What You Can Do Now: Mix uppercase, lowercase, numbers, and special characters, and avoid common words or patterns.

3. “Very Weak” Doesn’t Always Mean “Short

Insight: Even though some of these passwords were over 20 characters long, they had a 13% crack rate, making them nearly as easy to break as much shorter passwords.Why it Happens: People assume longer passwords are automatically stronger, but repetition lowers security (like “aaaaaaa” or “123123123”).

What You Can Do Now: Avoid repetition. Variety in structure is just as important as overall length.

4. Not Knowing Breached Passwords

Insight: A large portion of passwords used today still appear in the top 10 million most leaked passwords. In our study, 475 passwords matched high-frequency entries from global breach lists.

Why it Happens: People aren’t aware their credentials have been compromised, or they reuse old passwords out of habit.What You Can Do Now: Use sites like “Have I Been Pwned” to regularly check your credentials and avoid reusing any password that appears on a known breach list.

“A lot of people assume that once they’ve set up their privacy settings or chosen a strong password, they’re fully protected. But the truth is, security and privacy are ongoing processes. New threats and vulnerabilities appear constantly, and the platforms we use are always evolving. Staying safe means staying alert — regularly reviewing your privacy settings, keeping your passwords strong and unique, and making sure two-factor authentication (2FA) is active are just as important as the initial setup. Security-related settings should be maintained over time to ensure they still reflect your needs and provide the right level of protection.” 

Leave a comment »

Rogers Xfinity TV now delivers the most content in Canada

Posted in Commentary with tags on May 15, 2025 by itnerd

Rogers Xfinity TV offers the most content of any television provider in Canada with the addition of more than 150 international channels in over 20 languages. Now Rogers customers can access more than 480 channels and experience more of the world from home, only on Rogers Xfinity TV.

According to a recent survey of Canadians who speak multiple languages, in-language content is important to 84% to stay connected to their culture and heritage.

Rogers newly expanded international TV channel offering is available with Rogers Xfinity TV packages in Free Preview through June 17 for customers to explore the world from the comfort of their home. When the preview is over, customers can customize their entertainment experience by subscribing to these international TV channels and theme packs.

Rogers Xfinity TV brings the most TV content – live sports, entertainment and news from Canada and around the world – with on-demand and streaming apps together on one platform to deliver the best entertainment experience.

To learn more, visit rogers.com/Xfinityy.

Leave a comment »

How long does it take for organizations to report a data breach?

Posted in Commentary with tags on May 15, 2025 by itnerd

Comparitech researchers have published a new study looking the average time it takes for organizations to report data breaches. With data from 2,600 attacks in the US since 2018, the researchers will analyze not only the average time it takes, but break it down across industries — education, healthcare, law, etc. — as well as by year. 

Some key findings include: 

  • The average time to report a data breach following a ransomware attack is 4.1 months
  • Ransomware attacks in 2023 saw the highest average data breach reporting time (5.1 months)
  • Education had the highest average with over 4.8 months
  • Healthcare had the lowest average with just under 3.7 months
  • Businesses took an average of 4.2 months with those in the legal sector taking the longest (6.4 months)
  • The longest known reporting period is 38 months
  • States with specific timeframes for reporting a data breach had a slightly lower average reporting period than those without (3.9 months compared to 4.2 months)

The report can be read here: https://www.comparitech.com/news/average-data-breach-report-time-ransomware-attack/

Leave a comment »

32 Million Records Allegedly Belonging to The Epoch Times Listed Online

Posted in Commentary with tags on May 15, 2025 by itnerd

Recently, the Safety Detectives Team stumbled upon a forum post where a threat actor has listed a database containing 32 Million records allegedly belonging to The Epoch Times.

According to the author’s claims, the data consists of 32 million records, containing The Epoch Times subscribers’ usernames, full names, phone numbers, credit card numbers, card expiration dates, billing addresses, invoices, emails, devices, and locations.

This data is sensitive because it could be used by malicious actors to prepare and execute various types of attacks on the affected customers.

Their full report can be accessed here: https://www.safetydetectives.com/news/epoch-leak-report/

Leave a comment »

Flashpoint publishes blog on position re: European Vulnerability Database (EUVD) and its role in vuln intelligence

Posted in Commentary with tags on May 14, 2025 by itnerd

I wanted to highlight a blog that Flashpoint published today about the European Vulnerability Database (EUVD).

The blog offers commentary about the following:

  • Can the EUVD replace the DVE ecosystem?
  • Was the release of EUVD fueled by MITRE funding uncertainty?

The blog is located here.

Leave a comment »

Stealer Logs: How stolen credentials fuel ransomware

Posted in Commentary with tags on May 14, 2025 by itnerd

This week, the experts at SOCRadar published an in-depth analysis into one of the most quietly dangerous threats in cyber today: stealer logs. 

Infostealer malware like RedLine, Lumma, and Vidar are being used to silently steal credentials, browser session cookies, and crypto wallets from infected machines, and then package that data into searchable logs sold across Telegram, dark web markets, and hacker forums.

The analysis takes a look at: 

  1. What stealer logs are and what data is collected through them.
  2. The top 10 attacks involving stealer logs, including the MGM and Caesars breaches via Okta in 2023. 
  3. Real-world use cases of stealer log exploitation. 
  4. How stealer logs are traded on the dark web. 
  5. And a breakdown of which regions are most impacted.

For full details, please visit the analysis here: https://socradar.io/stealer-logs-everything-you-need-to-know/

Leave a comment »

Major UK retail hacks arising from sophisticated service desk social engineering says Specops

Posted in Commentary with tags on May 14, 2025 by itnerd

Beginning in early 2025, the RaaS (ransomware-as-a-service) group, DragonForce has allegedly been working with affiliates Scattered Spider to aggressively target high-profile UK retailers including Marks & Spencer, Co-op, and Harrods. 

In the Marks & Spencer incident, the affiliates reportedly used social-engineering attacks on service desks to gain initial access before unleashing DragonForce’s ransomware. By deploying this ransomware to encrypt networks, the threat actors have caused major disruptions to online orders and payment systems, and have threatened the publication of customer and employee data. 

Specops Software has recently released three analyses on the Marks & Spencer attack, each diving into distinct aspects of the incident: 

  1. The Rise of Ransomware-as-a-Service (RaaS): Groups like DragonForce are operating on a franchise model, providing ransomware tools to affiliates, thereby lowering the technical barrier for launching attacks. This analysis covers DragonForce, its RaaS model, how it works, how it was used in the M&S attack, and the possible infighting that’s been occurring between DragonForce and RansomHub. 
  2. Service Desk Exploitation: Scattered Spider has demonstrated how easily service desks can be manipulated, emphasizing the need for stringent verification processes. This analysis discusses Scattered Spider’s alleged role in the M&S, Co-op, and Harrods attacks, the service desk M.O. that the group seems to employ, and how organizations can defend against these attacks. 
  3. Active Directory Vulnerabilities: The theft of NTDS.dit files, containing password hashes, highlights the critical importance of securing Active Directory environments. This final analysis explains the impact of service desk attacks on Active Directory data bases, as well as what organizations can do to protect their ADs.  

All of these are worth reading if you are responsible for defending your organizations from threat actors.

Leave a comment »

Idaho hospital notifies 34K people of data breach that compromised SSNs, health info

Posted in Commentary with tags on May 14, 2025 by itnerd

Weiser Memorial Hospital in Idaho this week confirmed it notified 34,249 people of a September 2024 data breach that compromised names, SSNs, government-issued ID numbers, treatments and procedures, medical diagnoses, health insurance info, and DOBs. Ransomware gang Embargo claimed responsibility for the breach in September 2024, but Weiser has not yet verified this. 

In a blog post reporting this news, Paul Bischoff, Consumer Privacy Advocate at Comparitech, wrote:

“Embargo is a ransomware gang that started claiming attacks in April 2024. The group operates a ransomware-as-a-service business in which affiliates pay Embargo to use its malware and infrastructure to launch attacks and collect ransoms.”

“Embargo has claimed 14 confirmed ransomware attacks since it began, compromising about 736,000 records. Another 10 unconfirmed claims haven’t been acknowledged by the targeted organizations.”

“Comparitech researchers logged 161 confirmed ransomware attacks on US hospitals, clinics, and other direct care providers in 2024, compromising 27.2 million records. In 2025 to date, we tracked 20 such attacks affecting nearly 1.6 million records. The average ransom across all attacks is about $1.03 million.”

“Ransomware attacks on US hospitals, clinics, and other care providers can cripple key systems and endanger the privacy and security of patients. Providers must pay a ransom or face extended downtime, data loss, and putting patients and staff at increased risk of fraud. Hospitals and clinics might have to resort to pen and paper, cancel appointments, and divert patients elsewhere until systems are restored.”

The Embargo ransomware gang is new to me. Which illustrates how fast new ransomware gangs are popping up. That’s incredibly bad for all of us as there are more threat actors out there that can do harm to organizations. What needs to happen is the conditions need to exist to make ransomware less profitable so to speak, which in turn will reduce the number of threat actors making the world a bit safer.

Leave a comment »

US Threat Landscape Report on ransomware, malware, stealer logs, and more

Posted in Commentary with tags on May 14, 2025 by itnerd

This week, researchers at SOCRadar released their 2025 USA Threat Landscape Report. This report, based on data collected between April 2024 through March 2025, analyzes several aspects of the current US threat landscape including ransomware threats, stealer logs statistics, phishing breaches, and DDoS stats. 

Key findings include: 

  • Information services, finance, and public administration sectors are the most targeted industries, both in phishing and dark web threats.
  • Selling and sharing stolen data dominate dark web forums, representing over 93% of activities, signaling an active criminal marketplace.
  • Data and unauthorized access are the top commodities, with 57.46% of dark web posts related to stolen databases.
  • RansomHub, PLAY Ransomware, and Akira are leading ransomware groups targeting the US, but a diverse set of other actors make up the majority.
  • Phishing attacks heavily target the Crypto/NFT, information services, and public sector, leveraging fake pages that increasingly use HTTPS (76.4%) to appear legitimate.
  • Stealer logs show massive credential exposure, with over 630,000 email/password pairs leaked, alongside credit card data and victim IP addresses.
  • Popular domains compromised include Reddit, Bing, Instagram, Facebook, and Amazon, highlighting the targeting of mainstream platforms.

For full details, the report can be read here: https://socradar.io/wp-content/uploads/2025/05/USA-Threat-Landscape-Report-2025.pdf

Leave a comment »

Fashion Retailer Dior Discloses Cyberattack

Posted in Commentary with tags on May 14, 2025 by itnerd

It is being reported that fashion luxury brand House of Dior has had a cybersecurity incident which was discovered on May 7. The incident exposed customer information. From Bleeping Computer:

A spokesperson for the firm told BleepingComputer that the incident impacts Dior Fashion and Accessories customers. Currently, cybersecurity experts are investigating the incident to determine its scope.

“The House of Dior recently discovered that an unauthorized external party accessed some of the data we hold for our Dior Fashion and Accessories customers,” stated the spokesperson.

“We immediately took steps to contain this incident. The teams at Dior, supported by leading cybersecurity experts, continue to investigate and respond to the incident.”

Dior clarified to BleepingComputer that the incident did not expose account passwords or payment card information, as these were stored in a different database that remained unaffected.

“No passwords or payment information, including bank account or payment card information, were in the database affected in the incident.”

“We are working to notify relevant regulators and customers in line with applicable law.”

Javvad Malik, lead security awareness advocate at cybersecurity company KnowBe4, commented:

“Dior’s disclosure, while prompt, employs notably measured language regarding the scope of affected data. This careful phrasing “some of the data we hold” leaves considerable ambiguity about the true extent of the compromise, which is problematic from a transparency standpoint.

While the non-exposure of payment information and credentials provides some reassurance, the compromised personal data (names, contact details, purchase history) presents substantial risk. This combination of information creates a perfect foundation for highly targeted social engineering attacks against a particularly affluent customer base. The international dimension of this breach—affecting customers across multiple jurisdictions including South Korea and China—introduces complex regulatory compliance challenges. The reports from Korean media suggesting potential notification failures are particularly concerning, as timely and comprehensive regulatory notification have been a well-established compliance requirement for years.”

The fact that a high profile company such as Dior has been pwned shows that any organization is at risk. And by extension, every organization should take steps to make sure that their exposure to risk is a close to zero as possible.

UPDATE: I received a comment from Yotam Segev, Co-founder and CEO, Cyera:

“This breach appears to stem from a failure in data classification and access controls—Dior confirmed sensitive customer data was accessed, though financial data was not compromised. That points to a lack of centralized, real-time visibility into sensitive data and inconsistent protection policies. Luxury brands are often soft targets: they operate in complex, global environments but lack full data inventories and cohesive protections across markets. With regulatory implications across China and South Korea, this breach is a clear signal that data security posture management (DSPM) must become a boardroom and budget priority.”

1 Comment »

« Older Entries
Newer Entries »