Forcepoint X-Labs Uncovers SmartScreen Evasion Campaign Abusing ScreenConnect for Persistent Remote Access

Posted in Commentary with tags on February 11, 2026 by itnerd

Authored by Mayur Sewani, Senior Security Researcher, Forcepoint X-Labs researchers observed:

A campaign in which a spoofed email impersonating the U.S. Social Security Administration delivers a malicious attachment designed for silent execution and privilege escalation

The script disables Windows SmartScreen, removes the Mark-of-the-Web, and installs a legitimate ScreenConnect client that is then abused as a Remote Access Trojan (RAT) to maintain command-and-control access. 

Notably, the ScreenConnect client analyzed was signed with a certificate that had been explicitly revoked, underscoring how attackers are leveraging trusted tooling to evade detection. 

The compromised host ultimately establishes encrypted communications with a remote server linked to Iranian network infrastructure, enabling data exfiltration activity. 

Why This Matters

This research highlights a growing defensive challenge: attackers increasingly bypass traditional security controls by modifying system protections and repurposing legitimate IT management software. The findings reinforce the need for organizations to block revoked software, enforce strict RMM allowlists, and monitor for security-control tampering.

You can read the research here: ScreenConnect Attack: SmartScreen Bypass and RMM Abuse

Leave a comment »

AI Adoption Report from Nudge Security Reveals How Widespread AI Use Is Transforming Security Governance

Posted in Commentary with tags on February 11, 2026 by itnerd

Nudge Security, the leading innovator in SaaS and AI security governance, today announced the findings of its newest report, AI Adoption in Practice: What Enterprise Usage Data Reveals About Risk and Governance, which provides revealing insights into workforce AI adoption and usage patterns. The report found that AI use has moved beyond experimentation and general-purpose chat tools, and is now embedded into workflows, integrated with core business platforms, and increasingly capable of taking autonomous action.

The research report is based on anonymized and aggregated telemetry collected across Nudge Security customer environments. Rather than relying on surveys or self-reported usage, this analysis is grounded in direct observation of AI activity within enterprise environments. The percentages referenced below reflect the % of organizations using each tool, unless otherwise noted.

The report’s key findings include:

  • Usage of core LLM providers is nearly ubiquitous. OpenAI is present in 96.0% of organizations, with Anthropic at 77.8%
  • The most-used AI tools are diversifying beyond chat. Meeting intelligence (Otter.ai at 74.2%, Read.ai at 62.5%), presentations (Gamma at 52.8%), coding (Cursor at 48.4%), and voice (ElevenLabs at 45.2%) are now widely present.
  • Agentic tooling is emerging. Agent tools like Manus (22%), Lindy (11%), and Agent.ai (8%) are establishing an early footprint.
  • Integrations are prevalent and varied. OpenAI and Anthropic are most commonly integrated with the organization’s productivity suite, as well as knowledge management systems, code repositories, and other tools.
  • Usage is concentrated. Among the most active chat tools observed, OpenAI accounts for 66.8% of prompt volume and Google Gemini for 29.6% (together 96.4%).
  • Data egress via prompts is non-trivial. 17% percent of prompts include copy/paste and/or file upload activity.
  • Sensitive data risks skew toward secrets. Detected sensitive-data events are led by secrets and credentials (47.9%), followed by financial information (36.3%) and health-related data (15.8%).

AI governance in practice differs from this reality

AI governance has emerged as a top priority for security and risk leaders, but many programs remain narrowly focused on vendor approvals, acceptable use policies, or model-level risk. While necessary, these controls alone are insufficient. As this research illustrates, the most consequential AI risks now stem from how employees actually use AI tools day to day—what data they share, which systems AI is connected to, and how deeply AI is embedded into other tools and operational workflows. Understanding these intersections—between people, permissions, and platforms—is the foundation of effective AI security.

To download the report, visit https://www.nudgesecurity.com/content/ai-adoption-in-practice.

Leave a comment »

Inside Gunra RaaS – Dark Web Affiliate Infiltration & Technical Dissection

Posted in Commentary with tags on February 11, 2026 by itnerd

CloudSEK’s threat intelligence team has just published an in-depth investigation into Gunra, a rapidly emerging Ransomware-as-a-Service (RaaS) operation that has formalized its affiliate recruitment on the dark web.

What makes this report significant is that their researchers successfully infiltrated the affiliate program, gaining access to:

  • The live RaaS management panel
  • Affiliate documentation (operator guide)
  • A functional ransomware locker sample for full reverse engineering
     

Key findings include:

  • Gunra operates a professionalized RaaS business model, lowering the barrier for cybercriminals through structured affiliate onboarding.
  • The locker uses a ChaCha20 + RSA-4096 hybrid encryption model, making decryption cryptographically infeasible without attacker-controlled private keys.
  • The malware executes fully offline, bypassing network-based detection during encryption.
  • It implements multi-threaded parallel encryption, enabling rapid filesystem-wide impact within minutes.
  • The ransomware performs surgical targeting, excluding system directories (C:\Windows, Program Files) to maintain operability and ensure ransom payment.
  • Embedded Tor payment infrastructure and hardcoded credentials streamline victim-to-operator communication.
  • Complete MITRE ATT&CK mapping and actionable IOCs are included for defenders.
     

This report provides rare insight into both the business infrastructure and technical core of a growing RaaS operation.

Full report: https://www.cloudsek.com/blog/inside-gunra-raas-from-affiliate-recruitment-on-the-dark-web-to-full-technical-dissection-of-their-locker 

Leave a comment »

Volume of OpenClaw public internet exposures spirals

Posted in Commentary with tags on February 10, 2026 by itnerd

In a report published yesterday, SecurityScorecard’s STRIKE threat intelligence team identified a widespread exposure problem affecting the OpenClaw open-source, vibe-coded AI agent platform, with more than 135,000 instances of the software publicly exposed to the internet. This is in addition to previously known vulnerabilities in the platform.

   “Our findings reveal a massive access and identity problem created by poorly secured automation at scale. Convenience-driven deployment, default settings, and weak access controls have turned powerful AI agents into high-value targets for attackers,” the STRIKE team wrote in the report.

OpenClaw’s bot extensions “skill store” had three high-risk CVEs attributed to it in recent weeks, and it’s also been documented that its various skills can be cracked fairly easily exposing API keys, credit card numbers, PII, and other data valuable to cybercriminals. 

Just a few hours after publication of the report, as the number of internet-facing OpenClaw instances associated with known threat actor IPs increased, the number of identified vulnerable systems on STRIKE’s live OpenClaw threat Dashboard increased by 40,000, the number of RCE-vulnerable instances went from 12,812 to more than 50,000, the number of instances detected that were linked to previously reported breaches had gone from 549 to over 53,000.

Researchers recommend OpenClaw users immediately change the default network connection so it’s configured to point to a localhost. 

   “Out of the box, OpenClaw binds to `0.0.0.0:18789`, meaning it listens on all network interfaces, including the public internet. For a tool this powerful, the default should be `127.0.0.1` (localhost only). It isn’t,” STRIKE noted.

Ryan McCurdy, VP of Marketing, Liquibase:

   “This is what automation at scale looks like when controls lag behind speed. Teams are moving fast but security and governance have to start with safe defaults, tight network exposure, and auditable access. Otherwise, the first misconfiguration becomes a repeatable incident pattern.”

Michael Bell, Founder & CEO, Suzu Labs:

   “135,000 OpenClaw instances are listening on the public internet right now. Most have no authentication. Most are running versions with known RCE vulnerabilities and public exploit code. The platform binds to all network interfaces by default, and the numbers tell you how many users changed that setting.

   “We just saw the same fundamental problem with Claude Desktop Extensions last week. AI agent platforms keep shipping with full system access and no trust boundaries. OpenClaw is what that looks like at scale. 78% of exposed instances haven’t applied the critical patches from January 29. Some are running on infrastructure previously linked to Kimsuky, APT28, and Salt Typhoon. And this isn’t hobbyists in garages. STRIKE found exposed instances in financial services, healthcare, government, and education.

   “A privileged service account with no password on an internet-facing server would get someone fired. An AI agent with the same access level and the same exposure is somehow a feature.”

John Carberry, Solution Sleuth, Xcape, Inc.:

   “The widespread exposure of over 175,000 OpenClaw instances serves as a stark warning about the perils of “vibe-coded” AI agents that prioritize ease of use over fundamental security. By defaulting to a 0.0.0.0:18789 binding, OpenClaw effectively opened the door for the public Internet to engage with potent autonomous agents holding direct access to sensitive API keys and PII.

   “This “convenience-first” approach has generated a vast, automated attack surface, with over 50,000 instances now confirmed vulnerable to Remote Code Execution (RCE). The rapid increase in systems connected to known threat actor IPs, observed within hours of the SecurityScorecard report, indicates that cybercriminals are leveraging the same speed of automation for weaponization as developers used for deployment. What’s particularly alarming is how swiftly AI tools designed for convenience can lead to widespread access and identity breaches when basic safeguards are absent.

   “For security teams, immediate action is imperative: limit network exposure by configuring listening IP Addresses to only those required, revoke and reissue all potentially compromised keys and secrets, scan for misconfigurations using tools like Nuclei or Shodan, scrutinize skill extensions for vulnerabilities, implement Zero Trust principles for AI infrastructure, and operate under the assumption of compromise for systems with default configurations.

   “In the long run, SOC teams must manage AI agents with the same rigor as any other privileged infrastructure, implementing robust default security settings, continuous monitoring, and adherence to the principle of least privilege.

   “If you don’t vibe-code your defaults to localhost, hackers will vibe off your information. In short, don’t use these inherently flawed software.”

Vibe coding is a thing. But perhaps it shouldn’t be based on this. What are your thoughts on this? Please leave a comment and share what you think.

Leave a comment »

Abstract Security Blog: How a single compromised VM can quietly inherit cloud trust and move across Azure w/out touching the network

Posted in Commentary with tags on February 10, 2026 by itnerd

Abstract Security just published a blog this morning: Moving Laterally through Abuse of Managed Identities attached to VMs.  The blog was written by Abstract’s ASTRO research organization.

The research talks about how to put some detection for some type of managed identity abuse. Since managed Identities are very useful tools for the proper functioning of an Azure environment, it becomes difficult in case there are multiple resources attached to a single Managed Identity.

This can lead to the abuse of managed identities. Even though detection may vary depending on environment. For example, there might be some script which uses managed Identities to access other resources like another Virtual Machine. Therefore, this detection is very generalized form of detecting some type of managed identity abuse.

You can read the blog post here: https://www.abstract.security/blog/moving-laterally-through-abuse-of-managed-identities-attached-to-vms

Leave a comment »

February Patch Tuesday Commentary From Fortra

Posted in Commentary with tags on February 10, 2026 by itnerd

By Tyler Reguly, Associate Director, Security R&D, Fortra

On first pass, this month looks pretty reasonable – 60 CVEs, including one assigned by the Chrome CNA. When you look a little more closely, you start to realize that there is a lot going on here. February can be a bit of a cold, dull month, but Microsoft has decided to heat things up a bit. The good news, there’s not a lot of CVEs to deal with, the bad news, there’s actually a lot to unpack here.

We can’t ignore the fact that there are 6 actively exploited vulnerabilities included in this month’s patch drop. 10% of this month’s vulnerabilities are listed by Microsoft as exploit detected. That’s a significant portion of them.

There’s some common language in there too, with vulnerabilities impacting Windows Shell (CVE-2026-21510), MSHTML Framework (CVE-2026-21513), and Microsoft Word (CVE-2026-21514) all including the words ‘security feature bypass.’ Similarly, two of these vulnerabilities – CVE-2026-21519 in Desktop Windows Manager and CVE-2026-21533 in Windows Remote Desktop Services – both allowing elevation of privilege to SYSTEM. The odd vulnerability out in this list is the Windows Remote Access Connection Manager vulnerability (CVE-2026-21525) because it is a local denial of service, something that Microsoft often rejects – refusing to assign CVEs and issue patches for these types of vulnerabilities on a regular basis.

The upside to this many actively exploited vulnerabilities? They are easy to resolve with regular Microsoft patches for Windows and Office and none of them require any post patch configuration steps.

If I’m a CSO this month, I’m less concerned about what my desktop and server security teams are patching and more concerned with my cloud ops teams. Sure, there are a lot of actively exploited vulnerabilities, but the normal patching process will resolve those. The 10 Azure CVEs representing 16.6% of the CVEs released this month are what I would be concerned about. While 3 of these (CVE-2026-21532, CVE-2026-24300, and CVE-2026-24302) are all marked as ‘No Customer Action Required,’ I’d still want to ensure that there was no evidence of issues in my cloud (or cloud adjacent) environments. For the other 7 CVEs, however, I’d hope that my team is looking closely at the variety of fixes that need to be performed to upgrade my environment.

It’s rather amusing to me to watch as we migrate everything to the cloud. With on-prem deployments, the vulnerability resolution process is mature – we know what patches look like, how to find unpatched software, and how to roll out the standard patch to multiple systems. With the cloud, we rely on scripts, full app replacements, and manual configuration to resolve a lot of the vulnerabilities. This puts a lot more pressure on the cloud ops team to fix these as well as the development teams that may be utilizing the related SDKs. This shifts the responsibility for maintaining systems away from traditional vulnerability management programs and may present headaches to CSOs trying to inventory and track the usage of these components in their environments.

Leave a comment »

Social network for doctors Sermo breached by ransomware attack

Posted in Commentary with tags on February 10, 2026 by itnerd

Comparitech is reporting that Sermo, a social network for doctors, yesterday confirmed it notified 2,674 people of a March 2024 data breach that leaked Social Security numbers.

Rebecca Moody, Head of Data Research, commented: 

“There are two concerning elements to this breach — first, the lengthy delay in notifying those involved in the initial breach from March 2024, and second, the fact that another ransomware gang claimed an attack on the organization nearly a year later. Medusa, the gang behind the second claim, isn’t known for making false claims, so we could likely see a further notification for this attack if users’ or employees’ data was breached. 

I would highly recommend that any user or employee of Sermo, whether they’re part of the 2024 breach or not, be on high alert for any suspicious activity (checking back through historic activity and monitoring things going forward) and take up some form of identity theft protection/monitoring.”

Well this sucks because it took a real long time for this to come to light. Nothing good will happen because of that. Let that be a lesson those in a similar position.

Leave a comment »

OVHcloud unveils Bare Metal 2026 line-up powered by the latest AMD processors

Posted in Commentary with tags on February 10, 2026 by itnerd

In a context where organizations have to juggle with unprecedented volumes of data, run even more heterogeneous tasks all while keeping control of their costs and environmental impact, OVHcloud, a global cloud player and the European Cloud leader, unveils its new Bare Metal 2026 generation of dedicated servers.

The new line-is up built around the latest AMD Ryzen and AMD EPYC processors and is designed to offer cost-effective power while providing unparalleled resiliency, enabling organisations of all size to address use cases including machine learning, blockchain, large scale virtualization or hosting of online games.

Bare Metal 2026 serving digital transformation of businesses
With organisations accelerating their digital transformation, uses cases abound: databases, virtualization, containerization, etc. As a result, OVHcloud offers a robust and durable Bare Metal platform for organisations that constantly need to adapt themselves while making the most of their budgets thanks to cost predictability.

Addressing those challenges require processors with high core count to handle unprecedented amounts of tasks in parallel, high-speed DDR5 memory, a vast choice of rapid storage, and a performance per watt ratio to optimise the infrastructure sustainability footprint. 

The Bare Metal 2026 line-up also benefits from a network connection, with unlimited traffic, designed for modern architectures with an unlimited guaranteed public bandwidth ranging from 1 to 5 Gbit/s depending on the models, and a private bandwidth of up to 50 Gbit/s that prove ideal for clusters, virtualization or distributed environments. 

The complete Bare Metal 2026 line-up includes:

  • Rise 2026: These new generation versatile servers are the perfect match for intensive workloads, web environments and light virtualization business needs. They boast AMD Ryzen or EPYC x86 processors built on the Zen 5 microarchitecture. Available now in Europe and Canada.
  • Game 2026: Designed to host online video games sessions, the Game 2026 servers handle virtual machines ideal for gaming environments and offer resiliency with OVHcloud’s built-in Anti-DDoS solution. Leveraging AMD Ryzen 9000 X3D series x86 processors operating at high frequencies, this range provides Level 3 cache memory that helps keep latencies low for a smooth gaming experience. Available now in Europe, Canada and The United States.
  • Advance 2026: SSupporting validation nodes and other blockchain system components, Advance 2026 servers are equally adapted for hosting, database management or cluster deployment of high-performance containers. They are powered by AMD EPYC 4005 x86 processors with up to 16 cores/32 threads with DDR5 ECC memory. They benefit from a 99.95% SLA and are available now in Europe, Canada, The United States and APAC.
  • Scale 2026: Designed for the most demanding use cases including big data, analytics or high-performance computing, the Scale 2026 range supports AMD SEV technology for confidential computing workloads. Tailored for the most ambitious projects and available for deployment in 3-AZ configurations answering resiliency requirements, Scale 2026 servers are built around AMD EPYC 9005 series x86 processors, with up to 384 cores/768 threads (dual socket) and up to 3 TB of DDR5 ECC memory. Storage options can be configured with up to 92 TB of NVMe drives. Scale 2026 servers are available now in Europe, Canada, The United States and APAC.

Sustainability and data protection
Bare Metal 2026 dedicated servers benefit from OVHcloud’s proven infrastructure expertise, delivered from energy-efficient data centers thanks to the Group’s responsible model leveraging watercooling. Data security and protection are backed by internationally recognized standards, including ISO27001 certification, and by a strong European approach to data sovereignty, helping customers maintain control over where their data is stored and how it is accessed.

Learn more about OVHcloud Bare Metal 2026 servers

Leave a comment »

Nikon Introduces the ACTION and ACTION ZOOM Binoculars 

Posted in Commentary with tags on February 10, 2026 by itnerd

Nikon Vision Co., Ltd., (Nikon Vision), a subsidiary of Nikon Corporation (Nikon), has announced the introduction of the new ACTION and ACTION ZOOM binocular series. Whether birding, hiking or spotting the scenery, these new binoculars give users an affordable option for incredible clarity at a variety of distances.

These new ACTION series are the successor models to the popular and highly acclaimed ACULON A211 binoculars, which are the standard Porro prism type models in Nikon’s binocular lineup. The ACTION and ACTION ZOOM series consists of seven models: 8×42, 10×42, 7×50, 10×50, 12×50, 16×50 and 10-22×50. All models feature newly developed optical systems as well as new exterior designs, giving users enhanced handling and usability and improved performance for both optical quality and ergonomic handling compared to previous models.

The 10×42, 12×50, and 16×50 models provide an apparent field of view of 60 degrees or more, qualifying them as wide field of view models. Eye relief has also been extended for most of the models in the series (except the 16×50 model), offering long eye relief of 15mm or more — ensuring comfortable viewing even while wearing eyeglasses or sunglasses.

Regarding the exterior design, the new series adopts an ergonomic form that provides excellent operability and a secure, comfortable grip. The binocular body employs aluminum alloy and is encased in rubber armour that ensures a secure grip and comfortable handling, realizing high durability which users can confidently rely on.

In addition, the ACTION Series offers improved specifications in a wide-ranging lineup of models, with attractive pricing. This makes the ACTION and ACTION ZOOM series models an ideal choice for both those who are new to binoculars, as well as experienced users seeking reliable performance.

Key Features of the ACTION Series:

  • Ergonomic design for excellent handling and a secure grip
  • Multilayer-coated lenses and large objective lens diameter for delivering bright, clear images
  • Rubber armouring for shock resistance and a firm, comfortable grip
  • Aluminum alloy body employed for enhanced durability
  • Long eye relief design ensures a clear field of view, even for eyeglass wearers (except 16×50)
  • Turn-and-slide rubber eyecups with multi-click facilitate easy positioning of eyes at the correct eyepoint (except 10-22×50)
  • Wide apparent field of view (61.4° for 10×42, 60.8° for 12×50, 60.8° for 16×50)
  • Smooth zoom function via the zoom lever (10-22×50 only)
  • Compatible with a tripod using optional tripod adapter (TRA-2 and TRA-3)

Price and Availability

The new Nikon ACTION series of Binoculars will be available in early March 2026 for the following Manufacturer’s Suggested Retail (MSRP) pricing: ACTION 8×42 – $149.95, ACTION 10×42 -$159.95, ACTION 7×50 – $169.95, ACTION 10×50 – $184.95, ACTION 12×50 – $189.95, ACTION 16×50 – $214.95, ACTION ZOOM -10-22×50-$259.95.

For more information about current Nikon products, please visit www.nikon.ca

Specifications:

ACTION 8×42ACTION 10×42ACTION 7×50ACTION 10×50ACTION 12×50ACTION 16×50ACTION ZOOM 10-22×50
Magnification (×)810710121610-22
Effective diameter of objective lens (mm)42425050505050
Angular field of view (real) (˚)86.86.46.45.64.23.9*2
Angular field of view (apparent) (˚)*158.461.442.758.460.860.837.6*2
Eye relief (mm)17.316.119.617.316.11316.3*2
Length (mm/in.)149/5.9149/5.9193/7.6185/7.3185/7.3185/7.3202/8.0
Width (mm/in.)193/7.6193/7.6200/7.9200/7.9200/7.9200/7.9200/7.9
Depth (mm/in.)59/2.359/2.366/2.666/2.666/2.666/2.666/2.6
Weight (g/oz.)790/27.9790/27.9935/33.0935/33.0945/33.3940/33.2950/33.5

Leave a comment »

Guest Post: From “admin” to “admin1” — why hackers love minor tweaks in your login credentials

Posted in Commentary with tags on February 10, 2026 by itnerd

A new analysis reveals that a common habit of making small tweaks to existing passwords — such as adding a number or changing a symbol in an existing password, instead of creating a unique one — is a massive security risk that hackers easily exploit. Despite company policies and security training, this widespread practice of using near-identical passwords remains one of the biggest, most underestimated threats, cybersecurity experts warn.

This risky behaviour is indeed widespread. NordPass’ password reuse survey reveals that 62% of Americans, 60% of Brits, and 50% of Germans reuse passwords across multiple online accounts. On average, people reuse passwords for about five accounts, with one-fifth admitting to reusing them for 10 or more accounts. 

“This risky habit, affecting nearly three in five users, creates a domino effect of vulnerability, where a single compromised password can unlock an entire digital life,” says Karolis Arbaciauskas, head of product at NordPass

Adding a letter, a number, or a symbol

According to the survey data, 68% of Americans who reuse passwords make at least some changes before reusing them. The same is true for 62% of Brits and 61% of Germans. The most common change is adding or changing a number, symbol, or letter.

“Such a lax approach to security can result in stolen data or an emptied bank account, and a lot of anxiety,” says Arbaciauskas. “However, I must agree that, in terms of sheer damage that a threat actor could do, this practice is an especially dangerous phenomenon in the corporate environment. Because it technically does not violate most password policies, and it often stays unnoticed by administrators. This way, it can become an entry point for threat actors, who would gladly extort or blackmail the company.”

Most common variations 

In the “Top 200 most common passwords 2025” list, researchers found 119 nearly identical passwords, which were divided into seven approximate groups:

  • Sequential number variations. Examples: 12345, 123456, 1234567,987654321.
  • “Admin” variations. Examples: admin, Admin, adminadmin, admin123.
  • “Password” variations. Example: password, Password1, p@ssw0rd, Passw0rd.
  • Keyboard pattern variations. Examples: qwerty, qwerty123, abcd1234, Abcd@1234.
  • Repetitive pattern variations. Examples: 11111111, 111111111, aa112233, aabb1122.
  • Common word variations. Examples: welcome, Welcome1, test123, Test@123.
  • Prefix/suffix variations. Examples: a123456, Aa123456, Aa@123456, 12345678a.

The most numerous groups are sequential number variations, keyboard pattern variations, and repetitive pattern variations.

“This is just a rough breakdown, based on variations of the same passwords. However, in principle, all 200 passwords can be placed into certain predictable categories. For example, when compiling the list itself, we noticed that popular names and surnames, place names, swear words, brand names and equivalents of the word ‘password’ in various languages, are often used as passwords. Often with added numbers or special characters. Those passwords feel unique, but are all predictable patterns. Threat actors know this, and the automated hacking tools they use, most certainly can apply common transformations, such as adding or changing characters, and incrementing numbers,” says Arbaciauskas.

Why do people reuse passwords?

A third of internet users who reuse passwords say they do it because they have too many accounts to manage different passwords for each one. About 25% say that they find it inconvenient to create and manage unique passwords. 

“People reuse passwords because it’s easier that way. Between work tools, financial apps, subscriptions, social networks, online shopping, and gaming, the number of accounts adds up quickly. The average person has around 170 passwords. Remembering unique passwords for all of them isn’t realistic. But it is worrying that, despite repeated warnings, about 10% of respondents still don’t think there’s a significant risk in reusing passwords. This mindset is a disaster waiting to happen. Threat actors could gain access to all your accounts, your identity could be stolen, and your credit card — maxed out, or a loan could be taken out in your name. In a corporate setting, this behaviour could cost millions, if you let ransomware in,” says Arbaciauskas.

Password safety tips

According to Arbaciauskas, a few general rules can greatly improve digital hygiene and help avoid falling victim to cyberattacks due to ineffective password management:

  • Security training. Many companies are already doing this. Although this doesn’t always work — sometimes even cybersecurity professionals get fooled — training bears fruit. Companies that run regular security workshops experience fewer cases of reused credentials, and employees often use this knowledge in personal life.
  • Password policies and technologies. Companies should have robust password policies. Ideally, the company’s system would automatically compare newly created passwords with those already leaked on the dark web and prevent the creation of one that is the same or very similar to the one already leaked. It’s best to use password generators for both personal and work accounts.
  • Multi‑factor authentication (MFA). So far, this is the most reliable and convenient way to provide additional protection for business and personal accounts. MFA, which requires you to provide a one-time code when logging in, can stop account takeover even when the threat actors have your password.
  • Password manager. It can help you generate, store, manage, and safely share passwords. A password manager removes the need to rely on memory altogether. Instead of trying to come up with something clever or easy to remember it creates long, random passwords that don’t follow patterns. And you don’t need to remember them — just autofill or copy paste.
  • Consider passkeys. A passkey pairs public‑key cryptography with device biometrics, so there’s nothing to type, nothing to forget, and nothing to reuse. Although adoption is somewhat slower than expected, many major platforms already support them. Where passkeys are unavailable, turn on MFA.

Leave a comment »

« Older Entries
Newer Entries »