Mozilla has announced today the release of Firefox Monitor, a free service to help users find out whether or not their accounts have been part of a breach. This new service was created in partnership with Troy Hunt's Have I been Pwned, whose data is being supplied to Mozilla to power the Firefox Monitor service.
A huge database with email addresses, passwords in clear text, and partial credit card data has been uploaded to a free, public hosting service.
A Czech court recently sentenced two hackers to three years in prison for accessing Vodafone customer's mobile accounts and use them to purchase 600,000 Czech Koruna worth of gambling services. Vodafone reportedly wants the hacked victim's to pay for these charges as they were using an easy password of "1234".
SuperProf, a website that provides tutoring services on various topics, has acquired a fellow service, The Tutor Pages, and migrated its userbase to its own service.
Login passwords for tens of thousands of Dahua devices have been cached inside search results returned by ZoomEye, a search engine for discovering Internet-connected devices (also called an IoT search engine).
A person's fingers leave thermal residue on keyboard keys that a malicious observer could record and later determine the text a user has entered on the keyboard, according to a recently published research paper by three scientists from the University of California, Irvine (UCI).
Microsoft will soon enable multi-factor authentication (MFA) for all high-privileged Azure AD accounts, the company said on Friday.
For the fourth time in as many months, Cisco has removed hardcoded credentials that were left inside one of its products, which an attacker could have exploited to gain access to devices and inherently to customer networks.
Chrome has a surprising amount of features that are hidden or not well known that can offer a great deal of functionality for users. One of these features, is a built-in password generator that can be used to create strong passwords when creating new accounts and a password manager called Smart Lock that stores these passwords .
A study carried out at a college in the Philippines shows that students with better grades use bad passwords in the same proportion as students with bad ones.
Following an internal audit, Twitter admitted today that due to a bug in its password storage mechanism it accidentally logged some users' passwords in internal logs.
In an email sent out today, GitHub has warned a select number of users that a bug in its password reset functionality has recorded users' passwords in plaintext format inside the company's internal logs.
PDF files can be weaponized by malicious actors to steal Windows credentials (NTLM hashes) without any user interaction, and only by opening a file, according to Assaf Baharav, a security researcher with cyber-security Check Point.
Three major browser makers —Google, Microsoft, and Mozilla—have put their official backing behind a new W3C API called Web Authentication (WebAuthn) that is advertised as a reliable alternative to passwordless online authentication.
Cisco removed today a backdoor account from its IOS XE operating system that would have allowed a remote attacker to log into Cisco routers and switches with a high-privileged account.
macOS High Sierra users are once again impacted by a major APFS bug after two other major vulnerabilities affected Apple's new filesystem format in the last five months.
The work that Australian security researcher Troy Hunt has done with the Have I Been Pwned project is yielding useful tools that developers and webmasters can now use to make sure users stop using silly and easy to guess passwords.
Websites built using the Anchor CMS may be accidentally exposing their database passwords in publicly-facing error logs, Dutch security researcher Tijme Gommers has discovered.
Mixpanel, a web and mobile analytics provider, has notified customers last week via email that it accidentally collected data entered in password fields due to a bug introduced in its SDK.