Blog Layout

June Newsletter

Jun 07, 2023

Inside the Newsletter | June 2023

 

IS IT TIME TO DITCH THE PASSWORDS FOR MORE SECURE PASSKEYS?

Passwords are the most used method of authentication, but they are also one of the weakest. Passwords are often easy to guess or steal. Also, many people use the same password across several accounts. This makes them vulnerable to cyber-attacks. The sheer volume of passwords that people need to remember is large. This leads to habits that make it easier for criminals to breach passwords. Such as creating weak passwords and storing passwords in a non-secure way.  

 

61% of all data breaches involve stolen or hacked login credentials. In recent years a better solution has emerged – passkeys. Passkeys are more secure than passwords. They also provide a more convenient way of logging into your accounts.  

What is Passkey Authentication?  

Passkeys work by generating a unique code for each login attempt. This code is then validated by the server. This code is created using a combination of information about the user and the device they are using to log in.    You can think of passkeys as a digital credential. A passkey allows someone to authenticate in a web service or a cloud-based account. There is no need to enter a username and password.    This authentication technology leverages Web Authentication (WebAuthn). This is a core component of FIDO2, an authentication protocol. Instead of using a unique password, it uses public-key cryptography for user verification.   The user’s device stores the authentication key. This can be a computer, mobile device, or security key device. It is then used by sites that have passkeys enabled to log the user in.  

 

Advantages of Using Passkeys Instead of Passwords  

More Secure  

One advantage of passkeys is that they are more secure than passwords. Passkeys are more difficult to hack. This is true especially if the key generates from a combination of biometric and device data. Biometric data can include things like facial recognition or fingerprint scans. Device information can include things like the device’s MAC address or location. This makes it much harder for hackers to gain access to your accounts.  

More Convenient  

Another advantage of passkeys over passwords is that they are more convenient. With password authentication, users often must remember many complex passwords. This can be difficult and time-consuming. Forgetting passwords is common and doing a reset can slow an employee down. Each time a person has to reset their password, it takes an average of three minutes and 46 seconds. Passkeys erase this problem by providing a single code. You can use that same code across all your accounts. This makes it much easier to log in to your accounts. It also reduces the likelihood of forgetting or misplacing your password.   

Phishing-Resistant  

Credential phishing scams are prevalent. Scammers send emails that tell a user something is wrong with their account. They click on a link that takes them to a disguised login page created to steal their username and password. When a user is authenticating with a passkey instead, this won’t work on them. Even if a hacker had a user’s password, it wouldn’t matter. They would need the device passkey authentication to breach the account.  

HOW TO CREATE INSIGHTFUL DASHBOARDS IN MICROSOFT POWER BI

Data visualization is a powerful tool for communicating complex data. But it is not enough to simply create a graph or chart and call it a day. To truly make use of information, it is important to create insightful reports. Creating holistic and insightful reports requires the use of several data points. One tool that enables this is Microsoft Power BI.   

What Is Microsoft Power BI?  

Microsoft Power BI is a business intelligence tool. It allows you to connect many data sources to one dashboard. Using Power BI, you can easily model and visualize data holistically.   

Tips for Designing Great Data Visualization Reports  

Consider Your Audience  

  1. You should design reporting dashboards with the end user in mind. 
  2. CEOs and CFOs are interested in different aspects of the business, make the information interesting to them.
  3. What is it that this audience wants to see?
  4. Are they looking for bottom line sales numbers?
  5. Or do they want to cover insights that can help target productivity gaps?  

Don’t Overcomplicate Things  

Many times, less is more. If you find that your dashboard looks crowded, you may be adding too many reports. The more you add, the more difficult it is to read the takeaways from the data.   

Try Out Different Chart Types  

  1. Experiment with presenting your data in different ways.  
  2. Flip between bar, pie, and other types of charts to find the one that tells the story the best.  
  3. Just don’t go overboard. Keep it simple but interesting.  

Get to Know Power Query  

  1. Power Query is a data preparation engine.
  2. Take time to learn how to leverage this tool for help with:  
  3. Connecting a wide range of data sources to the dashboard  
  4. Previewing data queries  
  5. Building intuitive queries over many data sources  
  6. Defining data size, variety, and velocity  

Build Maps with Hints to Bing  

Bing and Power BI integrate, allowing you to leverage default map coordinates. Use best practices to utilize the mapping power of Bing to improve your geo-coding.  

Tell People What They Are Looking At  

A typical comment heard often when presenting executives with a new report is, “What am I looking at?” Tell your audience what the data means by using features like tooltips and text boxes to add context.  

Use Emphasis Tricks  

People usually read left to right and from top to bottom. So put your most important chart at the top, left corner. Follow, with the next most important reports.  

 

WHAT IS PUSH-BOMBING & HOW CAN YOU PREVENT IT?  

Cloud account takeover has become a major problem for organizations. Between 2019 and 2021, account takeover (ATO) rose by 307%. Many organizations use multi-factor authentication (MFA) as a way to stop fraudulent sign-ins.  

  But its effectiveness has spurred workarounds by hackers. One of these is push-bombing.  

 

How Does Push-Bombing Work?  

When a user enables MFA on an account, they typically receive a code or authorization prompt of some type. The user enters their login credentials. Then the system sends an authorization request to the user to complete their login. With push-bombing, hackers start with the user’s credentials and take advantage of that push notification process. They attempt to log in many times. This sends the legitimate user several push notifications, one after the other. When someone is bombarded with these, it can be easy to mistakenly click to approve access. Push-bombing is a form of social engineering attack designed to:  

  • Confuse the user
  • Wear the user down
  • Trick the user into approving the MFA request to give the hacker access  

Ways to Combat Push-Bombing at Your Organization  

  • Educate Employees  
  • Reduce Business App “Sprawl”  
  • Adopt Phishing-Resistant MFA Solutions  
  • Enforce Strong Password Policies  
  • Put in Place an Advanced Identity Management Solution  
  • Additionally, businesses can use identity management solutions to install contextual login policies.  

 

HOW TO USE CHATGPT AT YOUR BUSINESS RESPONSIBLY  

ChatGPT has revolutionized the way businesses interact with their customers. It has also affected how they get things done. Teams are using it for everything from emails to generating ideas for product names. The tool’s personalized and informative responses in real-time definitely draw you in. But integrating ChatGPT into your business operations requires careful consideration. You want to ensure that things don’t get out of hand with employees using the tool irresponsibly.   

  • Understand ChatGPT’s Weaknesses  
  • Define ChatGPT’s Role  
  •  Consider Customer Privacy  
  • Ensure Human Oversight
  • Integrate ChatGPT Into Your Existing Customer Service   
  • Measure Performance and Optimize   
  • Be Transparent About Using It  

 

7 WAYS TO SECURE YOUR WIRELESS PRINTER  

Many people worry about someone hacking their computer. But they’re not really thinking about their wireless printer getting breached. It’s a tool that most individuals use sporadically. For example, when you want to print out tax forms or mailing labels. Printers tend to be out of sight, out of mind. That is until you need to print something and run out of ink. Well, they’re not out of the mind of hackers. In fact, unsecured printers are a classic way for criminals to gain access to a home network.   

  1. Change the Default Login Credentials  
  2. Keep Printer Firmware Updated  
  3. Use a Network Firewall  
  4. Put Your Printer on a Guest Network  
  5. Disable Unused Ports or Services  
  6. Unplug It When Not in Use  
  7. Teach Your Family Cybersecurity Best Practices

 

6 IMMEDIATE STEPS YOU SHOULD TAKE IF YOUR NETFLIX ACCOUNT IS HACKED  

Netflix is one of the most popular and well-known streaming services. The platform has become an essential part of many people’s daily entertainment routines. Unfortunately, like any online service, Netflix accounts can be vulnerable to hacking. Hackers take advantage of “phishing overload.” Once they breach your account, they’re usually quiet for a bit, hoping you’ll mistake the Netflix suspicious login warning for a fake.  

Here are some things to do right away if you fear your account is hacked:  

  1. Go to the Netflix site & try to log in.  
  2. If you can log in, change your password immediately.  
  3. If you can log in, remove any strange payment methods  
  4. Contact Netflix support and let them know that you think you’ve been compromised. (Don’t skip this step)  
  5. Watch your bank statements.  
  6. Change the password for other accounts that used the same one as your Netflix account.  

The post June Newsletter appeared first on .

Security Lapse by Microsoft Employees Exposes Internal Passwords

26 Apr, 2024
In continuation of Microsoft’s series of data security incidents, employees accidentally exposed internal data to the public. The leak exposed an unprotected Azure storage server containing code, scripts, and configuration files. Microsoft has announced that it has fixed a security breach that exposed internal company credentials and files to the open internet. The breach was first discovered by security researchers from cybersecurity firm SOC Radar. According to their report, an internal error resulted in an Azure storage server without password protection being given public access. The exposed data was primarily related to Microsoft’s Bing search engine, including configuration files, code, and scripts that employees used to access a range of internal systems and databases. Consequently, bad actors could identify and access locations for Microsoft's internal data. So far, it has not been made clear how long the data has been exposed. Anuj Mudaliar Assistant Editor - Tech, SWZD opens a new window opens a new window Anuj Mudaliar is a content development professional with a keen interest in emerging technologies, particularly advances in AI. As a tech editor for Spiceworks, Anuj covers many topics, including cloud, cybersecurity, emerging tech innovation, AI, and hardware. When not at work, he spends his time outdoors - trekking, camping, and stargazing. He is also interested in cooking and experiencing cuisine from around the world.

AT&T experienced data breach that impacted 51 million customers (No one is immune)

26 Apr, 2024
AT&T is notifying 51 million former and current customers, warning them of a data breach that exposed their personal information on a hacking forum. However, the company has still not disclosed how the data was obtained. These notifications are related to the recent leak of a massive amount of AT&T customer data on the Breach hacking forums that was offered for sale for $1 million in 2021. When threat actor ShinyHunters first listed the AT&T data for sale in 2021, the company told BleepingComputer that the collection did not belong to them and that their systems had not been breached. Last month, when another threat actor known as 'MajorNelson' leaked the entire dataset on the hacking forum, AT&T once again told BleepingComputer that the data did not originate from them and their systems were not breached. After BleepingComputer confirmed that the data belonged to AT&T and DirectTV accounts, and TechCrunch reported AT&T passcodes were in the data dump, AT&T finally confirmed that the data belonged to them. While the leak contained information for more than 70 million people, AT&T is now saying that it impacted a total of 51,226,382 customers. "The [exposed] information varied by individual and account, but may have included full name, email address, mailing address, phone number, social security number, date of birth, AT&T account number and AT&T passcode," reads the notification. "To the best of our knowledge, personal financial information and call history were not included. Based on our investigation to date, the data appears to be from June 2019 or earlier." BleepingComputer contacted AT&T as to why there is such a large difference in impacted customers and was told that some of the people had multiple accounts in the dataset. "We are sending a communication to each person whose sensitive personal information was included. Some people had more than one account in the dataset, and others did not have sensitive personal information," AT&T told BleepingComputer. The company has still not disclosed how the data was stolen and why it took them almost five years to confirm that it belonged to them and to alert customers. Furthermore, the company told the Maine Attorney General's Office that they first learned of the breach on March 26, 2024, yet BleepingComputer first contacted AT&T about it on March 17th and the information was for sale first in 2021. While it is likely too late, as the data has been privately circulating for years, AT&T is offering one year of identity theft protection and credit monitoring services through Experian, with instructions enclosed in the notices. The enrollment deadline was set to August 30, 2024, but exposed people should move much faster to protect themselves. Recipients are urged to stay vigilant, monitor their accounts and credit reports for suspicious activity, and treat unsolicited communications with elevated caution. For the admitted security lapse and the massive delay in verifying the data breach claims and informing affected customers accordingly, AT&T is facing multiple class-action lawsuits in the U.S. Considering that the data was stolen in 2021, cybercriminals have had ample opportunity to exploit the dataset and launch targeted attacks against exposed AT&T customers. However, the dataset has now been leaked to the broader cybercrime community, exponentially increasing the risk for former and current AT&T customers. Update 4/10/24: Added statement from AT&T about discrepancy in numbers. BILL TOULAS Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks.

Home Depot Data Compromised Through Third-Party SaaS Misconfiguration

26 Apr, 2024
Home improvement retailer Home Depot confirmed with multiple publishers that it suffered a data break due to a third-party SaaS vendor inadvertently exposing a subset of employee data. IntelBroker, the threat actor behind the attack claims it has the information of 10,000 Home Depot employees. A Home Depot software vendor suffered a data breach leading to the compromise of an undisclosed number of employees. IntelBroker, the threat actor behind the attack claims it has the information of 10,000 Home Depot employees. Home improvement retailer Home Depot confirmed with multiple publishers that it suffered a data break due to a third-party software vendor inadvertently exposing a subset of employee data. Reportedly, the breach was caused by a misconfigured software-as-a-service (SaaS) application.
More Posts
Share by: