{"id":1273,"date":"2020-11-20T03:51:12","date_gmt":"2020-11-20T03:51:12","guid":{"rendered":"https:\/\/thenextweb.com\/?p=1328874"},"modified":"2020-11-20T03:51:12","modified_gmt":"2020-11-20T03:51:12","slug":"pardon-the-intrusion-31-stop-using-123456-as-your-password","status":"publish","type":"post","link":"https:\/\/www.londonchiropracter.com\/?p=1273","title":{"rendered":"Pardon the Intrusion #31: Stop using \u201c123456\u201d as your password"},"content":{"rendered":"\n<p><strong><em>Subscribe to this bi-weekly newsletter <a href=\"https:\/\/tnw.to\/newsletter\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">here<\/a>!<\/em><\/strong><\/p>\n<p><span>Welcome to the latest edition of Pardon The Intrusion, TNW\u2019s <\/span><a href=\"https:\/\/thenextweb.us1.list-manage.com\/track\/click?u=22ec88eb9b9d8bc3bcf660787&amp;id=37136e54f1&amp;e=0e200ae170\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">bi-weekly newsletter<\/a> in which we explore the wild world of security.<\/p>\n<p><span>And the yearly ritual continues.<\/span><\/p>\n<p><span>The list of <\/span><a href=\"https:\/\/nordpass.com\/most-common-passwords-list\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">worst passwords for 2020<\/a><span> is here, and it\u2019s every bit awful as you would expect.<\/span><\/p>\n<p><span>According to an analysis of 275,699,516 passwords by <\/span><a href=\"https:\/\/nordpass.com\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">NordPass<\/a><span>, a password manager service from the makers of NordVPN, it\u2019s becoming amply clear that a lot of people are still banking on simple, easy-to-guess passwords despite the constant threat of data breaches and other security threats.<\/span><\/p>\n<p><span>Coming in at number one is \u201c123456,\u201d and it was used 2,543,285 times. Ouch!<\/span><\/p>\n<p><span>\u201c123456789,\u201d \u201cpicture1,\u201d \u201cpassword,\u201d and \u201c12345678\u201d round up the remaining top four spots, with \u201cpicture1\u201d being the lone new entrant that would take about three hours to crack using a brute-force attack.<\/span><\/p>\n<p><span>But a password combination of letters and numbers is still a weak password as long as it can be deciphered.<\/span><\/p>\n<p><figure class=\"post-image post-mediaBleed aligncenter\"><img decoding=\"async\" loading=\"lazy\" class=\"aligncenter lazy\" src=\"https:\/\/mcusercontent.com\/22ec88eb9b9d8bc3bcf660787\/images\/5d69e417-8029-42e6-8303-4f4ecb9d6d03.png\" width=\"600\" height=\"296\" data-file-id=\"59354\" data-lazy=\"true\"><\/figure>\n<p><span>\u201cYour weak password can be used for credential stuffing attacks, where the breached logins are used to gain unauthorized access to user accounts,\u201d says Chad Hammond, security expert at NordPass.<\/span><\/p>\n<p><span>\u201cIf you fall victim to a credential stuffing attack, you might lose your Facebook or another important account with all its content. Also, your email address could be used for phishing attacks or for scamming your family and friends, who may very well fall for it, as the email will supposedly be coming from you.\u201d<\/span><\/p>\n<p><span>I get it. Remembering <\/span><a href=\"https:\/\/www.avg.com\/en\/signal\/how-to-create-a-strong-password-that-you-wont-forget\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">unique<\/a><span>, <\/span><a href=\"https:\/\/blog.avast.com\/strong-password-ideas\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">strong<\/a><span> <\/span><a href=\"https:\/\/support.google.com\/accounts\/answer\/32040?hl=en\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">passwords<\/a><span> for a gazillion online accounts isn\u2019t easy, especially this year with the shift to remote work.<\/span><\/p>\n<p><span>In a separate study published by NordPass last month, an average user was revealed to have around 100 passwords, up 25% from last year. That\u2019s a lot to keep track of!<\/span><\/p>\n<p><span>So what can be done to beef up your security? Use a password manager and turn on two-factor authentication wherever possible. At the same time, don\u2019t <\/span><a href=\"https:\/\/thenextweb.com\/newsletter\/2020\/10\/09\/pardon-the-intrusion-28-your-2fa-phone-got-stolen-now-what\/\" target=\"_blank\" rel=\"noopener noreferrer\">make the same mistake<\/a><span> I did by not noting down the backup codes.<\/span><\/p>\n<h3 class=\"h2 mso-font\"><span>What\u2019s trending in security?<\/span><\/h3>\n<p><span>US President Trump <\/span><a href=\"https:\/\/twitter.com\/realDonaldTrump\/status\/1328852354049957888\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">fired the director<\/a><span> of the Cybersecurity and Infrastructure Security Agency, <\/span><a href=\"https:\/\/www.forbes.com\/sites\/thomasbrewster\/2020\/11\/15\/bumble-vulnerabilities-put-facebook-likes-locations-and-pictures-of-95-million-daters-at-risk\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Bumble<\/a><span> and <\/span><a href=\"https:\/\/securityintelligence.com\/posts\/ibm-works-with-cisco-exorcise-ghosts-webex-meetings\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Cisco<\/a><span> fixed critical bugs, and Zoom agreed to <\/span><a href=\"https:\/\/www.ftc.gov\/news-events\/press-releases\/2020\/11\/ftc-requires-zoom-enhance-its-security-practices-part-settlement\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">enhance its security policies<\/a><span> after falsely claiming its video calls were protected by end-to-end encryption.<\/span><\/p>\n<ul>\n<li>\n<span>US President Donald Trump fired Chris Krebs, director of the Cybersecurity and Infrastructure Security Agency (CISA), for calling the recent November 3rd elections \u201c<\/span><a href=\"https:\/\/www.cisa.gov\/news\/2020\/11\/12\/joint-statement-elections-infrastructure-government-coordinating-council-election\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">the most secure in American history<\/a><span>.\u201d [<\/span><a href=\"https:\/\/twitter.com\/realDonaldTrump\/status\/1328852354049957888\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Twitter<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>Back in September, a German hospital patient died in what was alleged to be the first case of a ransomware attack directly responsible for a death. But investigation into the \u201cnegligent homicide\u201d case has now revealed the patient\u2019s health condition was so poor \u201cthe delay was of no relevance to the final outcome.\u201d [<\/span><a href=\"https:\/\/www.wired.co.uk\/article\/ransomware-hospital-death-germany\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">WIRED<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>Twitter hired legendary hacker and L0pht collective member Peiter \u201cMudge\u201d Zatko as its security chief. [<\/span><a href=\"https:\/\/www.reuters.com\/article\/us-twitter-security-idUSKBN27W2MB\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Reuters<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>Muslim Pro, a popular Muslim prayer and Quran app with over 98 million downloads, said it will <\/span><a href=\"https:\/\/www.vice.com\/en\/article\/jgqm5x\/us-military-location-data-xmode-locate-x\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">no longer share granular location data with X-Mode<\/a><span>, a company that sells that data to defense contractors and the US military. [<\/span><a href=\"https:\/\/www.vice.com\/en\/article\/g5bq89\/muslim-pro-location-data-military-xmode\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Vice<\/a><span>]<\/span>\n<\/li>\n<\/ul>\n<p><figure class=\"post-image post-mediaBleed aligncenter\"><img decoding=\"async\" loading=\"lazy\" class=\"aligncenter lazy\" src=\"https:\/\/mcusercontent.com\/22ec88eb9b9d8bc3bcf660787\/images\/1e9a15b9-a894-4c9d-be7c-56ebca4fe51d.gif\" width=\"540\" height=\"304\" data-file-id=\"59370\" data-lazy=\"true\"><\/figure>\n<\/p>\n<ul>\n<li>\n<span>The US Justice Department (DoJ) seized $1 billion in Bitcoin from an anonymous hacker by the name of \u201cIndividual X,\u201d who stole it from the Silk Road dark web marketplace before it was shut down by the FBI in 2013. [<\/span><a href=\"https:\/\/www.justice.gov\/usao-ndca\/pr\/united-states-files-civil-action-forfeit-cryptocurrency-valued-over-one-billion-us\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">DoJ<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>Certificate Authority Let\u2019s Encrypt has warned that phones running Android versions prior to 7.1.1 Nougat won\u2019t trust its root certificate starting in 2021, locking them out of many secure websites. [<\/span><a href=\"https:\/\/thenextweb.com\/plugged\/2020\/11\/09\/millions-of-websites-wont-load-on-over-30-of-android-devices-starting-next-year-but-theres-a-fix\/\" target=\"_blank\" rel=\"noopener noreferrer\">TNW<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>Security flaws in the Bumble dating app exposed 95 million users\u2019 info, including some people\u2019s Facebook data. Worse, it took the company over six months to address the issue after it was notified in March. [<\/span><a href=\"https:\/\/www.forbes.com\/sites\/thomasbrewster\/2020\/11\/15\/bumble-vulnerabilities-put-facebook-likes-locations-and-pictures-of-95-million-daters-at-risk\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Forbes<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>Cisco fixed a bug in its Webex conferencing app that could have allowed unauthenticated remote attackers to join ongoing meetings as \u201cghost\u201d participants and spy on potentially sensitive company secrets. [<\/span><a href=\"https:\/\/securityintelligence.com\/posts\/ibm-works-with-cisco-exorcise-ghosts-webex-meetings\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">IBM<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>Zoom agreed to enhance its security policies as part of a proposed settlement with the US Federal Trade Commission (FTC), after the company was accused of falsely claiming its video calls were protected by end-to-end encryption. [<\/span><a href=\"https:\/\/www.ftc.gov\/news-events\/press-releases\/2020\/11\/ftc-requires-zoom-enhance-its-security-practices-part-settlement\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">FTC<\/a><span>]<\/span>\n<\/li>\n<\/ul>\n<p><figure class=\"post-image post-mediaBleed aligncenter\"><img decoding=\"async\" loading=\"lazy\" class=\"aligncenter lazy\" src=\"https:\/\/mcusercontent.com\/22ec88eb9b9d8bc3bcf660787\/images\/89ee799c-1f3f-4d7b-971f-018838069d90.gif\" width=\"600\" height=\"337\" data-file-id=\"59362\" data-lazy=\"true\"><\/figure>\n<\/p>\n<ul>\n<li>\n<span>Ransomware gangs have blogs where they publish data stolen from companies that refuse to make an extortion payment. Now, a crime group has started using hacked Facebook accounts to run ads publicly pressuring their ransomware victims into paying up. [<\/span><a href=\"https:\/\/krebsonsecurity.com\/2020\/11\/ransomware-group-turns-to-facebook-ads\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Krebs on Security<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>Criminal gangs that offer ransomware-as-a-service (RaaS), aka renting ransomware to other groups, have grown so popular that there are currently around 25 RaaS offerings being advertised on the underground hacking scene. [<\/span><a href=\"https:\/\/public.intel471.com\/blog\/ransomware-as-a-service-2020-ryuk-maze-revil-egregor-doppelpaymer\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Intel 471<\/a><span>]<\/span>\n<\/li>\n<li>\n<span>The European Parliament announced new rules for exporting surveillance technologies, such as spyware, outside of the EU. The intention is to limit authoritarian regimes from secretly getting their hands on European cyber-surveillance tools. [<\/span><a href=\"https:\/\/www.cyberscoop.com\/european-union-parliament-export-spyware-surveillance\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">CyberScoop<\/a><span>]<\/span>\n<\/li>\n<li>A hacking group that researchers believe is working for Vietnam\u2019s government ran almost twenty fake websites and several Facebook pages in an attempt to gather information on visitors and infect some of them with malware. [<a href=\"https:\/\/www.volexity.com\/blog\/2020\/11\/06\/oceanlotus-extending-cyber-espionage-operations-through-fake-websites\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Volexity<\/a>]<\/li>\n<li>\n<span>The last fortnight in data breaches, leaks and ransomware: <\/span><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/cold-storage-giant-americold-hit-by-cyberattack-services-impacted\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Americold<\/a><span>, <\/span><a href=\"https:\/\/cybleinc.com\/2020\/11\/07\/bigbasket-indias-leading-online-supermarket-shopping-allegedly-breached-personal-details-of-over-20-million-people-sold-in-darkweb\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Big Basket<\/a><span>, Brazil\u2019s <\/span><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/brazils-court-system-under-massive-ransomexx-ransomware-attack\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Superior Court of Justice<\/a><span>, <\/span><a href=\"https:\/\/www.zdnet.com\/article\/italian-beverage-vendor-campari-knocked-offline-after-ransomware-attack\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Campari<\/a><span>, <\/span><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/capcom-hit-by-ragnar-locker-ransomware-1tb-allegedly-stolen\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Capcom<\/a><span>, <\/span><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/retail-giant-cencosud-hit-by-egregor-ransomware-attack-stores-impacted\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Cencosud<\/a><span>, <\/span><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/coil-payments-platform-leaks-user-emails-in-privacy-policy-update\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Coil<\/a><span>, <\/span><a href=\"https:\/\/www.zdnet.com\/article\/compal-the-second-largest-laptop-manufacturer-in-the-world-hit-by-ransomware\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Compal<\/a><span>, <\/span><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/revil-ransomware-hits-managedcom-hosting-provider-500k-ransom\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Managed.com<\/a><span>, <\/span><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/biotech-research-firm-miltenyi-biotec-hit-by-ransomware-data-leaked\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Miltenyi Biotec<\/a><span>, <\/span><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/the-north-face-resets-passwords-after-credential-stuffing-attack\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">The North Face<\/a><span>, and <\/span><a href=\"https:\/\/www.zdnet.com\/article\/info-of-27-7-million-texas-drivers-exposed-in-vertafore-data-breach\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Vertafore<\/a><span>.<\/span>\n<\/li>\n<\/ul>\n<h3 class=\"h2 mso-font\">Data Point<\/h3>\n<p><a href=\"https:\/\/blogs.microsoft.com\/on-the-issues\/2020\/11\/13\/health-care-cyberattacks-covid-19-paris-peace-forum\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Healthcare systems<\/a><span>, educational institutions, and <\/span><a href=\"https:\/\/research.checkpoint.com\/2020\/ransomware-alert-pay2key\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">private sector firms<\/a><span> are <\/span><a href=\"https:\/\/www.crowdstrike.com\/blog\/global-security-attitude-survey-takeaways-2020\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">fighting a steady stream of hackers<\/a><span>, who are locking critical systems and threatening to publish sensitive information if their demands are not met.<\/span><\/p>\n<p><span>Now according to <\/span><a href=\"https:\/\/www.sophos.com\/en-us\/labs\/security-threat-report.aspx\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Sophos 2021 threat report<\/a><span>, several ransomware operators have taken up extortion as a side-hustle. What\u2019s more, entry level cybercriminals having access to ransomware-as-a-service (RaaS) type tools are set to become a more dangerous threat.<\/span><\/p>\n<p><a href=\"https:\/\/www.sophos.com\/en-us\/labs\/security-threat-report.aspx\" target=\"_blank\" rel=\"nofollow noopener noreferrer\"><\/p>\n<figure class=\"post-image post-mediaBleed aligncenter\"><img decoding=\"async\" loading=\"lazy\" class=\"aligncenter lazy\" src=\"https:\/\/mcusercontent.com\/22ec88eb9b9d8bc3bcf660787\/images\/a486ac84-b636-4d9f-bd98-383d22921d86.png\" width=\"1068\" height=\"324\" data-file-id=\"59358\" data-lazy=\"true\"><\/figure>\n<p><\/a><br \/><span>Over the past quarter, the average ransom payout has risen by 21%, a figure the firm said can be skewed by just one or two very large ransom attacks. The average ransom payout for Q3 2020 is about $233,817.30 (payable in cryptocurrency). A year ago, the average payout was $84,116.<\/span><\/p>\n<p>That\u2019s it. See you all in two weeks. Stay safe!<\/p>\n<p><em>Ravie x TNW (ravie[at]thenextweb[dot]com)<\/em><\/p>\n<p> <a href=\"https:\/\/thenextweb.com\/newsletter\/2020\/11\/20\/pardon-the-intrusion-31-stop-using-123456-as-your-password\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Subscribe to this bi-weekly newsletter here! Welcome to the latest edition of Pardon The Intrusion, TNW\u2019s bi-weekly newsletter in which we explore the wild world of security. And the yearly ritual continues&#8230;.<\/p>\n","protected":false},"author":1,"featured_media":1274,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/posts\/1273"}],"collection":[{"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1273"}],"version-history":[{"count":0,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/posts\/1273\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/media\/1274"}],"wp:attachment":[{"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1273"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1273"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1273"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}