Europe Says<p><a href="https://www.europesays.com/1976284/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">europesays.com/1976284/</span><span class="invisible"></span></a> Top Australian Pension Funds Breached in Coordinated Hacks <a href="https://pubeurope.com/tags/australia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>australia</span></a> <a href="https://pubeurope.com/tags/CredentialStuffing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CredentialStuffing</span></a> <a href="https://pubeurope.com/tags/hack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hack</span></a> <a href="https://pubeurope.com/tags/superannuation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>superannuation</span></a></p>
shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.
Administered by:
Server stats:
247active users
shakedown.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.3
#CredentialStuffing
0 posts · 0 participants · 0 posts today
IT News<p>Account compromise of “unprecedented scale” uses everyday home devices - Enlarge (credit: Getty Images) </p><p>Authentication service Okta is ... - <a href="https://arstechnica.com/?p=2020513" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">arstechnica.com/?p=2020513</span><span class="invisible"></span></a> <a href="https://schleuss.online/tags/credentialstuffing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>credentialstuffing</span></a> <a href="https://schleuss.online/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://schleuss.online/tags/biz" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>biz</span></a> <a href="https://schleuss.online/tags/okta" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>okta</span></a></p>
Marcus "MajorLinux" Summers<p>Time to mix up those passwords!</p><p>Roku hit by credential stuffing attack - Desk Chair Analysts </p><p><a href="https://dcanalysts.net/roku-hit-by-credential-stuffing-attack/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dcanalysts.net/roku-hit-by-cre</span><span class="invisible">dential-stuffing-attack/</span></a></p><p><a href="https://toot.majorshouse.com/tags/CredentialStuffing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CredentialStuffing</span></a> <a href="https://toot.majorshouse.com/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://toot.majorshouse.com/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MFA</span></a> <a href="https://toot.majorshouse.com/tags/Passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passwords</span></a> <a href="https://toot.majorshouse.com/tags/Roku" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Roku</span></a> <a href="https://toot.majorshouse.com/tags/Tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tech</span></a> <a href="https://toot.majorshouse.com/tags/DCA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DCA</span></a></p>
Graham Cluley<p>Gotta Hack 'Em All: Pokémon passwords reset after attack.</p><p>Read more in my article on the Bitdefender blog: <a href="https://www.bitdefender.com/blog/hotforsecurity/gotta-hack-em-all-pokemon-passwords-reset-after-attack/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bitdefender.com/blog/hotforsec</span><span class="invisible">urity/gotta-hack-em-all-pokemon-passwords-reset-after-attack/</span></a></p><p><a href="https://mastodon.green/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.green/tags/credentialstuffing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>credentialstuffing</span></a> <a href="https://mastodon.green/tags/phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>phishing</span></a> <a href="https://mastodon.green/tags/pokemon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pokemon</span></a> <a href="https://mastodon.green/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>databreach</span></a></p>
Graham Cluley<p>Streaming company Roku has revealed that over 15,000 customers' accounts were hacked using stolen login credentials from unrelated data breaches, in a campaign that lasted from December 2023 to February 21, 2024</p><p>Read more in my article on the Bitdefender blog: <a href="https://www.bitdefender.com/blog/hotforsecurity/hackers-target-roku-15-000-accounts-compromised-in-data-breach/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bitdefender.com/blog/hotforsec</span><span class="invisible">urity/hackers-target-roku-15-000-accounts-compromised-in-data-breach/</span></a></p><p><a href="https://mastodon.green/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.green/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>databreach</span></a> <a href="https://mastodon.green/tags/credentialstuffing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>credentialstuffing</span></a></p>
Marcus "MajorLinux" Summers<p>I don't think I have enough free space to store 'em!</p><p>26 billion personal records and passwords have been leaked online - Desk Chair Analysts </p><p><a href="https://dcanalysts.net/26-billion-personal-records-and-passwords-have-been-leaked-online/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dcanalysts.net/26-billion-pers</span><span class="invisible">onal-records-and-passwords-have-been-leaked-online/</span></a></p><p><a href="https://toot.majorshouse.com/tags/CredentialStuffing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CredentialStuffing</span></a> <a href="https://toot.majorshouse.com/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://toot.majorshouse.com/tags/Passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passwords</span></a> <a href="https://toot.majorshouse.com/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://toot.majorshouse.com/tags/TechNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechNews</span></a> <a href="https://toot.majorshouse.com/tags/DCA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DCA</span></a></p>
Matt Willemsen<p>What is credential stuffing and how can I protect myself? A cybersecurity researcher explains<br><a href="https://theconversation.com/what-is-credential-stuffing-and-how-can-i-protect-myself-a-cybersecurity-researcher-explains-221401" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">theconversation.com/what-is-cr</span><span class="invisible">edential-stuffing-and-how-can-i-protect-myself-a-cybersecurity-researcher-explains-221401</span></a> <a href="https://mastodon.social/tags/CredentialStuffing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CredentialStuffing</span></a> <a href="https://mastodon.social/tags/cyberattack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberattack</span></a> <a href="https://mastodon.social/tags/hackers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hackers</span></a> <a href="https://mastodon.social/tags/stolen" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>stolen</span></a> <a href="https://mastodon.social/tags/usernames" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>usernames</span></a> <a href="https://mastodon.social/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a></p>
Matt Willemsen<p>Researcher uncovers one of the biggest password dumps in recent history<br><a href="https://arstechnica.com/security/2024/01/71-million-passwords-for-facebook-coinbase-and-others-found-for-sale/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">arstechnica.com/security/2024/</span><span class="invisible">01/71-million-passwords-for-facebook-coinbase-and-others-found-for-sale/</span></a> <a href="https://mastodon.social/tags/password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>password</span></a> <a href="https://mastodon.social/tags/dump" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dump</span></a> <a href="https://mastodon.social/tags/leak" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>leak</span></a> <a href="https://mastodon.social/tags/stealer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>stealer</span></a> <a href="https://mastodon.social/tags/CredentialStuffing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CredentialStuffing</span></a></p>
Matt Willemsen<p>23andMe blames “negligent” breach victims, says it’s their own fault<br><a href="https://www.malwarebytes.com/blog/news/2024/01/23andme-blames-negligent-breach-victims-says-its-their-own-fault" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">malwarebytes.com/blog/news/202</span><span class="invisible">4/01/23andme-blames-negligent-breach-victims-says-its-their-own-fault</span></a> <a href="https://mastodon.social/tags/TwentyThreeAndMe" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TwentyThreeAndMe</span></a> <a href="https://mastodon.social/tags/CredentialStuffing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CredentialStuffing</span></a> <a href="https://mastodon.social/tags/DNARelatives" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DNARelatives</span></a> <a href="https://mastodon.social/tags/DataBreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DataBreach</span></a></p>
IT News<p>23andMe told victims of data breach that suing is futile, letter shows - Enlarge (credit: Bloomberg / Contributor | Bloomberg) </p><p>23andMe ... - <a href="https://arstechnica.com/?p=1993685" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">arstechnica.com/?p=1993685</span><span class="invisible"></span></a> <a href="https://schleuss.online/tags/personalidentifyinginformation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>personalidentifyinginformation</span></a> <a href="https://schleuss.online/tags/californiaprivacyrightsact" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>californiaprivacyrightsact</span></a> <a href="https://schleuss.online/tags/credentialstuffing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>credentialstuffing</span></a> <a href="https://schleuss.online/tags/onlineprivacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>onlineprivacy</span></a> <a href="https://schleuss.online/tags/ancestrydata" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ancestrydata</span></a> <a href="https://schleuss.online/tags/geneticdata" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>geneticdata</span></a> <a href="https://schleuss.online/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>databreach</span></a> <a href="https://schleuss.online/tags/23andme" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>23andme</span></a> <a href="https://schleuss.online/tags/policy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>policy</span></a></p>
Marcus "MajorLinux" Summers<p>Not how I expected genetics data to be used, but just as bad. </p><p>More 23andMe user records appear online - Desk Chair Analysts </p><p><a href="https://dcanalysts.net/more-23andme-user-records-appear-online/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dcanalysts.net/more-23andme-us</span><span class="invisible">er-records-appear-online/</span></a></p><p><a href="https://toot.majorshouse.com/tags/23andMe" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>23andMe</span></a> <a href="https://toot.majorshouse.com/tags/CredentialStuffing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CredentialStuffing</span></a> <a href="https://toot.majorshouse.com/tags/Breach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Breach</span></a> <a href="https://toot.majorshouse.com/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://toot.majorshouse.com/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://toot.majorshouse.com/tags/TechNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechNews</span></a></p>
Jeremi M Gosney :verified:<p>Happy <a href="https://infosec.exchange/tags/WorldPasswordDay" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WorldPasswordDay</span></a>!</p><p>I've cracked billions of <a href="https://infosec.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> from tens of thousands of <a href="https://infosec.exchange/tags/data" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>data</span></a> <a href="https://infosec.exchange/tags/breaches" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>breaches</span></a> in the past 12+ years, and because of this, I likely know at least one <a href="https://infosec.exchange/tags/password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>password</span></a> for 90% of people on the Internet. And I'm not alone! While I primarily crack breached passwords for research purposes and the thrill of the sport, others are selling your breached passwords to criminals who leverage them in <a href="https://infosec.exchange/tags/AccountTakeover" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AccountTakeover</span></a> and <a href="https://infosec.exchange/tags/CredentialStuffing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CredentialStuffing</span></a> attacks. </p><p>How can you keep your accounts safe?</p><p>- Use a <a href="https://infosec.exchange/tags/PasswordManager" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PasswordManager</span></a>! I recommend <span class="h-card"><a href="https://fosstodon.org/@bitwarden" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>bitwarden</span></a></span> and <span class="h-card"><a href="https://1password.social/@1password" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>1password</span></a></span> </p><p>- Use a <a href="https://infosec.exchange/tags/Diceware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Diceware</span></a> style <a href="https://infosec.exchange/tags/passphrase" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passphrase</span></a> - four or more words selected at random - for passwords you have to commit to memory, like your master password!</p><p>- Enable MFA for important online accounts, including cloud-based password managers!</p><p>- Harden your master password by tweaking your password manager's KDF settings! For <a href="https://infosec.exchange/tags/Bitwarden" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Bitwarden</span></a>, use Argon2id with 64MB memory, 3 iterations, 4 parallelism. For <a href="https://infosec.exchange/tags/1Password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>1Password</span></a> and other PBKDF2 based password managers, set the iteration count to at least 600,000. </p><p>- Use unique, randomly generated passwords for all your accounts! Use your password manager to generate random 14-16 character passwords for everything. Modern password cracking is heavily optimized for human-generated passwords, because humans are highly predictable. Randomness defeats this and forces attackers to resort to incremental brute force! There's no trick you can do to make a secure, uncrackable password on your own - your meat glob will only betray you.</p><p>- Use an ad blocker like <a href="https://infosec.exchange/tags/uBlock" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>uBlock</span></a> Origin to keep you safe from password-stealing <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a> and other browser based threats!</p><p>- Don't fall for <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>phishing</span></a> attacks and other social engineering attacks! Browser-based password managers help defend against phishing attacks because they'll never autofill your passwords on fake login pages. Think before you click, and never give your passwords to anyone, not even if they offer you chocolate or weed.</p><p>- <a href="https://infosec.exchange/tags/Enterprises" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Enterprises</span></a>: require ad blockers, invest in an enterprise password management solution, audit password manager logs to ensure employes aren't sharing passwords outside the org, implement a Fine Grained Password Policy that requires a minimum of 20 characters to encourage the use of long passphrases, implement a password filter to block commonly used password patterns and compromised passwords, disable <a href="https://infosec.exchange/tags/NTLM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NTLM</span></a> authentication and disable RC4 for <a href="https://infosec.exchange/tags/Kerberos" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Kerberos</span></a>, disable legacy broadcast protocols like LLMNR and NBT-NS, require mandatory <a href="https://infosec.exchange/tags/SMB" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SMB</span></a> signing, use Group Managed Service Accounts instead of shared passwords, monitor public data breaches for employee credentials, and crack your own passwords to audit the effectiveness of your password policy and user training!</p>
Graham Cluley<p>Ugh! Norton LifeLock password manager accounts accessed by hackers.</p><p><a href="https://grahamcluley.com/ugh-norton-lifelock-password-manager-accounts-accessed-by-hackers/" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">grahamcluley.com/ugh-norton-li</span><span class="invisible">felock-password-manager-accounts-accessed-by-hackers/</span></a></p><p><a href="https://mastodon.green/tags/norton" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>norton</span></a> <a href="https://mastodon.green/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.green/tags/passwordmanager" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwordmanager</span></a> <a href="https://mastodon.green/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>databreach</span></a> <a href="https://mastodon.green/tags/credentialstuffing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>credentialstuffing</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload