The Exploit 10KBLAZE construction kit was opened and represents a major danger for the majority of all SAP systems. The Office for Cyber Security and Digital Infrastructure (CISA) from the USA announced a public warning message for the SAP systems on May 2, 2019. [Read more…] about 10KBLAZE – Great Danger for SAP-Systems
The blackmail business has been flourishing on the Internet for quite some time – a new scam is now hitting developers who are deleting the public git repository. All that remains is a note with the wallet, to which approx. 0.1 bit coins are to be transferred in order to get back to the data.
The developers are not completely innocent. Since most developers have a local repository, the damage is limited. Interesting and critical to the same is the attack anyway. [Read more…] about Git repository deleted – developers blackmailed!
The correct handling of passwords is very important, as attacks such as phishing or identity theft are increasingly successful. On the 1st Thursday in May, World Password Day, we will show you what you need to consider when dealing with passwords and why the password could soon be abolished! [Read more…] about World Password Day – The last of its kind?
Was my password stolen? Do you use easy-to-remember passwords? Do you use the same password for different portals? Answers to these questions are essential for the security of your digital identity.
We therefore recommend that you regularly check whether your data has been stolen and act accordingly.
Password stolen, individualized password lists, large data leaks.
A password list is a large text file containing many passwords used by unknown users on the Internet. Not only passwords, but also e-mail addresses are interesting for hackers, so that a personalized contact can be established.
At the beginning of the year, one of the largest records of passwords and e-mail addresses to date leaked out. These are approximately 773 million e-mail addresses and 21 million passwords. An extensive treasure.
With the help of such lists or data, hackers try to gain access to other people’s accounts. The greatest risk as a user is to use the same password for several portals. As soon as only one of these portals is hacked, your password will be on the list. This clears the way for numerous identity and fraud scams.
One cracked, hacked forever. A password stolen – and the digital identity also?
The password list is clearly too big to try it out completely. In order for a hacker to be able to crack the password in time, it is advisable to adjust the list.
Different approaches, partly from the social engineering field, are used for this. Assumptions that a Schalke04 fan will most likely not use Dortmund123 as his password support the attacker in sorting & filtering the list. A hacker tries to get to know his victim.
When the list is adjusted, he tries each of the remaining passwords with possible email addresses. So if your password has already been published and has an indirect connection to you personally, this password is most likely on the attacker’s list.
How can I protect myself?
Basically, we recommend using different passwords for each portal. Otherwise, there is an increased risk that your password will be stolen from a platform and published in this way. It is also advisable not to include any personal reference in the passwords. Therefore, you should refrain from using memory aids such as the child’s or friend’s name.
Long passwords, a separate password for each service and all this without memory aids – not an easy task to protect your own digital identity. If you now want to keep track of which websites you have registered on and which accesses could possibly be deleted, we warmly recommend a password manager. Whether this is off- or online, everyone has to decide for themselves. Known providers are among others:
Must I change all my passwords now?
No, just because a large record of passwords was published doesn’t mean your password was there, does it? To answer this question, Troy Hunt runs the website haveibeenpwnd.com. There you can check passwords as well as e-mail addresses. However, we advise against chasing actively used passwords through the database.
A German alternative is operated by the Hasso Plattner Institute in Potsdam. The Identity Leak Checker only reveals information as soon as you have verified yourself as the owner of the e-mail address.
It is crucial, however, that this information reaches those affected – whether via HIBP or the IDL.
The whole of Germany is puzzling about the politician Hack, the origin of the stolen data, its purpose and above all about the perpetrators. One thing is already certain: the perpetrator or perpetrators have gone to a lot of trouble.
They have collected data, categorized, sorted and marked victims according to their interest in the attack. But where did the data come from? They are too extensive for a single phishing attack. We set off on a search. [Read more…] about Politician Hack: This is how large parts of the data were collected!