Author: admin

Die ständige Zunahme an Cyberbedrohungen belastet nicht nur Budgets, Arbeitsprozesse und Reputation, sondern schlägt sich auch auf die Stimmung des Personals nieder. Druck und Belastung steigen, Frustration, Stress und schließlich gesundheitliche Auswirkungen können die Folgen sein. Was bedeutet die stetig wachsende Bedrohung durch Cybergefahren tatsächlich für den Arbeitsalltag der IT-Teams? Eine aktuelle Sophos-Umfrage gibt Aufschluss. […]

The US, UK, EU and other global partners have called for a global approach to strengthening the security of global communications and data

Ireland’s Data Protection Commission fines Meta Platforms €91 million for mishandling user passwords and GDPR violations

The US has sanctioned Cryptex, PM2BTC and a Russian national for processing hundreds of millions of dollars derived from cybercrime

The suspect is an employee of Global Reach Technology, which provides some Wi-Fi services to Network Rail

Russian cyber-attacks on Ukrainian servicemen underscore the escalating use of digital warfare tactics in the ongoing conflict

Fishermen are catching more squid as other fish are depleted.

Blog moderation policy.

NIST’s second draft of its “SP 800-63-4“—its digital identify guidelines—finally contains some really good rules about passwords:

The following requirements apply to passwords:

1. lVerifiers and CSPs SHALL require passwords to be a minimum of eight characters in length and SHOULD require passwords to be a minimum of 15 characters in length.
2. Verifiers and CSPs SHOULD permit a maximum password length of at least 64 characters.
3. Verifiers and CSPs SHOULD accept all printing ASCII [RFC20] characters and the space character in passwords.
4. Verifiers and CSPs SHOULD accept Unicode [ISO/ISC 10646] characters in passwords. Each Unicode code point SHALL be counted as a signgle character when evaluating password length.
5. Verifiers and CSPs SHALL NOT impose other composition rules (e.g., requiring mixtures of different character types) for passwords.
6. Verifiers and CSPs SHALL NOT require users to change passwords periodically. However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.
7. Verifiers and CSPs SHALL NOT permit the subscriber to store a hint that is accessible to an unauthenticated claimant.
8. Verifiers and CSPs SHALL NOT prompt subscribers to use knowledge-based authentication (KBA) (e.g., “What was the name of your first pet?”) or security questions when choosing passwords.
9. Verifiers SHALL verify the entire submitted password (i.e., not truncate it).

Hooray.

News article.Shashdot thread.

The data leak exposed personal data of 100m US citizens, resulting from a misconfigured database made accessible online

A CybSafe survey found that 52% of workers have not yet received any training on safe AI use