Microsoft makes passkeys the default authentication method for all new accounts - Microsoft says that passkeys reduce password use by 20% and... - https://www.tomshardware.com/tech-industry/cyber-security/microsoft-makes-passkeys-the-default-authentication-method-for-all-new-accounts #cybersecurity #techindustry

OH! I did not realize @ESETresearch was on Mastodon!

They do *fantastic* security and threat research. Highly recommend you follow 'em and/or add them to your RSS reader.

Scrolls is back on schedule, with volume 14 having been published this morning! Check it out for all the usual awesome #IndieWeb, #Fediverse and #Infosec / #Cybersecurity goodies.

https://shellsharks.com/scrolls/scroll/2025-05-02

As is my tradition, I'd like to thank everyone I've tagged below for creating and sharing cool stuff that made it into this week's newsletter. I learn and am inspired each week thanks to each of these folks!

@adamshostack @fedify @ricci @daemon_nova @StaceyCornelius @FuzzySec @fr0gger @daj @EmilyMoranBarwick @heathenstorm @anders @gerben @harriorrihar @laamaa @ashur @readbeanicecream @felixthehat @chrastecky @jaranta @NIGHTEN @reiver @homegrown @rimu @cryptadamist @seava @neil @hamatti @shollyethan @Edent @mahryekuh @adam @jason @hothead@x.isalman.dev @aluhrs @eko_ekomori @spilledpixel @FlohEinstein

Why Strong #Passwords Matter More Than Ever

https://cryptomator.org/blog/2025/05/01/world-password-day/

Hackers abuse #IPv6 networking feature to hijack software updates

https://www.bleepingcomputer.com/news/security/hackers-abuse-ipv6-networking-feature-to-hijack-software-updates/

Scammers built 200+ fake shopping sites that look legit, but they’re tricking people into hidden subscriptions and stealing your card info.

Read: https://hackread.com/fake-retail-sites-used-new-wave-subscription-scams/

Anubis is designed to protect websites from AI scraper bots, Anubis primarily focuses on parameters like the user agent sent with the request and looks for oddities in the connection. “Known good” and harmless clients are always accepted, and “Known bad” clients are always denied. Now the same tool is used to get protection from a DDoS attack: https://fabulous.systems/posts/2025/05/anubis-saved-our-websites-from-a-ddos-attack/

Am 16.05. empfangen mein Kollege Nick Lorenz und ich euch in Köln zu den usd Hackertagen. Bei Pizza und Tschunk reden wir übers Hacken und Pentesten.

Praktische Hands-On Erfahrung könnt ihr in unserer Trainingsumgebung, dem PentestLab, sammeln.

Wir freuen uns auf alle, die vorbeischauen.

16.05.2025, 13:00 - 18:30 Uhr + Gemeinsamer Ausklang bei Pizza und Tschunk
kostenlos

Mehr Infos hier: https://www.usd.de/cst-academy/events/usd-hackertage/

#WordPress plugin disguised as a security tool injects backdoor

https://www.bleepingcomputer.com/news/security/wordpress-plugin-disguised-as-a-security-tool-injects-backdoor/

Six years in the making, a wide ranging attack just hit a ton of online stores.

If any of your plugins were made by Tigren, Magesolution or Meetanshi, then check.

https://sansec.io/research/license-backdoor

Hive Systems has published their 2025 password table.

The table illustrates the maximum time required to brute force a password based on various lengths and complexities.

Brute force: https://wikipedia.org/wiki/Brute-force_attack

Website: https://www.hivesystems.com/password-table
Blog: https://www.hivesystems.com/blog/are-your-passwords-in-the-green

Foul texts such as the Pnakotic Manuscripts and the dread Necronomicon of Abdul al-Hazred show the danger of writing incantations incautiously. #cybersecurity https://cromwell-intl.com/cybersecurity/software.html?s=mc

iHeartMedia, America's largest owner of radio stations, suffered a breach in December that exposed personal data, including Social Security and passport numbers.

#databreach #dataprivacy #cybersecurity #US

https://cnews.link/iheartmedia-suffers-breach-1/

In Praise of #Tor: Why You Should Support and Use Tor

https://www.privacyguides.org/articles/2025/04/30/in-praise-of-tor/

#Windows #RDP lets you log in using revoked passwords. #Microsoft is OK with that.

https://arstechnica.com/security/2025/04/windows-rdp-lets-you-log-in-using-revoked-passwords-microsoft-is-ok-with-that/

Intruders have ravaged this realm. Let us examine the path of their rampage, see the bodies and smoking ruins, and analyze their methods. #cybersecurity https://cromwell-intl.com/cybersecurity/intrusion-analysis/?s=mc

#Apple notifies new victims of #spyware attacks across the world

https://techcrunch.com/2025/04/30/apple-notifies-new-victims-of-spyware-attacks-across-the-world/

I wonder how bad this is going to get with all the junior or not-programmers sticking freaking AI-generated code into Github, checking in their authorization keys.

#SonicWall: #SMA100 #VPN vulnerabilities now exploited in attacks

https://www.bleepingcomputer.com/news/security/sonicwall-sma100-vpn-vulnerabilities-now-exploited-in-attacks/

Hostile wizardry takes on the form of war across the Turanian wastelands. #cybersecurity #cyberwar https://cromwell-intl.com/cybersecurity/cyberwar/qatar.html?s=mc