All posts by admin

Password Manager – Do You Need to Use?

A vast number of individuals today are creating very weak passcodes and reusing these ciphers on various sites.

This is a very risky activity because it leaves your data exposed. However, there’s a solution to improve the strength of your ciphers, and it’s a password manager.

This article may interest you also: Should I use a password manager?

So what is a password manager? Think of it as a catalog of all your passwords with a master key that only you possess. Some people see this as a vulnerability that can be exploited.

What if someone gets hold of my master passcode? That’s a realistic and normal fear, and if you are one to take extra precautions check on the benefits of using anti-malware apps. You can read more about anti-malware apps hereby clicking the link. Also note that it’s not easy to crack master passwords. These master passwords are protected by layers of encryption.

Also, password managers store your existing passwords and help you generate new and formidable passwords when you sign up to webpages. This means whenever you open the webpage again, you can prompt the password manager to fill in the passcode.

What Is the Importance of Having a Password Manager?

You Don’t Need to Cram All Your Passcodes

Perhaps the most important benefit of having a password manager is that you don’t need to cram all your password. Cramming all passwords you use can be hectic because of the massive number of web pages you visit in a day.

Also, you could make a mistake and enter a wrong passcode in a webpage and have your account suspended on malicious grounds.

Passcode managers help you tackle these issues since they incorporate the latest recommendations for secure passcodes, including the use of symbols, numbers, uppercase, and lowercase letters, among others. This makes your passwords near uncrackable.

Enables You to Access Your Password Quickly

A password manager is extremely responsive with regard to the time taken to retrieve a password for a webpage you have used before. Simply, open the webpage, and when you are prompted to enter the passcode, the password manager will autofill the entry boxes.

This means you spend less time fumbling with login screens and concentrate more on what you had gone to do in that webpage initially. Also, no time is spent on password recovery measures with a password manager since the prompts are automatic.

Enables You to Employ Stronger Passcodes

 A password manager enables you to employ more formidable passwords without having to recall these complicated ciphers. A password manager also lets you use a unique passcode for each and every webpage or access point.

This is beneficial because if one of your accounts is compromised by a hacker, there won’t be a cascading effect that will allow the hacker in question to take charge of all your accounts. The result is enhanced safety across the board.

Enables Easy Management of Shared Accounts

For numerous companies, determining who can access what account can be hectic, especially if several employees need to access a single account. A password manager comes in handy in such a scenario because you are able to oversee and change the passcode when necessary.

Some password managers even have features whereby one person, the manager, is the recognized account admin and controls the account passcode. The manager can then share a link that allows staff to access the account without sharing the account passcode with them.

For instance, if a company is involved with social media account management for high-profile individuals, this feature comes in handy. You don’t want the passwords of influential people to be known by everyone in the company.

However, these employees still need access to these accounts to update the feeds, and a password manager can allow such access without revealing the account’s actual password.

Safeguarding Your Data 

Some passcode managers have extraordinary safety measures in place that institute an extra layer of security for your data. Such safety measures include dark web scanning that can spot despicable intents to hack your data, thereby deterring such crooks.

Merely changing your account password is not enough; you need a passcode manager that can encrypt your data. This makes it hard for online crooks to access your data. Because even if the hack is successful decrypting data requires a decryption key which is almost impossible to hack.

Final Thought

All in all, having a password manager to oversee all your accounts and access points is beneficial, as illustrated above. Today, the availability of these passcode management tools is widespread, ranging from free to premium.

Cybersecurity and computer threats

2020 was a fairly prolific year for the expression of cybercrime as a whole.

Because of telework and the much increased use of computers and the Internet, hackers have never been more comfortable.

This article will also interest you: Computer threats and the behavior of insurance houses

According to the U.S. Federal Police, computer attacks literally quadrupled in 2020. With such a rise in computer threat and online crime, it was recorded nearly 1 trillion losses in a single calendar year. A record like we've never seen before.

In a report of the World Economic Forum, it was pointed out that the chance of being able to stop and judge a cybercriminal under such conditions defined by state laws represents that 0.05%, in other words, they are almost nil. It is for this reason that users, especially businesses, are recommended to be much more resilient. It is for this reason that we must be very attentive to the various threats that continue to proliferate and cause much more damage.

1- Social engineering

For some time it should be noted that this practice has grown. Especially in 2020 with the explosion of telework. Computer security experts attribute a third of the security flaws to it, saying it is dangerous.

As a reminder, this technique allowed the attack on the social network Twitter, a cyberattack that was considered the most significant incident in its history. The hackers then managed to exploit the data of the company's employees, which was mostly in remote working mode.

2- Phishing

Phishing, in French phishing is an ancient practice is very common in the field of cybercrime. In 2020, this practice literally exploded following the trend of telework. And according to the various observations, 2021 will not be the year that will be left behind. Experts are observing a potential advance of the threat. According to Cisco, 95% of security vulnerabilities in corporate networks are usually due to fraudulent emails used in phishing. For this reason that awareness around emails will pick up more and more. Because phishing spreads even more through fraudulent email.

3- Ransomware

Today, without hesitation we can mark the fact that ransomware threats are the most well-known of cybercrime. Indeed, one cannot be informed of a security incident every month. At any time the news is paid in any way by a ransomware attack. To make it simpler, hackers through ransomware literally have the wind in their sails. Today, with the ease that some companies have taken to pay the ransoms, there is a good chance that the threat will not be reduced in any way. "Companies prefer to pay a few million ransoms rather than a few tens of millions for the data loss guaranteed by the insurance policy contracted. We need to do a lot of work to break this vicious cycle around paying ransoms," said Guillaume Poupard, the head of France's national information systems security agency, the administrative authority in charge of cybersecurity. This position and particularly supported by the judiciary specialized in computer security at the Paris court prosecutor's office, Johanna Brousse: "Today France is one of the countries most attacked by ransomware because we pay ransoms too easily, some insurers even guarantee the payment of ransoms. We must make it clear to everyone that, if he pays the ransom, he penalizes everyone (…) It also encourages criminals to target new victims and encourages others to engage in this type of illegal activity. ».

4- Attacks targeting connected objects

Today, digitization continues. Everything becomes connected and the Internet of Things is becoming more and more an essential tool for an adaptation to crazy digitalization. We have become literally dependent on certain objects such as smartphones and tablets computers and other objects just as connected to each other. The problem, these tools are unfortunately vulnerable to computer attacks. And hackers know that. So they decided to go after his tools massively.

Now access an unlimited number of passwords:

Check out our hacking software

8000 Decathlon employees have their personal data exposed

In a recent survey conducted by VPNmentor, it was discovered that several personal data, including emails, names and surnames, photos, identification tokens belonging to employees of the decathlon company, are available online without any protection.

This exposed data is believed to be due to a poor bucket S3 configuration on a server used by one of the company's partners

"The bucket S3 also contained security tokens that could have provided additional access to private accounts or other internal areas of the Decathlon system," VPNmentor said.

This article will also interest you: Microsoft Azure Blob: what lessons learned from data leakage?

This umpteenth data leak is in addition to another that was discovered a little over a year ago, this time again Decathlon Spain, where 123 million records were exhibited on an Elasticsearch server. The data leak was also discovered by VPNmentor.

According to the company's security researcher, the recent data leak affects nearly 8% of Decathlon employees. The partner who would have been involved in the poor configuration of bucket S3, would be a consulting company named Bluenove.

According to figures provided by VPN Mentor, exactly 7883 Decathlon employees are affected by this exhibition. However, the company stated that the majority of the data exposed had nothing to do with its investigation, which was conducted by the consulting firm that was singled out.

"The photos can be illustration photos of the platform, by no means personal photos of the respondents. As for the "city" or "country," the data is linked to the locations of Decathlon stores not the personal information of respondents," a Bluenove spokesperson said in a recent interview.

However, the sensitivity of the majority of the data affected by this leak cannot be denied. "The bucket S3 also contained security tokens that could have provided additional access to private accounts or other internal areas of the Decathlon system. However, we have not attempted to use these tokens for ethical reasons, but we urge Decathlon to investigate further to avoid abuse by malicious third parties," VPNmentor said.

"Token keys are not linked to Bluenove's information system," the consulting company's spokesman added. "We have removed the offending .xls files, which are denser exports of this nature. The[VPNmentor]y may have read them to another level on the way to the bucket. Our exports do not contain token. We export metadata such as those on the file: time stamping, author's name, contribution url," he adds.

According to VPNmentor, the security flaw has been discovered since March 2021. However, there is a good chance that the data will be available since November 2020. This greatly exposes victims to a phishing campaign.

"If hackers had accessed this data, they could have targeted thousands of Decathlon employees and customers with various forms of online fraud and viral attack. By combining an individual's personal data, investigation information and other details exposed, hackers could have created highly effective phishing campaigns posing as Bluenove or Decathlon via email or phone. By doing so, they could easily convince people to provide even more sensitive data for fraudulent purposes or by clicking on built-in links with malware, spyware or other vectors," VPNmentor said in its blog post.

According to the latter, the consulting firm employed by Decathlon, could have avoided this situation, by implementing some very simple methods to secure its servers. "Make the bucket private by adding authentication protocols, follow AWS best access and authentication practices, and add more layers of protection to S3 compartments to further restrict who can access them from each entry point," notes VPNmentor.

For his part, Bluenove argues: "All of our buckets for our consultations are encrypted. When debates are public, we create buckets for public resources that are published and accessible. We have prioritized the implementation of encrypted key and profile management via the secure IAM system since we hosted our steps on AWS."

Now access an unlimited number of passwords:

Check out our hacking software

Cyber criminals spare those who have their keyboards in Russian, is this the beginning of a strategy?

Today, officially, everyone knows that Russian hackers tend to spare companies that operate within their state.

Even Russian companies that operate across borders. The aim is, of course, to be able to take advantage of the laissez-faire offered by the Russian state. In this context, some COMPUTER security experts advise companies to convert their devices into Russian language to be spared this surge.

"Try this weird trick that Russian hackers hate," says journalist Brian Krebs. On May 17, he published in his blog post, a trick that consists of turning the content of his Windows keyboard into a Russian language. The aim is to make the device look like a computer tool used by a Russian company or entity. In which case, if the Russian malware detects the language of use, it will then spare the targeted computer device. The journalist assumed in his development that this trick is likely to improve the protection of the system by abusing the system itself, even though it does not guarantee anything in practice.

This article will also interest you: Six Russians linked to Kremlin military intelligence indicted in the United States for major cyberattacks

However, our reporter proposed in a very simple way to deploy his tricks:

– First there is the possibility to download for free the virtual keyboard provided by Windows in several languages of countries that are usually spared by the malware of hackers. However the disadvantages of this manipulation are to push the user has switched totally to a keyboard purely as a result of mishandling. This will make the use of the computer tool very difficult.

– For the second, download simple script. This script has the functionality of applying Russian registry to the computer device without necessarily having to download a Russian virtual keyboard.

When journalist Brian Krebs published his blog post, several experts reacted to the event, namely the technical director of cybersecurity firm Emsisoft, one of the companies most mobilized in the face of the ransomware attack. Experts criticize the trick in some respects: "In the ransomware research team, we often joke about what new 'innovative' way we will be presented as the next big solution against ransomware. One of the recurring running-gags of the last 8 years has just been turned into a real recommendation recently: change the layout of your keyboard to Russian. ».

According to the computer security specialist, it is not the so superficial change that will alter the ability to automatically detect malware. "Unless you really want to use your computer in Russian with a Russian keyboard, you'll still get attacked," he says. 

In addition, Emsisoft specialists point out that what kind of command is easy to disable just 1 click away. It will just be enough for hackers to realize the company is indeed non-Russian.

He adds that in the case of a ransomware computer attack, the trick will serve him no good at all because once the malware is in the system a simple command cannot prevent it from doing what needs to happen.

"The hackers behind the ransomware will know everything about your business. They will know quickly and definitively whether you are a real Russian company or not," concludes Wossar, Emsisoft's technical director.

Beyond all the criticism, the journalist wishes to defend his position in every way: "Is there really a disadvantage in adopting this simple, free, prophylactic approach? (…) The worst that can happen is that the user accidentally passes the options of his menu in Russian."

The latter acknowledges that in the majority of cases it is the trick to not functioning, there is no denying that in a certain minority it may well have a well-defined scope.

The fight against ransomware attacks has intensified a lot in recent days. This is clearly understood when we see how cybercriminals are also intensifying their cyberattack.

Now access an unlimited number of passwords:

Check out our hacking software

Belgium hit by mysterious computer attack

Last week, the Belgian parliament was the target of a computer attack.

The institution's computer networks were affected by a malicious attempt to intrusion. But it is not only that in the Walloon parliament, several institutions have also been affected by this wave of cybercrime. At this time the identity or motive of the hackers has not been clearly defined. In reality it is the Belnet network that has been blocked by hackers.

This article will also interest you: Computer hacking: about 400 computer systems in Belgium affected by the Microsoft Exchange security flaw

"Three days ago, on Tuesday, May 4, the Belnet national search network was the victim of a large-scale cyberattack. Some 200 institutions connected to this internet access network have been affected. The House, the Walloon Parliament and universities have suddenly faced a slowdown in their computer systems. explains Max Helleff from Brussels.

In practice it can be clearly meant that hackers seem much more interested in the lucrative aspect of their computer attacks.

"Hackers mainly motivated by the "profitable aspect"

While the closure of Cactus outlets is the latest example of a cyberattack, this phenomenon is not growing exponentially," according to some IT experts. However, a much greater impact of the cyberattack is to be expected.

We know, for example, that the attack that targeted the Belgian parliament is of the type of Distributed Service Denial. This means that hackers were not intended to steal data, for example, or to actually break into the computer system. Their goal was simply to make the services they targeted out of ability. This by saturating Belnet.

In addition, the operator concerned announced that it had managed to repel the computer attack. Since then things seem to be back to normal. However, there are still areas of shadow. Who could have launched this computer attack against the Belgian institutions. Why the protection system in this situation has not been sufficiently resistant. Assumptions have been made in this regard.

For example, on 4 May, he should have been held in the hearing chamber to make motions for a resolution against the Chinese government's repression in Xinjiang province. In particular, with regard to the treatment of Uighurs. As luck would have it, a cyberattack occurs, and the hearings have been cancelled. On the agenda of these hearings was a proposal to "recognize the crime of genocide perpetrated by the government of the People's Republic of China against the Uighurs".

Samuel Cogolati, Green MP, Pierre at the head of this resolution means that it is legitimate to ask questions about this coincidence between the hearings and the computer attack. He told the press that "this was the first time that a Uighur survivor had to testify before a parliamentary assembly in a public, overdrawn manner." For him it is an attempt at intimidation.

Now access an unlimited number of passwords:

Check out our hacking software