Not all passwords are created equal, according to a new report from research firm Cybersecurity Ventures, which estimates that by 2020, hackers will have their choice of 300 billion passwords to target.
That total includes an estimated 100 billion user account passwords for things like social media and email, as well 200 billion passwords or credentials used to log in to Internet of Things (IoT) devices. So-called "privileged accounts," used to maintain IT infrastructure, will be among the most frequently targeted, because they are stored in multiple places and provide access to entire networks of devices. "One privileged account password breach can allow a hacker to access and steal the credentials and passwords belonging to every employee in a company," Joseph Carson, Chief Security Officer of Thycotic and one of the report's co-authors, said in a statement. Similarly, since consumers often reuse passwords for multiple online accounts, a breach at one site—like the massive Yahoo breach revealed in December—will likely provide hackers easier access to accounts at many other sites. The report also claims that most social media users do not use multi-factor authentication for logins, despite repeated attempts from social media companies to encourage its use. Multi-factor authentication requires a user to enter a unique code generated for a specific login attempt in addition to his or her regular password. The damage from password theft—which will keep happening, the report predicts—could reach $6 trillion annually by 2021. It's worth noting that the 300 billion passwords figure is a conservative number: it assumes an average of 25 passwords per Internet user, and apparently doesn't include laptops, desktops, or other non-IoT devices. http://www.pcmag.com/news/351438/report-300b-passwords-at-risk-by-2020?source=SectionArticles If you use WebEx at work it is time to update the software.
A vulnerability in Cisco WebEx browser extensions may allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the browser on the system. If you do not use it anymore, please remove the extensions. Versions prior to 1.0.7 of the Cisco WebEx Extension on Google Chrome Versions prior to 106 of the ActiveTouch General Plugin Container on Mozilla Firefox Versions prior to 10031. 6.2017.0126 of the Gpc Container Class ActiveX control file on Internet Explorer https://lnkd.in/d-KM7Yh Use this to remove the WebEx software. https://lnkd.in/db8y-4c |