Study confirms most manufacturers with DMARC don’t have it configured to most secure policy

Read More

Tickets to Foo Fighters, Aerosmith, Pink and Usher gigs have been leaked by a threat actor trying to extort Ticketmaster

Read More

This Fourth of July brought fireworks in the form of a digital security breach, one that has been recorded as the most significant password leak in history. Dubbed RockYou2024, this colossal data dump was unveiled by a user named “ObamaCare” on a prominent hacking forum, revealing a staggering 9.9 billion unique passwords in plain text.

The Scale of RockYou2024

The sheer volume of compromised passwords is enough to make any security enthusiast’s head spin. RockYou2024 isn’t just a leak; it’s a behemoth collection of 9,948,575,739 passwords that could potentially affect millions of users worldwide. This event marks a critical point in cybersecurity, underscoring the relentless pace at which digital threats are evolving.

What’s Old is New Again

However, it’s crucial to note that RockYou2024, despite its unprecedented scale, is primarily a compilation of previously leaked passwords, building upon its predecessor, RockYou2021, which contained 8.4 billion passwords. This revelation might diminish the shock value for some, but it doesn’t reduce the threat level.

Implications of the Leak

According to Cybernews, which first reported on this massive compilation, RockYou2024 poses a significant threat to any system vulnerable to brute-force attacks. This includes not just online platforms but also offline services, internet-facing cameras, and even industrial hardware. When paired with other leaked databases that might include email addresses and other personal information, the potential for widespread data breaches, financial fraud, and identity theft escalates dramatically.

How to protect yourself

Despite RockYou2024 being a collection of older breaches, the updated and maintained list means everyone should remain vigilant. It is crucial to take steps to protect yourself from potential fraud or identity theft. While RockYou2024 might predominantly consist of recycled material from past leaks, it serves as a potent reminder of the ongoing cybersecurity battles. Proper password management and security measures are more crucial than ever. In today’s digital age, staying ahead means staying aware and taking proactive steps to protect your digital identity. Consider implementing the following measures:

Monitor Your Accounts: Regularly review your bank statements, credit card statements, and other financial accounts for any unauthorized transactions.
Change Passwords: Update your passwords for all online accounts, including your AT&T account. Use strong, unique passwords and consider using a password manager to securely store them.
Enable Two-Factor Authentication: Enable two-factor authentication whenever possible to add an extra layer of security to your accounts.
Be Cautious of Phishing Attempts: Stay vigilant against phishing emails, calls, or texts that may try to trick you into revealing sensitive information. Be skeptical of any unsolicited communications and verify the source before sharing any personal data
Enroll in an Identity Monitoring service: McAfee+ can help keep your personal info safe, with early alerts if your data is found on the dark web. We’ll monitor the dark web for your personal info, including email, government IDs, credit card and bank account numbers, and more
Protect your Personal info: Protection solutions like McAfee’s Personal Data Cleanup feature can help. It scours the web for traces of your personal info and helps remove it for your online privacy.

McAfee+ provides AI-Powered technology for real-time protection against new and evolving threats. With our data protection and custom guidance (complete with a protection score for each platform and tips to keep you safer), you can be sure that your internet identity is protected.

The post RockYou2024: Unpacking the Largest Password Leak in History appeared first on McAfee Blog.

Read More

ProPublica has a long investigative article on how the Cyber Safety Review Board failed to investigate the SolarWinds attack, and specifically Microsoft’s culpability, even though they were directed by President Biden to do so.

Read More