Passwords remain one of the most common ways attackers gain access. Despite years of awareness, weak credentials, reuse, and exposure continue to drive breaches.
All tagged cybersecurity
Passwords remain one of the most common ways attackers gain access. Despite years of awareness, weak credentials, reuse, and exposure continue to drive breaches.
Earlier this month, Anthropic's Claude Mythos Preview AI model discovered 27-year-old bugs that survived decades of human review. The Cloud Security Alliance, SANS, and over 100 CISOs just published emergency guidance. Here's what vendors need to do now.
Running a vulnerability scan is easy. Treating every finding as urgent is not. This model helps teams prioritize real risk instead of chasing severity scores.
Step-by-step guide to changing your Venmo privacy settings, including how to make past transactions private and hide your public payment history. Updated for 2026.
Think fake job applicants are just awkward interviews and padded resumes? Think again. One North Korean operative nearly infiltrated a U.S. crypto firm by pretending to be a software engineer named “Steven Smith.” This story, and the red flags it raised, is a must-read for anyone hiring online.
Passwords are still the leading cause of breaches, and most of us still treat them like an afterthought. This post breaks down where we’re going wrong, what’s finally getting better, and why passkeys might be our best shot at a password-free future.
Quishing is phishing’s slicker, sneakier cousin. It hides behind QR codes, shows up on flyers and parking meters, and tricks you into handing over your credentials, often before your coffee kicks in. Here’s how it works, who it’s targeting, and how to stop it.
When I tried to lock down my smart thermostats, I discovered how hard it is to control what IoT devices connect to. Here’s what I learned—and why we need NetBOM.
Ransomware: Because Who Doesn’t Want to Be Held Hostage by Their Own Files?
Ransomware is no longer just a hacker’s side hustle—it’s big business. In this post, we break down what ransomware is, how it works, who it targets (on purpose and by accident), and what you can do to stay safe. Featuring real-world examples, including some very aggressive office printersmme.
So, here’s something that blew my mind: I decided to test Google’s NotebookLM AI tool. I casually uploaded the URLs for my LinkedIn page and my blog, not expecting much more than a basic summary. After about 3–4 minutes of AI whirring away, I had…
Last year, Humble Bundle teamed up with the great tech publisher, No Starch Press, to offer deeply discounted hacking ebooks for as little as one dollar with the Hacking 101 By No Starch Press Humble Bundle of ebooks. This year, on Giving Tuesday, No Starch Press has a new Hacking Book Bundle. The regular cost for the ebooks is more than $800 but you can get all of these ebooks for thirty dollars or just a few of the ebooks for as little as one dollar.
October is Cybersecurity Awareness Month and Breast Cancer Awareness Month. Since this is a cybersecurity blog, we will focus on cybersecurity but let’s take a moment to talk about the important topic of breast cancer.
It’s World Password Day!
Are your passwords strong enough?
Do you have a long, unique password for every account?
Do you use multi-factor authentication where available?
If you answered, “no” to any of these questions…
The March 2021 issue of Security magazine, partnering with (ISC)2, featured their inaugural list of the Top Cybersecurity Leaders for 2021. As the author of this blog, I am both humbled and honored, to not only be part of the inaugural team, but also to be recognized with these accomplished cybersecurity professionals.
An important step toward securing the Internet was achieved on December 4, 2020, when President Trump signed an IoT security bill into law. The Internet of Things Cybersecurity Improvement Act of 2020 has been in the works since 2017 and was passed by the U.S. House of Representatives in September 2020 and the U.S. Senate in November 2020.
The bi-partisan team that backed the IoT bill included…
Cybersecurity Awareness Month starts in seven days and Between The Hacks is a Cybersecurity Awareness Month 2020 Champion. For the month of October, Between The Hacks, along with hundreds of other Champion organizations, will share and promote practices that support a safe and secure Internet experience.
In two weeks, the 2020 National Cybersecurity Awareness Month (NCSAM) will begin and Between The Hacks is a Cybersecurity Awareness Month 2020 Champion. Cybersecurity Awareness Month Champion organizations, which include companies, schools, school districts, colleges and universities, nonprofits and government entities, represent those dedicated to promoting a safer, more secure and more trusted Internet according to the National Cybersecurity Alliance.
For the month of October, Between the Hacks, along with hundreds…
A breachstortion attack consists of a malicious email which claims that the sender has breached the victim’s website or company network, copied data from their databases and moved that data to an offshore server. The email then threatens to post the data publicly unless the victim pays the ransom.
Unlike sextortion, a breachstortion attack does not…
The decades old joke that “DEF CON has been cancelled”, is now a reality. Well, not cancelled as much as moved online to become a virtual conference for the first time.
On Friday May 8th, 2020, DEF CON tweeted “The #DEFCONiscanceled meme has crossed over into real life, courtesy of #COVID19. In early March we had hopes that things would be stable by August. That is no longer realistic.”
These days it seems that all news stories are related to COVID-19, and that’s also true in the infosec/cybersecurity community. Over the past month, I have read many insightful articles about COVID-19 phishing attacks and scams, and I’ve weighed in on the topic myself. While “top ten” and other lists are popular news items, I realized I hadn’t seen many lists of resources for COVID-19-themed cybersecurity incidents. So, Between the Hacks spent part of this week researching and starting to compile a compendium of pandemic-specific cybersecurity resources. The goal it to raise awareness, to share tips to prevent becoming a victim, resources to get help if you, or someone you know does become a victim, and also, some ways to help others during this global pandemic. As I learn of new resources, I’ll add them to this page.