Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

February 2024

Six Best Practices for Secrets Management

A secret refers to the non-human privileged credentials used by systems and applications to access services and IT resources containing highly sensitive information and privileged systems. Secrets allow applications to transmit data and request services from each other. Examples of secrets include access tokens, SSH keys, non-human privileged account credentials, cryptographic keys and API keys.

How Weak Passwords Lead to Ransomware Attacks

Weak passwords can lead to ransomware attacks because they can be easily compromised through password-cracking techniques, allowing cybercriminals to gain access to an organization’s network where they can then inject ransomware. Often, when people think of the causes of ransomware infections, their first thought is it was caused by a phishing email.

How Is Ransomware Delivered?

Some of the most common ways ransomware is delivered are through phishing emails, drive-by downloads, exploit kits and RDP exploits. According to Malwarebytes’ 2024 State of Malware report, in 2023 the number of known ransomware attacks increased by 68% from the previous year. The report also found that the largest ransom demanded in 2023 was $80 million.

Are Biometrics Safer Than Passwords?

Biometrics are technically safer than passwords because they’re harder for cybercriminals to compromise or steal. Besides being more secure, biometrics are also phishing-resistant and more convenient to use than passwords. Read on to learn more about biometrics and why they’re considered to be more secure than passwords.

Seven Types of Spoofing Attacks and How To Avoid Them

Cybercriminals often use spoofing attacks to disguise themselves as a familiar face or legitimate business to trick people into revealing sensitive information. They use a variety of techniques such as creating fake websites or emails. Some of the different types of spoofing attacks include call spoofing, email spoofing, website spoofing and IP spoofing. Continue reading to learn more about spoofing attacks, the seven common types of spoofing attacks and how to stay protected from them.

Passphrases vs Passwords: What's the Difference?

Passphrases are another way to create secure passwords. However, there are some differences between passphrases and passwords in terms of their structure, memorability and security. Passphrases tend to be longer, easier to remember and overall more secure than most user-created passwords. However, a strong, randomly generated password is equally secure as a strong passphrase. Continue reading to learn more about passphrases and passwords, the key differences between them and which is better to use.

Why Organizations Need Automated Password Rotation

Password rotation has become less necessary for personal accounts if they are protected with strong and unique passwords and MFA. Organizations do need to implement password rotation to protect privileged accounts; however, manually rotating passwords can lead to security risks such as compromised passwords. Organizations need automated password rotation to protect privileged accounts from becoming compromised by weak or compromised passwords.

Is It Safe to Text a Password?

No, it is not safe to text a password because text messages are not encrypted. This means anyone can intercept the data being sent through texts, including passwords, placing your accounts at risk of becoming compromised. Continue reading to learn more about password-sharing practices to avoid and how you can share passwords safely with friends, family and colleagues.

How To Tell if Your Social Security Number Was Stolen

You need to protect your Social Security number to prevent identity theft. Threat actors can use your Social Security number to commit fraud and leave you with lasting effects such as debt, damaged credit and financial loss. It can be difficult to tell if someone uses your Social Security number without your permission.

Passwordless Authentication vs MFA: What's the Difference?

The main difference between passwordless authentication and Multi-Factor Authentication (MFA) is that passwordless authentication completely removes the use of passwords, whereas MFA is used in conjunction with passwords. There are also differences in a user’s login experience when using passwordless authentication versus MFA, deploying each of them and their cost. Continue reading to learn more about the differences between passwordless authentication and MFA.

What To Look for in a PAM Solution

Organizations need a Privileged Access Management (PAM) solution to protect their privileged accounts from misuse and compromise. However, not all PAM solutions are created the same. Traditional on-premises PAM platforms can lack the features needed to provide a dynamic and secure solution. The key features to look for in a modern PAM solution include zero-trust security, cloud-based infrastructure, integration with native tools and easy deployment.

What Is a Passkey Manager?

A passkey manager is a tool that aids users in generating, storing and managing the passkeys they use to log in to their accounts. There are many types of passkey managers available on the market, including ones that come built into your devices, browser-based passkey managers and dedicated passkey managers that allow you to access your passkeys from anywhere. Continue reading to learn more about what passkey managers are and why you should use them to store your passkeys.

Authenticator App vs SMS Authentication: Which Is Safer?

Multi-Factor Authentication (MFA) has become a cybersecurity necessity for protecting online accounts. It ensures that only authorized users can access an account. However, when picking an MFA method, some options are more secure than others. An authenticator app is safer than SMS authentication because it generates 2FA codes locally, which prevents cybercriminals from intercepting the codes as they can with SMS.

Can Passkeys Be Shared?

Yes, passkeys can be shared when you store them in a password manager that supports them. Since passkeys are tied to the devices they’re created on, sharing them with someone who uses a different Operating System (OS) isn’t an option. However, with a dedicated password manager, users can share their passkeys with anyone, no matter what devices they use.

Types of Privileged Accounts

Organizations separate access to specific data and administrative capabilities into different types of privileged accounts in order to securely run their operations. Some types of privileged accounts include domain administrator (admin) accounts, local admin accounts, privileged user accounts and emergency accounts. If not properly managed or secured, cybercriminals can gain unauthorized access to these privileged accounts and steal an organization’s sensitive data.

How To Identify a Fake Text Message

A few ways you can identify if a text message is fake is if its context is irrelevant to you; it’s claiming to be someone you know from an unknown number; it displays a sense of urgency; it’s asking you to click on a link; and it contains spelling, grammatical errors or both. In recent years, there has been an abundance of fake text messages targeting individuals to steal their personal information – placing victims at risk of having their identity stolen and losing money.

How To Tell if Spyware Is on Your Phone and How to Remove It

While browsing the internet, you may accidentally install spyware on your phone without even knowing. Android phones are known to be more susceptible to spyware than iPhones; however, anyone who owns a smartphone needs to watch out for spyware – especially if your phone is outdated or jailbroken. Some ways you can tell if spyware is installed is if your phone’s camera and mic turn on randomly, you hear a noise during phone calls, or you see unfamiliar apps and files on your phone.

Child Identity Theft: What It Is and How To Protect Your Child

Child identity theft occurs when someone uses a minor’s personal information to get loans, open credit cards, steal benefits or secure employment– all under a child’s name. One in 50 children in the U.S. are victims of child identity theft yearly, making it crucial for parents to take steps to protect their children from identity theft. Continue reading to learn more about child identity theft and the steps you can take to protect your child.

What Can Someone Do With Your Social Security Number?

If someone steals your Social Security number, they can use it to open bank accounts under your name, steal your benefits, file your tax return and commit other types of fraud. Your Social Security number is tied to your identity in the U.S. Without it, you are unable to identify yourself to receive employment and benefits. A threat actor can use your Social Security number for malicious purposes such as stealing your benefits or committing crimes under your name.

Secure Spatial Computing With Keeper and Apple Vision Pro

The launch of the Apple Vision Pro has brought a new era to computing along with an exciting and fresh approach to how people interact with technology and the world around them. Keeper® is excited to be a part of this by providing a seamless, secure and encrypted login experience through our Apple Vision Pro-compatible app.

How Do You Use a Passkey?

To use a passkey on an online account or application, you first need to generate the passkey using your device or password manager. Once your passkey is generated, you can use it to sign in to the online account or application it’s for without having to enter a password. Continue reading to learn more about how to start using passkeys and why you should use them over passwords.

Common Amazon Scams To Avoid

Amazon provides users a convenient way to shop online, making it one of the most popular online retailers. However, its popularity has made it a prime hub for online scams. Scammers often impersonate an Amazon representative or legitimate seller to trick users into giving up their personal information. Some common Amazon scams you need to avoid are fraudulent sellers, off-platform payments, phishing messages about your Amazon account and fake Amazon job offers.

Keeper Webinar With ActualTech Media - Identity & Access Management

Keeper was invited by ActualTech Media to discuss Identity & Access Management: Keys to Success in 2024 EcoCast. Tom Cole, a solutions engineer at Keeper, dives into what makes KeeperPAM a next-gen privileged access management solution that delivers enterprise-grade password, secrets and privileged connection management in one unified platform.

Signs Your Streaming Accounts Have Been Hacked

As more people have shifted to using streaming services for shows, movies and music, keeping those accounts secure has become crucial to prevent them from being hacked. Some signs that point to your streaming account being hacked include being unable to log in to your account, unusual login attempt notifications and an upgraded account you didn’t authorize. Continue reading to learn five signs that point to your streaming account being hacked and what you should do if it is.

What Is a Password Manager?

A password manager is a tool that allows you to store and manage your personal information, such as login credentials, credit card numbers, passport and more, in an encrypted digital vault. Some password managers allow you to store passkeys too. With a password manager, the only password you have to remember is your master password, which acts as the key to enter your secure vault.

How Do Cybercriminals Spread Malware?

Cybercriminals can spread malware through phishing attacks, man-in-the-middle attacks, exploit kits and drive-by downloads. Cybercriminals typically use social engineering tactics to trick people into downloading malware or exploit security vulnerabilities to install malware without the victim knowing. Continue reading to learn more about malware, how cybercriminals spread it, how to detect if your device is infected and how to stay protected against malware.