Cybersecurity focus: Strong passwords key to privacy and data protection
Cybersecurity measures are essential for ensuring privacy and data protection in today's digital landscape and the web users, businesses and corporate entities should opt for strong and unique passwords combined with multi-factor authentication (MFA) add layers of security to their personal and official email accounts, experts say.
Executives, analysts and cybersecurity specialists said key strategies must include implementing strong encryption to safeguard sensitive information, using MFA to enhance access security, and conducting regular security audits to identify vulnerabilities.
While referring to recent reports of a "16 billion password leak" that have sparked widespread concern, experts said businesses and commercial organisations should also educate employees on phishing and social engineering threats, promoting a culture of cybersecurity awareness.
'Utilising firewalls and antivirus software helps defend against malware and unauthorised access while regular software updates and patch management are crucial to address vulnerabilities,' according to cybersecurity specialists.
Go for Strong Password
Ezzeldin Hussein, Regional Senior Director, Solution Engineering, META, SentinelOne, said a strong password is the subscriber's first barrier—don't let it be the weakest link.
'While this recent leak aggregates old data, the danger remains current. Cybercriminals don't need new breaches when billions of credentials are still valid and reused. These massive compilations fuel phishing campaigns, credential stuffing, and identity-based attacks at scale,' Hussein told BTR.
"Passwords remain the first line of defence in cybersecurity, yet weak or reused credentials continue to be the leading cause of breaches worldwide. As cyber threats grow more advanced, relying on simple passwords is no longer enough — strong authentication practices are essential to safeguarding both personal and enterprise data."
"A password is more than just a key — it's the gateway to your digital identity. Strengthen it, protect it, and complement it with multi-factor authentication. Let this be a reminder — not just on World Password Day, but every day — that cyber hygiene begins with small but critical habits: changing default passwords, avoiding reuse, using password managers, and staying alert to phishing threats."
"Ultimately, the path forward is clear: we must shift toward passwordless authentication through biometrics, passkeys, and zero-trust identity models. A secure password is the first step toward a more resilient digital future. It's not just a personal responsibility; it's a shared mission across users, enterprises, and technology providers.'
Leading media outlets and publications have spent the past few days hyperventilating over reports of a colossal data breach that exposed more than 16 billion credentials. This is considered one of the largest data breaches in history and the records are scattered across 30 different databases including some of the global tech giants such as Apple, Facebook, Google, GitHub, Telegram, and even government platforms.
'Cybercriminals now have unprecedented access to personal credentials and could exploit them for account takeovers, identity theft, and targeted phishing attacks,' according to the report.
In response to the breach, Google has urged billions of users to switch from traditional passwords to more secure passkeys while the cybersecurity experts warned about suspicious SMS links, which could be part of widespread phishing campaigns tied to the stolen data.
Verify Links, Info First
Rob T. Lee, Chief of Research at SANS Institute, advised the web users, businesses and corporate entities to verify the links and information first before taking any action.
'After consulting multiple trusted CTI contacts, we've found no evidence of a fresh 16 billion-record password dump — no raw files or verified feeds have surfaced. This claim follows Forbes' May 17 article on '19 billion stolen passwords,' which similarly lacked source attribution and clarity on whether these figures overlap.'
He said the report's cited password-manager vendor, Keeper Security, isn't named as the origin of the data and makes no reference to any breach on its own website.
'Independent of the exact breach size, enabling multi-factor authentication blocks over 90% of account-takeover attempts. Our recommendation to all organizations and end users is simple: verify before you panic and implement 2FA today.'
Update Passwords Regularly
Peter Mackenzie, Director of Incident Response and Readiness, Sophos, said it is an important reminder to everyone to take proactive steps to update passwords, use a password manager and employ multi-factor authentication to avoid credential issues in the future.
'While you'd be right to be startled at the huge volume of data exposed in this leak it's important to note that there is no new threat here, this data will have already likely have been in circulation. These data sets are an amalgamation of information. What we are understanding is the depth of information available to cyber criminals. If you are concerned about your data being involved then using a service like https://haveibeenpwned.com/ can help you to check.'
Bernard Montel, Technical Director and Security Strategist - EMEA, Tenable, said data breach is a serious matter and everyone should protect its privacy through effective cybersecurity measures.
'Firstly, this is not a new data breach. It's the result of threat actors' use of infostealer malware that has silently scraped usernames and passwords during breaches. This data has been bundled, traded, and resurfaced across underground forums. That said, it's no less concerning,' Montel told BTR.
'Periodically we see this type of database surface, demonstrating that hackers have access to our online identities. Using scripts [a small program written in a programming language — such as Python, JavaScript, or Bash - that tells a computer step-by-step to do something] threat actors can trawl this treasure trove of information looking for patterns in passwords, but also credential reuse across multiple accounts. The latter is akin to a master key as it suggests the same combination will open multiple doors.'
As far as organisations are concerned, he said it's about understanding that this is a potential risk if these records correlate with over-privileged identities. Identities are the new perimeter given that compromised identities are at the center of nearly every successful cyberattack.
"Organisations must adopt an identity-first approach, that continuously validates permissions and access to prevent identity-based attacks before they occur," Montel said.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Zawya
16 hours ago
- Zawya
ONVIF and the C2PA announce collaboration to strengthen trust in digital video
ONVIF®, the leading global standardization initiative for IP-based physical security products, has announced that it has entered into a strategic collaboration with the Coalition for Content Provenance and Authenticity (C2PA) to preserve the integrity and authenticity of digital video in the evolving fight against content manipulation. The two groups will work together to raise awareness and promote the adoption of open standards that help verify the authenticity of video content across digital video platforms. This initiative aligns the ONVIF video authentication specification with Content Credentials, the open standard published by the C2PA, which is comprised of Microsoft, Adobe, Google, Meta, BBC, and Truepic. Content Credentials enhances transparency and establishes end-to-end confidence in the authenticity of digital assets. This collaboration comes at a time when synthetic media, deepfakes, and AI-generated content are becoming increasingly indistinguishable from authentic footage. The tools that create this fake content pose a significant risk to public trust in video used for law enforcement, corporate security, and legal proceedings as well as in a wide range of digital media products. 'We are happy to welcome ONVIF as a liaison member to the C2PA,' said Andrew Jenks, Executive Chair of the C2PA. 'As the global standard for provenance, Content Credentials plays a vital role in providing transparency in digital media. The collaboration with ONVIF and the C2PA brings Content Credentials to video security – an environment where footage must reflect reality without alteration. We're excited about our work together and the impact of our global, open standards.' The video authentication specification developed by ONVIF, known as media signing, ensures that video footage is cryptographically signed at the point of capture with a digital key specific to the individual surveillance camera. The signatures are embedded in the video, enabling an authentication tool to verify whether video frames – throughout the chain of custody – have been modified or manipulated since they left the camera. This is critical for video used in court proceedings, law enforcement investigations, and corporate security incidents, where any doubts about the validity of video evidence can undermine outcomes and erode institutional trust. The C2PA's core specification, Content Credentials, is a technical standard that allows publishers, creators, and consumers to trace the lifecycle of media, beginning from production (such as which camera captured an image, whether it was edited, and when) to consumption (displaying this information on the website or platform where the content appears). Content Credentials embed cryptographically signed, tamper-evident metadata directly into images, video, audio, and documents or stored in a manifest that travels with the content, making any alteration detectable. This metadata acts like a digital 'nutrition label,' detailing the content's origin, history, and any modifications made. 'Preserving the authenticity of video has never been more important as the threats from generative AI and other means of content manipulation continue to increase exponentially, regardless of industry and use case,' said Leo Levit, Chairman, Steering Committee, ONVIF. 'The work of ONVIF to preserve video integrity and the recognition by the C2PA will help build user confidence that recorded video can be verified as genuine and untampered.' ONVIF is a leading and well-recognized industry forum driving interoperability for IP-based physical security products, with a global member base of established camera, video management system and access control companies and nearly 34,000 profile conformant products. ONVIF offers Profile S for streaming video; Profile G for video recording and storage; Profile C for physical access control; Profile A for broader access control configuration; Profile T for advanced video streaming; Profile M for metadata and events for analytics applications and Profile D for access control peripherals. ONVIF continues to work with its members to expand the number of IP interoperability solutions ONVIF conformant products can provide. Further information about ONVIF conformant products, including member companies and their conformant models, is available on the ONVIF website:
Crypto Insight
a day ago
- Crypto Insight
Crystal Intelligence shares top insights from the frontlines of the battle against crypto scams
Ensuring top-notch cybersecurity is an essential necessity for businesses to set up shop in the modern business world, and the crypto industry is no exception. Similar to their Web2 counterparts, the crypto landscape fights its own battle against the ever-increasing scams and other security risks. Straightforward scams have transformed into complex, multi-layered operations that pose significant challenges to organizations. As illicit activities become more difficult to crack, the business world dealing with cryptocurrencies is increasingly seeking advanced intelligence and analytics. Crystal Intelligence, a blockchain analytics firm, addresses this need by uncovering hidden patterns in blockchain transactions. The company provides tools that help businesses detect and prevent illicit activities, identify high-risk entities and comply with Anti-Money Laundering (AML) and Know Your Customer (KYC) regulations. By enhancing transparency and security, Crystal Intelligence aims to keep institutions ahead of evolving crypto threats. Leveraging a team of analysts fluent in many regional languages across the Middle East, North Africa and Asia-Pacific, Crystal Intelligence offers insights that are both globally comprehensive and locally precise. This regional expertise helps clients understand on-the-ground risks and regulatory frameworks, enabling them to operate in complex jurisdictions and effectively mitigate region-specific threats. In this interview, Crysta Intelligencel's lead investigator Andrii Sovershyenni and senior investigator Federico Paesano share key insights into the tricky landscape that crypto businesses must navigate and how to be better prepared against crypto scams and frauds. Cointelegraph: Can you tell us about Crystal Intelligence and its mission in the blockchain and crypto space? Federico Paesano: Crystal Intelligence helps organizations understand and manage cryptocurrency through advanced blockchain analytics and compliance solutions. Our tools allow for real-time tracking, risk assessment, and detailed analysis of crypto transactions. This makes us an essential partner for compliance professionals, regulators, and investigators in the crypto field. We also provide training programs. These programs teach clients best practices in the crypto world and equip law enforcement and private sector teams with the skills they need to trace crypto assets. CT: Crypto scams have evolved significantly over the years. What trends or types of scams have you seen rise the most recently? FP: The way criminals use cryptocurrency has changed a lot over the years. They have become more skilled and now use new technologies to avoid being caught. Let's look at the latest changes in this area and see how they have developed. In the past, scammers used simple tactics to hide their activities. They sent Bitcoin (BTC) through multiple addresses to cash out anonymously via exchanges like BTC-e. However, as regulations became stricter and investigators improved their skills, these basic methods became less effective. The rise of KYC policies and the growing cooperation between centralized exchanges and law enforcement made it much harder for bad actors to cash out without leaving a trace. In response, crypto criminals are changing their tactics. They are using more complex methods that take advantage of new products and services in the blockchain space. Swaps, token bridges and decentralized finance (DeFi) protocols have become the tools of choice for criminals seeking to cover their tracks. Scammers and thieves use these technologies to exchange tokens across different blockchains without going through centralized platforms that require identity checks or interaction with authorities. They take advantage of decentralized exchanges (DEXs) and smart contracts to move funds across multiple blockchains quickly, without the oversight that regular exchanges offer. This makes it harder to track illegal activities. Every day we work with law enforcement agencies around the world. They focus on staying updated on new developments, adjusting to changes, and using the latest tools to track and reveal hidden activities. CT: Can you walk us through a scenario where your technology helped identify or prevent a scam? FP: Acting quickly is crucial in every financial investigation. This is especially so when dealing with cryptocurrencies. The difference between stopping a scam and losing money may be mere minutes. This is where Crysta Intelligence's real-time blockchain analytics can help. Our technology tracks and analyzes crypto transactions as they occur, allowing you to spot illegal activity before it's too late. Big news! Crystal is highly commended at the 2024 Regulation Asia Awards for Best #Blockchain Analytics & Investigations Solution! 🎉 Discover how we're advancing blockchain #compliance & #frauddetection: — Crystal Intelligence (@CrystalPlatform) November 5, 2024 We can quickly label suspicious addresses and entities. Our intelligence team identifies addresses linked to crimes like theft, scams, and hacks, and categorizes them within minutes. This fast response is very important. For example, if stolen funds are sent to a cryptocurrency exchange to be cashed out or exchanged for other tokens, our advanced monitoring tools alert the exchange's compliance team as soon as the funds arrive. They can then take action against the illegal source of the funds. In some cases, this alert can help slow down the flow of stolen funds and may even stop criminals from accessing or laundering the money further. We have many cases where we have been asked to help with investigations. When criminals tried to move funds through multiple digital wallets, our expert investigators noticed unusual patterns. They traced the funds and sent out immediate warnings. Often the exchanges involved will work with us to freeze the funds, and block criminals from cashing out, allowing law enforcement to follow the trail of the stolen assets. CT: How does Crystal Intelligence help law enforcement in crypto-related investigations? Are there any notable cases where your team played a key role? FP: When law enforcement investigates crime proceeds in blockchains, several key factors can determine the success of their work. First, it is essential that the tools are easy to use. A powerful tool is not helpful if it confuses investigators with too much complexity or information. Crystal Intelligence has spent a lot of time improving its user interface to ensure even advanced features are easy to navigate. The graphs and visualizations help investigators see complex crypto transaction patterns clearly without being hard to read. This clarity is crucial in fast-paced situations where every moment matters. Second, attribution data is vital to connecting crypto addresses to individuals or organizations. Crystal Intelligence helps law enforcement establish these links by showing relationships between addresses, transactions, and known entities. This then lets investigators follow the money and contact relevant institutions or people. Compliance teams also benefit from this data, as it helps them assess risks in customer transactions and spot potential criminal activity. Finally, the reliability of the data is critical. Crystal's Intelligence Team works very hard to verify data and gather evidence for accurate attribution and risk scores. This is important as law enforcement agencies must be able to trust the data to act effectively, whether it's freezing assets or pursuing further investigations. CT: Blockchain technology is often praised for its transparency, but scams still occur. What are the challenges in identifying and preventing fraudulent transactions on the blockchain? Andrii Sovershennyi: The largest issue we face is speed. Collecting information about fraud is quite straightforward, but doing it quickly can be challenging. Blockchain payments are faster than traditional payments. With quick confirmation times, an attacker can receive payment and convert funds very quickly, leaving little time for anyone to act proactively. At Crystal Intelligence, we are constantly working to speed up how we collect and use labels in our system to help our clients. This challenge gets harder with fraud, as victims often only realize they have been defrauded much later, and they may never get their money back. That's why it is important to raise awareness about common types of fraud and support trustworthy businesses. CT: Looking ahead, what do you think the future holds for blockchain security? Are there any emerging threats on the horizon that we should be aware of? AS: Blockchain security can be very challenging. Many people, including myself, believe that keeping your own crypto instead of relying on exchanges is safer. However, it can be risky if you lose your private key or if it gets stolen. It's difficult to comment on emerging threats. But the general rule is that criminals innovate constantly. Attackers are becoming more skilled and have pulled off impressive heists against well-protected targets. Many of these attacks use social engineering, like impersonating customer service, and modern AI tools can help them create convincing fake voices, images, and videos. I think the focus on security will shift from technology to laws and regulations. Services will need to prove that they take security seriously, and there may be specific rules about how they handle custody. CT: Finally, what advice would you give to crypto investors or businesses to better protect themselves from falling victim to scams? AS: Many factors are involved when businesses want to work with cryptocurrency. To start, they should follow the recommendations in open standards like the Cryptocurrency Security Standard (CCSS). This standard offers good policies and guidance. There are also many firms that can help businesses create and apply the necessary security measures. For consumers, it's best to choose a licensed and regulated cryptocurrency exchange. Instead of just looking for the 'best cryptocurrency exchange near me', check the list of authorized firms from national financial regulators. While this doesn't guarantee safety, being regulated means these firms must follow certain rules. Additionally, you can visit the International Organisation of Security Commissions (IOSCO) to find information on investor protection. They have a list of services that warn about potential issues. Their site also has many valuable free resources for learning about investments, which can help you assess the opportunities you come across. Crystal Intelligence's website provides a wide range of resources for victims of cryptocurrency scams and helps businesses improve their security through education and awareness. Source:
Gulf Business
a day ago
- Gulf Business
Missed Messages? WhatsApp's new feature helps you catch up instantly
Image credit: Getty Images WhatsApp has announced a new feature designed to help users quickly catch up on unread conversations. The tool, called Message Summaries, leverages Meta AI to provide concise overviews of unread messages—without compromising user privacy. Whether returning from a Wi-Fi-free flight or juggling multiple chats during a busy day, users can now rely on Message Summaries to get up to speed quickly. The summaries are generated privately using Meta's Private Processing technology, which ensures that neither WhatsApp nor Meta can access message content or the summaries themselves. Read- 'No one else in the chat will know you've used the feature,' the company said in a statement. 'Your privacy is protected at all times.' Message Summaries are entirely optional and turned off by default. Users have full control over the feature, including the ability to enable it only for selected chats via the Advanced Chat Privacy settings. The feature is currently rolling out in English to users in the United States, with plans to expand to more languages and regions later this year. For those interested in how Private Processing works, Meta has published an This announcement follows Unlike traditional calls, starting a voice chat does not notify or ring other members. Instead, users can join and leave the ongoing conversation at their convenience. The voice chat remains pinned to the bottom of the group chat for easy access to call controls and participant visibility. Previously limited to large groups, the feature is now available to all group sizes. Users can start a voice chat by swiping up from the bottom of the chat window and holding for a few seconds. As with all WhatsApp communications, voice chats are protected by end-to-end encryption, ensuring privacy and security.
