The Worst Passwords of 2015

People are still not realizing the importance of creating secure and complex passwords. TeamsID, a company that offers secure password management solutions, released its list of the worst, most-used passwords in 2015.

[Congresswoman Jackson Lee, ICMCP on Need for Diversity in Cybersecurity]

How does TeamsID collect this data? According to the company’s blog post, they perform a search of public posts or “dumps” of plain text (versus encrypted text) posted on a large selection of Websites. They searched through over 2 million passwords. Most of these discovered passwords are from hacks and security breaches of actual people’s accounts. The company has been creating a list of worst passwords since 2011.

These weak, commonly-used passwords are important to know. They are quite easy for hackers to comprise and using them puts your data and any app or service you sign into online, at risk.

Without further ado, the worst passwords last year were:

Rank:   Password:

1           123456

2          password

3          12345678

4          qwerty

5          12345

6          123456789

7          football

8          1234

9          1234567

10        baseball

11         welcome

12         1234567890

13         abc123

14        111111

15         1qaz2wsx

16        dragon

17         master

18        monkey

19        letmein

20        login

21         princess

22        qwertyuiop

23        solo

24        passw0rd

25        starwars

If you are using any of these passwords, change them….now! Using password managers such as Dashlane or TeamsID’s SplashID product for consumers, are great ways to manage the many passwords that are required for online activity. TeamsID also recommends using different passwords for different sites and apps—a task that is made easier with password management software.

Be sure to check the February edition of Black Enterprise magazine for more tips on how to create strong passwords.

Study: Small Business Owners Unaware Of Credit Card Liability Changes

(Image: File)

There may be serious consequences for small business owners if they don’t follow new credit card liability rules that take effect this fall for credit cards. These new rules will take effect in October and specify that businesses that do not upgrade to credit card equipment that can read, EMV chip-enabled cards will be liable for fraud and security breaches. Yet, a Wells Fargo/Gallup Small Business Index survey found that only 32% of owners are aware of the pending changes.

[Related: Sam’s Club Offers New EMV Card]

According to Wells Fargo, among business owners who report accepting point-of-sale card payments, only 31% say that their existing credit card processing system accepts chip-enabled cards. When asked if they plan to upgrade their point-of-sale credit card terminals to accept EMV chip cards, just 29% of business owners said they intend to make the change before the Oct. 1 deadline. Another 34% of business owners reported they will do so at some point in the future after October, and 21% say they never plan to upgrade.

To meet the Oct. 1 deadline, financial institutions are issuing EMV chip credit and debit cards, designed to protect against fraudulent transactions by encoding cardholder information within an encrypted microchip and data that changes with each transaction. Several retailers are converting to new card readers or adding EMV capability to their existing magnetic stripe card reader payment terminals.

“While our industry has made great progress in the last year informing and preparing small business owners for the EMV liability shift, the survey findings show us that we have more work to do,” said Debra Rossi, head of Wells Fargo Merchant Services, in a statement. “At Wells Fargo we continue to focus on providing business owners the support they need to get ready—from reaching out to business owners who are directly impacted to offering a wide array of resources that help business owners understand EMV, its benefits and the impact of the upcoming liability shift.”

Related Story: The Benefits of a Payment Services Account

In the survey, cost was among the top reasons business owners cited for not planning to swap their terminals before October. About 46% revealed that they did not want to pay for the costs associated with upgrading. What’s more, 46% are not at all concerned about the liability shift in the case of fraud.

Business owners are divided about whether the liability shift will reduce fraud for businesses, the main objective of EMV chip-enabled cards. The survey revealed that 42% feel it will improve protection from fraud, and 42% feel it will not improve protection from fraud.

Wells Fargo has pursued a series of actions to build awareness, prepare small businesses for the EMV liability shift, and encourage business owners to adopt EMV chip-card technology, including providing EMV-capable equipment to customers since 2012. In addition, all new and re-issued Wells Fargo Business Credit Cards and Business Elite Cards provided to customers are chip-enabled.

Wells Fargo also is offering business owners a number of resources, including dedicated expanded support through its customer contact center and useful tips online about the process and benefits of accepting EMV chip card payments and the importance of EMV chip cards and reducing fraud.

Federal Employees May Be At Risk For Identity Theft

The Social Security numbers of every current, former and retired federal employee was allegedly hacked, asserts The American Federation of Government Employees in regards to a December data breach of the Office of Personnel Management (OPM). The breach was possibly carried out by the Chinese government.

This accusation was made by AFGE president J. David Cox to OPM director Katherine Archuletta in a strongly worded letter obtained by The Associated Press.

“We believe that Social Security numbers were not encrypted, a cybersecurity failure that is absolutely indefensible and outrageous,” Cox said in the letter. He called the occurrence “an abysmal failure on the part of the agency to guard data that has been entrusted to it by the federal workforce.”

On Monday, the OPM released a statement explaining that in April 2015, the agency became aware of an incident affecting its information technology systems that may have compromised the personal information of current and former Federal employees. For security reasons, the OPM says they will not discuss the specifics of what types of data was targeted in the breach. Why the extent of damage from this particular infiltration was not made public sooner has not been addressed by Archuletta or The White House.

The AFGE believes that the OPM’s central personnel data file, which contains up to 780 separate pieces of information about an employee, was the target of the theft. This file contains the records of non-military, non-intelligence executive branch employees, which covers most federal civilian employees but not, for example, members of Congress and their staffs. It includes data about military records and veterans’ status information, address, birth date, job and pay history, health insurance, life insurance and pension information; along with age, gender and race data, explains Cox. This will significantly affect blacks working in Federal government as more than 17% of the federal workforce is African American.

Though OPM denies this, data containing background investigations of employees and contractors applying for security clearances may have also been targeted.

Since the incident was identified, OPM claims that it immediately implemented additional security measures to protect the sensitive information it manages. OPM also partnered with the U.S. Department of Homeland Security’s U.S. Computer Emergency Readiness Team, and the Federal Bureau of Investigation to determine the impact to Federal personnel.

Beginning June 8, the agency started sending emails and letters via the U.S. Postal Service to approximately 4 million individuals whose Personally Identifiable Information was potentially compromised in this incident. The email will come from opmcio@csid.com and it will contain information regarding credit monitoring and identity theft protection services being provided to those employees impacted by the data breach. Notifications will end June 19.

Additionally, OPM is offering affected individuals a free, 18-month membership with CSID, a company that specializes in identity theft protection and fraud resolution in order to mitigate the risk of fraud and identity theft.

The comprehensive service includes immediate credit report access, credit monitoring, identity theft insurance and recovery services.

Visit the company’s website, www.csid.com/opm or call toll-free 844-777-2743 (International callers: call collect 512-327-0705) for more information.

Cyber Risks a Growing Concern for Businesses

Cyber risks was a growing area of concern among the top American businesses of all sizes and industries, according to a new study.

[Related: Is Your Small Business Protected from Cyber Attacks?]

The second annual Travelers Business Risk Index, which polled more than 1,200 business decision makers at companies of varying sizes, found that cyber risks were the second-biggest concerns for all businesses—behind only the inflation of medical costs and a significant worry for 58% of businesses, up from 53% in 2014.

Businesses are most concerned with malicious or criminal attacks on their websites and data—55%—but also expressed concerns over human error (24%) and system glitches (21%)

According to a release, small businesses are often the targets of hackers, with 1 in 5 small businesses (those defined as having less than 250 employees) attacked by hackers. But this group is also the least likely to worry about cyber-related attacks—45% versus 70% of large companies and 60% of midsize companies.

Some other key findings from the study:

 

  • 57% of businesses worry their computer systems will be infected with a virus
  • 50% worry their systems will be hacked
  • 51% worry about having their computers damaged or crashing
  • 59% of large businesses worry about employees putin information or systems at risk through unsafe computing practices or using personal devices for business
  • 33% of businesses have a cyber data breach response plan
  • 39% say they have employee data protection or education practices in place

Cybercrime is expected to become an even costlier problem for businesses—projected to set them back collectively more than $2 trillion in 2019. It’s also one reason why the Department of Homeland Security recently announced it would open up an office in Silicon Valley.

But with more transactions taking place online and with more consumer data being collected by companies big and small, the adage is becoming it’s not a matter of if one’s business is attacked, it’s a matter of when. And consumers and businesses could be spending more time recovering in the aftermath of those breaches, with the businesses potentially losing the trust of customers and being shut down.

[REPORT] Obama’s Unclassified Emails Read by Russian Hackers

Emails sent and received by President Barack Obama were accessed by Russian hackers last year during a security breach of the White House’s unclassified computer system, according to a new report from the New York Times.

[Related: Killer Mike Joins Laverne Cox, Russell Wilson and More At White House Correspondents’ Dinner]

The revelation comes months after the administration acknowledged a hack but initially did not disclose what entity had been behind it.

The hackers apparently did not access servers that control the flow of emails that go to and from the president’s BlackBerry, or a system called Jwics (Joint Worldwide Intelligence Communications System), which contains top-secret and “secret compartmentalized information” shared among government officials cleared to access it, the report says.

Many senior White House officials have two computers in their offices, with one being devoted to highly secure and classified network and another that allows communication with the outside world for unclassified communications. The unclassified system is said to regularly contain material that are still considered highly sensitive, such as schedules, email with ambassadors and diplomats, information on personnel moves, and discussions on legislation and policy.

According to the report, officials did not reveal how many of the president’s emails had been retrieved by the hackers or if they contained sensitive material, but said that his email account itself had not been hacked, and that classified briefings—given orally, on paper or through a secured iPad system—were also not accessed.

The Times also reports that discussions have been ongoing inside the White House about how to protect Obama’s electronic presence and whether or not it can be breached. This recent news has apparently been known for months, but was only recently revealed.

It also comes months after a major hack of emails sent and received by Sony Pictures’ executives—including some offensive missives written about President Obama—was later blamed on North Korea by the U.S. government.

Banking Malware Discovered on Google Play

Mobile banking apps are convenient and generally safe, but they can sometimes put you at risk for a security breach.

Mobile security company Lookout recently announced that a banking app that steals user logins had somehow wormed its way into the Google Play store.

Called BankMirage, the malware clones a bank’s original app and then uploads it the Google Play store. The unfortunate target of this malware was Mizrahi Bank, an Israeli financial institution.

Upon opening the app, customers were asked for their login information. During that time, the malware would copy the customer’s user ID. After entering login information, an error message would appear with a notice that the login was not correct. Customers were then prompted to install the app from Google Play.

Lookout says the malware only copies the user ID. The malware has since been removed.

Says Lookout in a statement, “Unfortunately, with an app that sneaks into the Google Play store, it’s hard to use traditional means to protect yourself. You can, however, go on some instincts. For example, if you see a duplicate of the app you’re trying to download, one might not be legitimate. You can otherwise keep yourself safe by installing an app-scanning security solution on your phone, such as Lookout.”

Banking Malware Discovered on Google Play

Mobile banking apps are convenient and generally safe, but they can sometimes put you at risk for a security breach.

Mobile security company Lookout recently announced that a banking app that steals user logins had somehow wormed its way into the Google Play store.

Called BankMirage, the malware clones a bank’s original app and then uploads it the Google Play store. The unfortunate target of this malware was Mizrahi Bank, an Israeli financial institution.

Upon opening the app, customers were asked for their login information. During that time, the malware would copy the customer’s user ID. After entering login information, an error message would appear with a notice that the login was not correct. Customers were then prompted to install the app from Google Play.

Lookout says the malware only copies the user ID. The malware has since been removed.

Says Lookout in a statement, “Unfortunately, with an app that sneaks into the Google Play store, it’s hard to use traditional means to protect yourself. You can, however, go on some instincts. For example, if you see a duplicate of the app you’re trying to download, one might not be legitimate. You can otherwise keep yourself safe by installing an app-scanning security solution on your phone, such as Lookout.”

First Lady Michelle Obama’s Financial Info Revealed in Hacking Incident

In an alarming breach of security, First Lady Michelle Obama is the latest hacking victim.

A website has disclosed important detailed financial information about celebrities like Jay-Z, Beyonce, Britney Spears and Kim Kardashian. Taking the hack a step further the website also revealed information about FLOTUS.

The website posted Michelle’s credit report including her social security number, contact numbers, banking information and credit card details. When clicking on Michelle’s name the message, “Blame your husband, we still love you, Michelle,” is revealed.

The website has also revealed information on Vice President Joe Biden and Al Gore.

Read more at TMZ.com.