The distribution of messages supposedly from Fast Company magazine marked one of the largest breaches ever of Apple’s content controls
By Joseph Menn
September 27, 2022 at 10:09 p.m. EDT
Hackers breached internal systems at Fast Company magazine Tuesday evening, defacing the company’s main news site and sending racist push notifications through Apple News to iPhone users.
The two-sentence push notifications were attributed to Fast Company and contained the n-word and graphic language, prompting shocked users to post screenshots on Twitter.
While breaches at media companies are not unheard of, the notification was one of the biggest violations of Apple’s “walled garden” in memory. There was nothing to indicate that user security was compromised beyond the upsetting wording.
“Fast Company’s Apple News account was hacked on Tuesday evening. Two obscene and racist push notifications were sent about a minute apart,” the magazine said by email. “The messages are vile and are not in line with the content of Fast Company. We are investigating the situation and have suspended the feed and shut down FastCompany.com until we are certain the situation has been resolved.”
n Apple spokesperson pointed to a tweet from Apple News that said: “An incredibly offensive alert was sent by Fast Company, which has been hacked. Apple News has disabled their channel.”
An incredibly offensive alert was sent by Fast Company, which has been hacked. Apple News has disabled their channel.
While the magazine’s site was defaced, an article that was labeled sponsored content gave the hackers’ description of how the break-in occurred.
That account said the group had gotten into the company’s WordPress program and found keys to functions including the Apple News programming interface.
Bank of America recently sent a customer service email warning users to watch out for this new phishing attack.
Threat actors are sending realistic texts requesting that you send money using Zelle® as payment due to a “fraud alert.” These texts make the warning look legitimate, and if you respond to the text then you’ll receive a call from a fake representative.
This person will use social engineering techniques and will trick your users into asking for you to send money to yourself through the Zelle® payment method. In reality you’ll be sending the money directly to these scammers’ pockets, and they will be able to receive your money into their account.
It was all over the news, but ZDNet’s Eileen Yu was one of the first. — “Hacker is believed to have breached Uber’s entire network in a social engineering attack, which one security vendor says is more extensive than the company’s 2016 global data breach and access logs potentially altered.”
The article continues: ” A hacker on Thursday was believed to have breached multiple internal systems, with administrative access to Uber’s cloud services including on Amazon Web Services (AWS) and Google Cloud (GCP).
“The attacker is claiming to have completely compromised Uber, showing screenshots where they’re full admin on AWS and GCP,” Sam Curry wrote in a tweet. The security engineer at Yuga Labs, who corresponded with the hacker, added: “This is a total compromise from what it looks like.”
Uber since had shut down online access to its internal communications and engineering systems, while it investigated the breach, according a report by The New York Times (NYT), which broke the news. The company’s internal messaging platform, Slack, also was taken offline.
The hacker, who claimed to be 18 years old, told NYT he had sent a text message to an Uber employee and was able to persuade the staff member to reveal a password after claiming to be a corporate information technology personnel. The social engineering hack allowed him to breach Uber’s systems, with the hacker describing the company’s security posture as weak.
With the employee’s password, the hacker was able to get into the internal VPN, said Acronis’ CISO Kevin Reed in a LinkedIn post. The hacker then gained access to the corporate network, found highly privileged credentials on network file shares, and used these to access everything, including production systems, corporate EDR (endpoint detection and response) console, and Uber’s Slack management interface.”
Quote from WIRED: “One independent security engineer described the OneLogin account access the Uber hacker seems to have had access to as “the golden ticket jackpot.”
“That’s God—they own that there’s nothing they can’t access,” the security engineer added. “It’s Disneyland. It’s a blank check at the candy shop and Christmas morning all rolled up together. But sure, customer ride data wasn’t impacted. OK.”
The theft of portions of the source code is the second cybersecurity incident LastPass suffered in nine months. The company has confirmed the breach.
Sumeet Wadhwani Asst. Editor, Spiceworks Ziff Davis Last Updated: August 30, 2022
Password management services provider LastPass suffered the theft of proprietary information after a hacker used a compromised developer account to access the company’s development environment. The incident compromised portions of the company’s source code and some proprietary technical information.
LastPass explained that the incident occurred a couple of weeks ago when the unknown hacker gained access to its systems through a breached developer account, alerting the password management company of unusual activity.
While customer data and passwords remain unaffected despite the break-in, LastPass said the hacker could steal the source code and other proprietary data, given the compromised account had access to the LastPass development environment.
The company said, “We have determined that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information.”
Avishai Avivi, CISO at SafeBreach, explained to Spiceworks how the theft of the source code could be damaging in the future. He said, “Bad actors will want source code for the same reason bank robbers will want floor plans to a bank. Being able to understand how the particular software works can potentially help the malicious actor identify its weak points and ways of gaining entry.”
“This doesn’t, however, mean that access to the bank’s floor plan, or even being able to compromise one of the bank employees, necessarily means that any money will be stolen.”
LastPass’ encrypted vaults store customer passwords that can be decrypted only using the master password. The master passwords weren’t compromised, considering LastPass doesn’t store them and are accessed through the Zero Knowledge security model described in the image below:
LastPass Zero Knowledge Security Model | Source: LastPass
“Zero knowledge means that no one has access to your master password or the data stored in your vault, except you. Not even LastPass,” the company notes on its website. Late in 2021, LastPass was suggestively victimized in a credential stuffing attack, the kind PBKDF2 hashing from the flowchart above is used to thwart.
Easy solutions for 10 common IT help desk problems.
Help desks in most organizations are extremely busy places. A wide range of issues and problems are normally sent into the help desk and the support team has to find ways of dealing with them.
Nevertheless, there are some problems that recur again and again, to the point where you may be tearing your hair out trying to help users reset their password for the umpteenth time. Or troubleshooting the same errors with their computers might make you want to drown yourself in your coffee.
“Have you tried turning it off and on again?” might not be a sufficient solution – although in many cases this does work! Many problems require in-depth troubleshooting to find the answer, and users are desperate for the help desk to assist them.
On the bright side, you may feel inspired that you know how to easily solve these common problems for your users.
10 common help desk problems and solutions
1. I forgot my password!
You go away on holiday and you forget your system password when you come back. You regret not writing your password down on a post-it-note underneath your desk. There’s nothing more frustrating than not being able to access all of your files because you forgot your password, and the answer is usually a quick email to the help desk.
It’s important to bear in mind that you might be entering your password incorrectly but this problem could be fixed.
Maybe you do remember your password, but you’ve left the CAPS lock key on while trying to enter it. This is an important troubleshooting step when the user thinks they have forgotten their password. Additionally, their password may have expired and you should ask them whether they’ve received notifications asking them to update their password.
If they really have forgotten the password and they need a new one, the help desk can send the employee a password reset link. If there are further problems, the help desk can offer more support.
2. The blue screen of death
Encountering the blue screen of death is the worst fear of any Windows user. It results in a loss of productivity and potentially the need to invest in new hardware.
The blue screen signifies that the system has crashed and often makes the user fear that the computer is irreparably broken. They have no choice but to immediately contact the help desk for assistance.
However, it’s not usually as bad as you think. You can still save a computer that is experiencing the blue screen of death. The problem is usually related to the hardware or one of the drivers, and can often be fixed by restarting the system.
It’s important to remember that the blue screen of death often includes information about the nature of the issue. Making sense of the screen’s text can often tell you whether a restart will be sufficient or you need professional help to save your computer.
3. Can’t connect a USB device
It’s common for a help desk issue to involve a computer that won’t recognize a USB drive. Maybe the user has an important file saved on their device and they want to import it onto their computer but are encountering issues. There are many reasons why the computer will fail to recognize the device, including a problem with the USB port in question.
Ask the user to check whether the device is recognized by a different port. You can also ask them to check whether the USB drive works on another machine – if it does then it’s probably an issue with the computer rather than the USB.
If it’s a problem with the device itself, then the help desk can provide assistance with looking into possible reasons and coming up with potential fixes.
4. The system is running slowly
Sometimes, users contact the help desk with the problem that their computer is taking too long to execute tasks. A slow-running computer is frustrating and severely hampers productivity.
This could be happening for a number of reasons, the most likely of which is that the user is running too many programs at once and this is making the computer slow down. The solution is to close down some of these programs to cause your computer to speed up.
Another possible reason is that the computer is running scans or updates in the background without the user’s knowledge. This plays a big factor in slowing down your computer. If possible, try to reschedule the updates for outside of work hours when they won’t have an impact on the computer’s performance.
5. I can’t print my work
Having problems with the printer is one of the most common reasons that users contact the help desk. There’s nothing more frustrating than being about to go into a big meeting and being unable to print the agenda. A troublesome printer seems impenetrable and users have no idea how to fix it.
The solution could be as simple as the printer being turned off. It’s advisable to ask users to check this first. If the printer is on, there may be problems with the configuration which will be harder to fix.
If the problem is a configuration issue, then someone from the help desk might need to go down and change the settings.
Alternatively, the solution could be that the printer paper tray is jammed, the printer has run out of paper, or the printer has run out of ink or toner. These are problems that the user could probably fix themselves, or they could ask the Operations Manager to do it for them.
6. I deleted an essential file!
Sometimes users accidentally delete important files from their computer, which is enough to make anyone tear their hair out. All that work is lost and they worry that they can’t get it back.
But it’s not the end of the world. Often, these files can be recovered from the recycle bin or the trash, but other times it may have been emptied and it’s a little more difficult to get these files back.
First check whether the user’s file is in the recycle bin. Secondly, get the user to search for the file on the system using the file name and if it’s located anywhere on your device then you should be able to find it. Meanwhile, stop using your system for any other task to reduce the risk of your data being overwritten.
If it isn’t anywhere on the system, you may be able to recover the file for the user from the server backup.
7. I forgot to save my work!
Working for hours on a document and closing it but forgetting to save your changes is one of the reasons users might be sent into a panic spiral, and quickly contact the help desk.
It should be easy enough to recover the work if the user has been using Microsoft 365. The Autorecover feature saves work automatically, and this should be enabled by default.
Microsoft Office will periodically save a version of your work in the background every ten minutes, so all you need to do is reopen the application you were using and access the file on the left-hand sidebar.
If you can’t find a saved version of your work, you can search your computer for a temporary version of your file.
8. Slow internet connection
There are many reasons why the wifi connection might be slow for users, the first of which might be their distance from the router. Another reason could be that the user has many browser windows open at the same time which will slow down their internet connection.
Fixing these problems is relatively easy. First of all, you could move closer to the router. Secondly, you could try closing down some of your windows and see if the internet speeds up.
A slow internet connection is more of a problem if there is an issue with your internet service provider. You should check to see whether anyone else is experiencing problems. If it’s a service issue, the help desk may be able to contact the company about connectivity.
9. The computer just shut down!
Another reason that users contact the help desk is having their computer shut down on them, which can be alarming and cause loss of work.
If your computer shuts down unexpectedly the most likely cause is the hardware overheating. When the device gets too hot, it shuts down to prevent further damage to the machine. Make sure you are using your computer on a cool, flat surface and that it is free of dust.
In the case that overheating isn’t the reason, the computer may be afflicted with a virus. The user should contact the help desk straight away to get help with minimizing the risk and preventing cyber attacks in the future.
10. Losing access to the wireless network
It’s frustrating when the wireless network at your office boots you out for no apparent reason. Internet connectivity is essential for many jobs today and not being able to connect majorly disrupts productivity.
If a user is having trouble connecting to the network then this could be because the router is overloaded. In many cases, the same issues that lead to slow internet can result in losing wireless signal entirely.
To check whether this is an issue with the specific device, a user could be asked to try and connect with a different device in order to troubleshoot the problem. If it’s not device specific, the help desk could contact the broadband provider for assistance.
The reasons that businesses need help desk software
To make sure your business is able to handle these typical help desk issues, you not only need a highly skilled support team but also the right help desk software. A help desk solution like Keeping will allow you to handle all your incoming requests and keep on top of user conversations.
No matter whether your users are contacting you about internet speeds or connecting a USB device, help desk software keeps all your tickets in one place in a shared inbox. You’ll never lose track of a user conversation again and be able to work out if your tickets are open, pending or closed.
In help desk software, you can track agent performance with in-built analytics that tell you how swiftly agents are responding to user issues. You can also keep track of how many tickets are coming into the help desk so you can plan your staffing accordingly.
Alongside your help desk software, you can think about creating a self-service knowledge base that will help your users to troubleshoot their own problems. Every help desk agent knows only too well how many problems could be solved by users themselves, if only they knew where to look. Think about investing in a help center that deals with common user issues, and prevent many tickets from arriving in the help desk.
In summary
Troubleshooting user issues means the help desk plays a very important role in maintaining the productivity of every team. Without the assistance of the help desk, users may not have access to the software and hardware they need to do their jobs.
As any help desk team very well knows, there are a variety of user issues that can arrive on any given day. It’s clear, however, that certain issues crop up over and over again, and that’s what we’ve tried to list here in this article.
When most problems are known to the help desk, this can accelerate the help desk’s ability to solve user issues. If they belong to typical categories, the solutions are the same every time and support knows exactly what to do to help users. Users will appreciate this outstanding customer service and are able to continue on with their day.
A password is a standard way of authenticating access to digital services and systems. It is supposed to be secret to ensure that only the account owner or those granted rights can view or modify important data. Unfortunately, there are individuals who can be lazy in safekeeping passwords, making their accounts vulnerable to hacking and other attacks.
With the following password statistics, we can see how crucial it is to elect a strong password. Furthermore, there are figures that show how important it is to have proper IT security software for organizational and personal uses.
General Cybersecurity Statistics
Internet users trust enterprises to protect their accounts. Unfortunately, there remain security holes that can lead to breaches. For example, in May 2018, a bug on Twitter stored passwords in plain text.
People can have as many as 85 passwords for all their accounts. (Cnet, 2020)
336 million users were affected by a Twitter bug that saved passwords in plain text. (SecureLink, 2021)
70% of consumers are concerned about being a target of a cyberattack. (SecureLink, 2021)
Having eight characters in a string makes for a strong password though longer logins are much better. (Cnet, 2020)
A 12-character password is 62 trillion times more difficult to crack compared to a 6-character password. (Scientific American, 2019)
But a truly strong password would be a 16-character password derived from a set of 200 characters. (Scientific American, 2019)
One-third of malware breaches are caused by password dumper malware. (Verizon, 2020)
Multi-factor authentication blocks 99.9% of all attacks. (Microsoft, 2020)
Password Breach Statistics
The latest cybercrime statistics show that 1.67% of Android malware are password Trojans. The following password breach statistics also demonstrate that there are a variety of ways that cyberattackers can access accounts or obtain passwords.
Hackers have published as many as 555 million stolen passwords on the dark web since 2017. (Cnet, 2020)
27% have tried to guess other people’s passwords. (Google, 2019)
17% have managed correct guesses. (Google, 2019)
80% of hacking incidents are caused by stolen and reused login information. (Verizon, 2020)
81% of company data breaches are caused by poor passwords. (TraceSecurity)
Hacking attacks using scripts that try to guess usernames and passwords happen every 39 seconds, globally. (WebsiteBuilder.org, 2021)
Password Management Statistics
Most Popular Passwords
Passwords should be unique to prevent unauthorized access. However, there are exact passwords or password variations that are popular.
The second most-used year in passwords is the year 1987 with almost 8.4 million variations. (Cybernews, 2021)
1991 is the third most popular year used in passwords. It has nearly 8.3 million recorded use. (Cybernews, 2021)
Of the 2.2 billion passwords analyzed, 7% contained curse words. (Cybernews, 2021)
“Ass” is used in 27 million passwords, making it the most popular curse word in passwords. (Cybernews, 2021)
“Sex” only has over 5 million uses in passwords. (Cybernews, 2021)
The “F” word is present in below 5 million passwords. (Cybernews, 2021)
“Abu” is the most used city in passwords, with 2.3 million iterations. It most likely stands for UAE’s Abu Dhabi. (Cybernews, 2021)
Password-Making Habits
People have their own habits when making passwords. But surprisingly, there are habits that span the globe when it comes to creating passwords for online services.
Around 50% of Internet users still use the same password for all their accounts. (LastPass, 2021)
Older people aged 50+ are more likely to use unique passwords for each online service. (Comparitech, 2020)
60% of people say they get lazy when creating passwords so they use the same passwords often. (MSN, 2021)
Disturbingly, 19% of adults in France use one or two passwords for all or almost all of their online accounts. (Proofpoint, 2020)
But the case is worse in Japan, as 21% of respondents from the country have the same habit or attitude in password management. (Proofpoint, 2020)
Admirably, 40% of respondents from Germany manually enter a different password for every account they have. (Proofpoint, 2020)
44% of US respondents use a password manager to take care of their accounts. (Proofpoint, 2020)
33% of respondents from Spain and Germany rotate the use of 5 to 10 passwords. (Proofpoint, 2020)
Two-thirds of people make new passwords that are similar to the ones they already have. (MSN, 2021)
35% of respondents choose convenience over security when electing a password. (SecureLink, 2021)
Common Passwords
Twenty-four percent of Americans have used the following common passwords or another form:
abc123
Password
123456
Iloveyou
111111
Qwerty
Admin
Welcome
Password Practice at Work
Work and personal accounts should be kept separate for security purposes. However, there are still a large number of people who use the same passwords for work and personal logins. On top of that, some workers and even organizations can be lax with regard to password sharing in the workplace. A few password reuse statistics also show that people can fall into the bad habit of reusing passwords across many accounts.
31% of workers use their child’s name or birthday for their passwords. (Keeper Security, 2021)
44% of workers reuse passwords across personal and work-related accounts. (TechRepublic, 2021)
14% of professionals have shared their work passwords with a partner. (TechRepublic, 2021)
11% have done the same with a family member. (TechRepublic, 2021)
34% have shared passwords with colleagues in the same group. (TechRepublic, 2021)
46% of workers said that their company disseminates login information for accounts being used by several individuals. (TechRepublic, 2021)
57% of workers write down passwords on sticky notes. (Keeper Security, 2021)
62% share passwords via SMS and email. (Keeper Security, 2021)
49% note passwords in unprotected plain-text documents. (Keeper Security, 2021)
A report shows that employees reuse passwords 13 times on average. (LastPass, 2019)
59% of companies have more than 500 passwords that do not expire. (Varonis, 2021)
Password Requirements
Online services require users to create unique and strong passwords. In the process, organizations present certain password requirements that users must meet. Apart from that, they necessitate users to change their passwords frequently.
Organizations in the finance sector require users to change passwords 7.17 times per year. However, the frequency of actual password changes is 7.33. (MobileIron & EMA, 2019)
High technology is another sector where the actual frequency of password changes is higher compared to the required frequency (7.62 times vs. 5.07 times). (MobileIron & EMA, 2019)
Professional services require password change at least 7.03 times per year but people only do it 4.6 times in a year. (MobileIron & EMA, 2019)
Changing Passwords
37% of EU respondents changed their email passwords in the last 12 months. (European Commission, 2020)
For mobile banking, 30% of EU residents made changes to their passwords in the same period. (European Commission, 2020)
Online games get the least attention for password security, with only 7% changing passwords in the past 12 months. (European Commission, 2020)
Concerningly, 31% have not changed passwords for any online service they use during the time. (European Commission, 2020)
Only 1 in 5 Americans would change their passwords even after finding out about a bug or a security incident. (SecureLink, 2021)
57% of individuals share their passwords with a significant other but only 11% change their passwords after a breakup. (Google, 2019)
34% of Americans change their passwords regularly. (Google, 2019)
78% of people had to reset their password in the last three months. Among those, 57% had to do it for work while 78% had to do it for their personal accounts. (Comparitech, 2020)
Will passwords die?
Passwords are a major security problem. Despite that, and the numerous authentication models that have been developed, they continue to be ubiquitous. A report once predicted that there would be over 300 billion passwords in use by 2020. That forecast may have come to pass. And that means there are now more than 300 billion passwords at risk.
As the password statistics above showed, even strong passwords can fail. Fortunately, there are safeguards such as multi-factor authentication. Nevertheless, even that is not completely foolproof as cyber attackers have ways to go around or intercept one-time passwords. That is why it is best to always have unique sets of characters for each online service for high security. This means to say people should not reuse passwords or use ones that can be easily guessed by others like birthdays and children’s names.
Moreover, individuals and organizations have to be on guard against cybercrime trends. While new types of cyberthreats do not surface often, various cybercrimes can be popular at any point depending on the situation. Case in point, phishing has become more common because of the COVID-19 pandemic. Thus, everyone must be on guard and take steps to improve cybersecurity.
References:
Colby, C., & Profis, S. (2020, August 6). 9 rules for strong passwords: How to create and remember your login credentials. Cnet.
Neveux, E. (2021, January 20). Consumer password habits: Concerning, not surprising. SecureLink.
Delahaye, J. (2019, April 12). The mathematics of (hacking) passwords. Scientific American.
Ponemon Institute. (2020). The 2020 state of passwords and authentication security behaviors report. Businesswire.
Google, & Harris Poll. (2019, October 6). The United States of P@ssw0rd$. Google.
Verizon. (2020, May 19). SMB data breach statistics. Verizon.
TraceSecurity. (2018, August 14). 81% of company data breaches due to poor passwords. TraceSecurity.
WebsiteBuilder.org. (2021, March 20). 30 key cybersecurity statistics to be aware of in 2021. WebsiteBuilder.org.
Weinert, A. (2020, August 3). Your Pa$$word doesn’t matter. Microsoft.
Crafford, L. (2021, January 25). 7 bad password habits to break now. LastPass.
Varonis. (2021, 1). 2021 data risk report: Financial services. Varonis.
O’Driscoll, A. (2020, August 28). 25+ password statistics that may change your password habits. Comparitech.
Meyer, B. (2021, April 9). Most common passwords: Latest 2021 statistics. Cybernews.
Proofpoint. (2020, January). State of the Phish 2020. Proofpoint.
The Wake Up. (2021, April 10). Your habits on passwords. MSN.
Whitney, L. (2021, April 6). How poor password habits put your organization at risk. TechRepublic.
Jenny Chang is a senior writer specializing in SaaS and B2B software solutions. Her decision to focus on these two industries was spurred by their explosive growth in the last decade, much of it she attributes to the emergence of disruptive technologies and the quick adoption by businesses that were quick to recognize their values to their organizations. She has covered all the major developments in SaaS and B2B software solutions, from the introduction of massive ERPs to small business platforms to help startups on their way to success.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok
Catherine Heath, Guest Contributor 
By Jenny Chang
