2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
The good news is that RedDoorz appears to have used a secure hashing algorithm, bcrypt, to secure user passwords in the stolen database. Secure hashing algorithms like bcrypt make it much harder for attackers to crack user passwords but they aren’t a silver bullet. Although it makes cracking passwords much slower, simple and short passwords can still be cracked relatively quickly.
The attackers have apparently stolen RedDoorz complete database which suggests that the most likely attack methods were insecure configuration or storage of the database, or a web attack such as SQL injection. Insecure configuration or storage can often happen if developers who aren’t familiar with security best practices inadvertently expose databases, especially in cloud services.
To protect themselves, organizations must adopt a culture of security to ensure that software development processes are tightly integrated with their security operations to encompass proper security protections are in place for not only the developer’s code, but also the underlying systems and applications that it runs on.