Latest news with #DarrenGuccione
NDTV
a day ago
- NDTV
16 Billion Logins Stolen In Mega Data Breach Threatening Apple, Google And More
In one of the largest data breaches in history, cybersecurity researchers have confirmed the leak of 16 billion login credentials, including passwords. The information leak can open the door to "pretty much any online service imaginable, from Apple, Facebook, and Google, to GitHub, Telegram, and various government services", according to a report in Forbes. The development comes in the backdrop of multiple reports highlighting the presence of a "mysterious database" containing 184 million records -- sitting unprotected on a web server. The latest research suggests that it may have been just the tip of the iceberg. As per the outlet, the researchers have uncovered 30 datasets, with each of them containing up to 3.5 billion records. The information, which includes social media and VPN logins as well as corporate and developer platforms, is contained in datasets that have been found since the start of 2025. "This is not just a leak - it's a blueprint for mass exploitation. These aren't just old breaches being recycled. This is fresh, weaponisable intelligence at scale," said the researchers. Researchers suggest that credential leaks at this scale can be exploited for phishing campaigns, account takeovers and business email compromise (BEC) attacks. "The fact that the credentials in question are of high value for widely used services carries with it far-reaching implications," said Darren Guccione, the CEO and co-founder of Keeper Security. Dump passwords: Google Such data breaches are of the reasons why Google has been advising its users to upgrade their Gmail account's security by moving on from older sign-in methods like passwords and two-factor authentication (2FA). The tech giant is pushing for users to upgrade accounts to passkeys as well as social sign-ins for better control over their accounts. "It's important to use tools that automatically secure your account and protect you from scams," the California-based company said. Passkeys is a login system that replaces passwords with biometric authentication via a trusted device like a smartphone. Google views passkeys as "phishing resistant", which can help users log in simply with the method they use to unlock their devices, which can include fingerprint recognition, facial scan, or the pattern lock.
Yahoo
29-05-2025
- Business
- Yahoo
The simple security setting everyone should switch on to avoid being hacked
Online hacking, cyberattacks and fraud are booming, with research from Britain's National Cyber Security Centre (NCSC) suggesting that 80% of fraud is now 'cyber-enabled'. But what can you do yourself to protect your devices and accounts from attacks? The protections on online accounts such as email and social media are often the only thing standing between people and a dangerous cyber attack – and these are often too weak to be effective Analysis by the NCSC of passwords leaked in previous data breaches (when criminals leak data online) found that 232 million accounts had used the password '123456', while the password 'Chelsea' was used 216,677 times and 'Liverpool' 280,723 times. The National Fraud Intelligence Bureau (NFIB) said that there was a 46% increase in offences referred by Action Fraud for the year ending 2024, due to rises in social media and email hacking offences and virus and hacking offences. So how can you stay safe from hackers? Setting up two-factor authentication, or 2FA – also known as multi-factor authentication, or MFA – on your accounts is an important first step, explains Darren Guccione, CEO and co-founder at Keeper Security. The UK's NCSC advises all individuals to use 2FA, particularly on important accounts such as banking and email. Indeed, research by Microsoft suggests that using 2FA can block 99.9% of 'account compromise' attacks where criminals steal passwords. Two-factor authentication is where you secure your account with another layer, such as having to receive a code via text message. This is significantly more secure than relying on a password alone, as it means that (for example) if your password is leaked, or someone guesses it, they still can't access your account. "2FA works by providing a critical second layer of security before someone can access an account," says Guccione. "This can be done through an authenticator app, SMS message, hardware security key or biometric verification (using facial scans, eye scans or fingerprints). These factors are often time-sensitive, losing validity after a set amount of time to ensure that they cannot be reused. "By reducing reliance on passwords alone, 2FA helps protect against phishing and other common cyber threats, making it a simple yet powerful tool for enhancing online security." Platforms such as email and social media will always offer an option to set up 2FA on accounts – look for it under Settings, Security or Privacy, says Guccione. It can work via either email, SMS or a dedicated app, so pick an option that will be easily accessible when you need to log in. 'Users may register their phone number or email address, which will receive an 2FA code when login is attempted, or link their account to an authenticator app to generate a code," he says. This means that users will receive a text or email to check who they are, or alternatively an alert where they may have to enter a code. This locks out attackers who may have access to someone's email, and thus deters many automated or mass attacks. It is much harder for cybercriminals to get into accounts protected with 2FA, Guccione explains, but not all 2FA methods are 100% secure. Text message codes are weaker than other protection methods, as criminals can sometimes intercept codes or create a SIM card with the same number by fooling phone network employees. "While 2FA offers an important layer of protection against credential theft and breaches, not all 2FA methods are equally secure – SMS-based codes can be intercepted by bad actors, so authentication apps offer stronger protection," says Guccione. It's still worth ensuring that all passwords are strong, secure and unique – particularly for your email account, as criminals can use this to reset other passwords. Guccione advises using a password manager app to store passwords, which makes it easier to use unique passwords for each account. And even if you use 2FA, stay alert, Guccione advises. "2FA alerts on a smartphone can serve as a critical warning sign that your account's credentials have been compromised, providing an opportunity to update your password before the account is breached." While some organisations like Google are moving to make 2FA mandatory across all accounts for services such as Gmail, many lag behind. Just 40% of British businesses had applied mandatory two-factor authentication, according to the latest NCSC Cyber Breaches Survey, published April 2025.
Voice of America
19-02-2025
- Voice of America
Tech Tip: How to Block Location Tracking on your Phone
Smartphones have become valuable tools for helping to organize our lives. However, the devices can also capture personal data and location information that users might want to keep private. Here are some tips, suggested by the Associated Press (AP), to help smartphone users limit the collection of private data on personal devices. How does a smartphone track your location? All a user has to do is open a phone's map tool to search for a restaurant or other business to activate data tracking. Similarly, someone choosing to look up the price of a product online can unknowingly permit the smartphone to track the user's location and share data with others. Darren Guccione is the chief executive of U.S.-based internet security company Keeper Security. He told the AP that many apps, 'from fitness tracking to navigation,' can record data signals that show a user's movements, both physical and digital. Guccione's advice to users is to 'turn on location tracking only when necessary, such as during navigation, emergencies or sharing updates with trusted contacts…' He adds that after this kind of necessary tracking is complete, users should immediately turn off location tracking. Identify your app permissions One step to limit smartphone tracking is to identify and change app permission settings. To do this, iPhone users can first go to the device's Privacy & Security settings. Then go to Location Services to check settings for individual apps. Internet security experts say it is not a good idea to let apps always use your location in the background. Instead, get the app to either ask first before using your location, or use it only when the app is open. A user can also choose the setting that never lets an app track location. The process works a little differently for Android phones because manufacturers have different versions. In general, Android users should go to settings. Then go to Location to turn the setting on or off for all apps. Ad trackers To avoid being tracked by advertising systems, privacy experts suggest that users block advertising identifiers on Android or Apple devices. This can stop third parties from tracking ads to target users. To do this, iPhone users can go to the Privacy setting, then find Apple Advertising. Then turn off Personalized Ads. On newer Android phones, users should go to the Privacy setting, then to Ads, and choose Delete Advertising ID. Check your Google account Along with app permissions for your device, security experts say it is a good idea to look closely at your Google account to make sure it is not tracking you. To find this out, go to and find Data & Privacy. Users can find Location History controls there. Under recent changes, the history will be removed after three months although users can change that setting as well. How to use web browsers Popular web browsers for smartphones – like Safari or Chrome – could also give away location information. Try using one that does not store your data. Such browsers include DuckDuckGo, Firefox Focus or Ecosia. If a privacy-protected browser needs to identify your location through an IP address, it will ask first before doing so. These kinds of browsers will also let users easily remove internet cookies and other web browsing data. Find my device Phones or tablets can also be tracked with Apple's Find My or Google's Find My Device services designed to recover lost devices. Users can turn this tool off if they think someone was able to take control of their Apple or Google account and is using it for tracking. Block the signal Some cybersecurity websites advise using a smartphone's Airplane Mode to block tracking operations. But some experts say this does not always turn off all tracking signals. Users should not depend on this setting alone to block data collection. A better tool in many situations would be a signal-blocking Faraday bag. These block all wireless signals to the smartphone. Experts suggest testing the bag to make sure data is actually being blocked. While such bags can be helpful, devices kept inside the containers cannot be used. I'm Bryan Lynn. The Associated Press reported this story. Bryan Lynn adapted the report for VOA Learning English. _____________________________________________________ Words in This Story location – n. a place where someone goes or something happens track – v. to follow the movements of something navigation – n. a method to find the right direction to travel in by using maps or other equipment digital – adj. any kind of information that is changed from electrical or physical to a form that is used by computers cookie – n. small data files that are stored on an internet user's computer as they browse different websites. tablet – n. a small computer that uses a touch screen bag – n. a container made of paper, plastic, etc. that is used for carrying things
Associated Press
18-02-2025
- Business
- Associated Press
Keeper Security Launches Upgraded KeeperPAM, Redefining Privileged Access Management with Zero-Trust Security
KeeperPAM empowers orgs to stay ahead of evolving cyber threats by providing a robust zero-trust framework for managing privileged access and mitigating risks 'With KeeperPAM, we are empowering organisations to embrace resilient security strategies such as zero standing privilege .' — Darren Guccione, CEO and Co-founder of Keeper Security LONDON, UNITED KINGDOM, February 18, 2025 / / -- Keeper Security, the leading provider of zero-trust and zero-knowledge cybersecurity software protecting passwords, passkeys, privileged access, secrets and remote connections, introduces the next generation of its Privileged Access Management (PAM) platform, KeeperPAM®. The latest update introduces a fully cloud-native solution that seamlessly integrates all privileged access management processes into Keeper's encrypted vault. This unified approach ensures maximum security, simplicity and scalability, enabling organisations to manage privileged credentials and secrets securely within a single platform. With privileged accounts being a primary target for cybercriminals, implementing a robust PAM solution is essential. In fact, 80% of organisations that have adopted PAM solutions report a significant reduction in cyber attack success related to credential theft and misuse. KeeperPAM builds on this approach, integrating a zero-trust security framework that ensures only verified, authorised users gain access to critical infrastructure while its zero-knowledge architecture ensures complete data protection. Revolutionising privileged access security, KeeperPAM provides advanced automation and real-time monitoring, ensuring that every access request is dynamically verified, credentials are securely vaulted and privileged sessions are closely tracked. This end-to-end solution minimises the risk of unauthorised access, streamlines compliance efforts and empowers businesses to stay ahead of emerging threats, whether managing hybrid cloud or on-premises environments. Key Features of KeeperPAM - Zero-Trust Authentication: Every access request is dynamically verified, ensuring only trusted users can interact with sensitive systems. - Secure Vaulting: Sensitive credentials are securely stored in Keeper's encrypted vault, ensuring that passwords, passkeys and secrets are always protected. - Automated Password Rotation: Passwords for privileged accounts are automatically rotated, eliminating the risk of credential theft and misuse of standing credentials. - Secure Remote Access: Establish agentless zero-trust remote connections to targets within your infrastructure and web-based assets, directly from the Keeper Vault. - Privileged Session Monitoring: Real-time monitoring of privileged sessions helps prevent unauthorised actions and provides a clear audit trail. - Granular Access Control: Organisations can define specific policies for privileged accounts, enabling the least-privilege access model to reduce exposure to unnecessary risk. These features enable organisations to protect critical systems and maintain compliance with industry standards and regulations. By automating manual processes and simplifying audit reporting, KeeperPAM boosts operational efficiency. For industries with stringent compliance requirements, such as healthcare and finance, KeeperPAM supports and streamlines adherence to regulations like the Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry Data Security Standard (PCI-DSS), reducing the administrative burden of audit tracking and access management. KeeperPAM's dynamic authentication and session monitoring allow organisations to detect anomalous access patterns and respond quickly to both internal and external threats. With a flexible, scalable architecture, businesses can extend robust security controls to third-party vendors, remote employees and contractors without disrupting workflows. As cyber threats evolve, proactive protection of sensitive data becomes essential. KeeperPAM helps enterprises reduce the risk of unauthorised access, comply with industry regulations and stay ahead of emerging cyber threats. 'Security isn't just about reacting to threats; it's about anticipating them and creating layers of defense,' said Craig Lurey, CTO and Co-founder, Keeper Security. 'With KeeperPAM, we are helping organisations stay ahead of the curve by providing a solution that integrates seamlessly into their existing security architecture and elevates their ability to mitigate threats before they lead to breaches.' A New Era of Privileged Access Security As organisations continue to transition to hybrid cloud environments, securing privileged accounts has never been more critical. Recent high-profile breaches have demonstrated the devastating consequences of compromised privileged access, with attackers using these accounts to infiltrate networks and steal sensitive data. KeeperPAM addresses this challenge head-on by incorporating a zero-trust approach to validate every access request, ensuring that only those with explicit authorisation can access critical systems. 'Privileged accounts are one of the most common attack vectors for cybercriminals today and traditional security models are inadequate at protecting against modern adversaries,' said Darren Guccione, CEO and Co-founder, Keeper Security. 'With KeeperPAM, we are empowering organisations to embrace resilient security strategies such as zero standing privilege - to efficiently implement rigorous controls which minimise the attack surface and mitigate internal and external threats.' Strengthening Organisational Security in an Evolving Threat Landscape With cyber attacks becoming increasingly sophisticated, organisations are no longer able to rely on outdated security measures and legacy systems. KeeperPAM was developed with these modern threats in mind, offering robust protection for privileged accounts without sacrificing user experience. Whether securing on-premises systems or cloud-based infrastructure, KeeperPAM enables organisations to implement a comprehensive access control policy that adapts to their unique needs and risk profiles. KeeperPAM is fully compliant with a broad range of industry standards and regulations, including FedRAMP and StateRAMP Authorisation, SOC 2 Type II attestation, FIPS 140-3 validated and ISO 27001, 27017 and 27018 certifications. These benchmarks ensure that Keeper's solutions meet the highest standards of data protection, privacy and security, providing organisations with assurance that their privileged access management solution is backed by industry-leading security standards. For more information about KeeperPAM and how it can help your organisation strengthen privileged access security, visit About Keeper Security Keeper Security is transforming cybersecurity for millions of individuals and thousands of organisations globally. Built with end-to-end encryption, Keeper's intuitive cybersecurity platform is trusted by Fortune 100 companies to protect every user, on every device, in every location. Our patented zero-trust and zero-knowledge privileged access management solution unifies enterprise password, secrets and connections management with zero-trust network access and remote browser isolation. By combining these critical identity and access management components into a single cloud-based solution, Keeper delivers unparalleled visibility, security and control while ensuring compliance and audit requirements are met. Learn how Keeper can defend your organization against today's cyber threats at Charley Nash
Yahoo
12-02-2025
- Yahoo
Keeper Security Champions Cybersecurity in Education on Digital Learning Day
Amid a rise in cyber attacks targeting schools, Keeper® empowers educators with advanced tools and actionable strategies to protect students and their digital learning environments CHICAGO, Feb. 12, 2025 /PRNewswire/ -- This Digital Learning Day, Keeper Security, the leading cybersecurity provider of zero-trust and zero-knowledge Privileged Access Management (PAM) software protecting passwords, passkeys, privileged accounts, secrets and remote connections, is calling for urgent action to address cybersecurity threats to education. In the wake of high-profile breaches like the recent PowerSchool breach – which compromised Social Security numbers, grades and attendance records of thousands – administrators, educators and families face the collective challenge of protecting students and staff from the growing risks of cyber attacks. According to Keeper's report, Cybersecurity in Schools: Safeguarding Students in the Digital Era, 74% of parents express confidence in their child's school's cybersecurity measures, however only 21% report receiving any guidance on secure password management. Despite the critical importance of secure passwords, only 9% of schools offer access to password managers, leaving students and staff vulnerable to cyber threats. Furthermore, only 14% of schools mandate security awareness training, and a mere 13% offer it as an option, leaving most students ill-equipped to handle online threats. As classrooms continue to become more connected through digital learning platforms and administrative tools, the risk of cyber attacks continues to grow. Many schools lack dedicated IT resources with the dual challenge of aging infrastructure and limited budgets. These constraints, combined with the vast amounts of sensitive student and staff data stored in school systems, have made educational institutions an attractive target for cybercriminals. 66% of higher education institutions reported ransomware attacks in 2024, emphasizing the scale of this growing threat. "Cybersecurity isn't just a technical issue – it's a fundamental part of ensuring student safety and the protection of their sensitive personal information," said Darren Guccione, CEO and Co-founder of Keeper Security. "Educational institutions must prioritize cybersecurity to create safe digital environments where students can thrive without fear of interruptions to their learning or breaches that can impact their lives for years to come." From Risk to Resilience: Flex Your Cyber Keeper and its partners are addressing this growing threat through its Flex Your Cyber initiative, a public service program designed to provide school administrators with essential cybersecurity knowledge and critical resources, along with age-appropriate content for families, educators and students alike. With resources ranging from engaging lesson plans to enterprise-grade tools, the initiative supported by the National Cybersecurity Alliance, KnowBe4, and Williams Racing aims to arm the education sector with the knowledge and technology needed to defend against evolving threats. Research shows that 70% of ransomware attacks against higher education resulted in data encryption, highlighting the severe operational impact of these incidents. "Digital Learning Day is about celebrating innovation in education," said Guccione. "But as we embrace technology, we must also ensure its responsible use. Flex Your Cyber provides the tools and strategies the education sector needs to help protect their communities and maintain trust in their digital systems." Proven Strategies to Strengthen School Security Keeper encourages schools and universities to adopt actionable measures to secure their digital learning environments and reduce exposure to risks: Enforce the use of strong, unique passwords and implement a password manager Utilize a PAM solution like KeeperPAM® to secure sensitive systems, data and assets Back up critical data and regularly test your backups Require Multi-Factor Authentication (MFA) for all logins Implement regular cybersecurity training and phishing awareness Actively monitor network and devices for suspicious activity Develop and practice a cyber incident response plan Identify and fix known security flaws, prioritizing those that malicious actors are actively exploiting Minimize exposure to common attacks by ensuring internet-connected devices are up-to-date A Shared Commitment to a Secure Digital Future Digital Learning Day is a celebration of technology's power to transform education, but it also serves as a call to action for the education system to protect students and staff in an increasingly digital world. By taking proactive measures and leveraging tools like those provided by Keeper Security, schools can create a safer, more resilient digital infrastructure. Keeper remains dedicated to supporting educators and administrators in this mission, ensuring that digital learning environments are not only innovative but also secure. To learn more about how Keeper Security's FedRAMP and StateRAMP Authorized cybersecurity solutions are protecting schools from cyber threats, visit or explore the vast Flex Your Cyber resources at About Keeper Security Keeper Security is transforming cybersecurity for millions of individuals and thousands of organizations globally. Built with end-to-end encryption, Keeper's intuitive cybersecurity platform is trusted by Fortune 100 companies to protect every user, on every device, in every location. Our patented zero-trust and zero-knowledge privileged access management solution unifies enterprise password, secrets and connections management with zero-trust network access and remote browser isolation. By combining these critical identity and access management components into a single cloud-based solution, Keeper delivers unparalleled visibility, security and control while ensuring compliance and audit requirements are met. Learn how Keeper can defend your organization against today's cyber threats at Learn more: Keeper: Facebook Instagram LinkedIn X YouTube TikTok Media ContactKatherine BenfieldICR for Keeper SecurityKeeperSecurity@ View original content to download multimedia: SOURCE Keeper Security
