Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

7/17/2018
12:30 PM
50%
50%

Nearly Half of Security Pros Reuse Passwords

Survey exposes poor security practices by the people who should know better.

One of the biggest no-no's in password best practices: using the same password across multiple online accounts. But some 45% of information security professionals say that's exactly what they do, according to new data.

In the survey of 306 security pros by Lastline at Infosecurity Europe, some 20% of respondents also say they have used open, unsecure Wi-Fi.

"The fact that elements of the security community are not listening to their own advice around security best practices and setting a good example is somewhat worrying," said Andy Norton, director of threat intelligence at Lastline.

In another interesting stat, 92% say they have used cryptocurrency to buy gift cards.
 
Read more here
 

 

 

 

Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
JeffM19001
100%
0%
JeffM19001,
User Rank: Apprentice
7/18/2018 | 9:51:17 AM
Of course
Yes, I re use passwords. And so does anyone else with any sense. My Dark Reading login has very little value, so I re used a password I use with similar low value logins. Higher risk logins like banking are different of course. But now I don't have to fire up a password manager for every random site I log into to post the odd comment under an alias.
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11509
PUBLISHED: 2020-04-07
An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows remote attackers to upload page templates containing arbitrary JavaScript via the c37_wpl_import_template admin-post action (which will execute in an administrator's browser if the template is used to create a page).
CVE-2020-6647
PUBLISHED: 2020-04-07
An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack (XSS) via the name parameter.
CVE-2020-9286
PUBLISHED: 2020-04-07
An improper authorization vulnerability in FortiADC may allow a remote authenticated user with low privileges to perform certain actions such as rebooting the system.
CVE-2020-11508
PUBLISHED: 2020-04-07
An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows logged-in users with minimal permissions to create or replace existing pages with a malicious page containing arbitrary JavaScript via the wp_ajax_core37_lp_save_page (aka core37_lp_save_page) AJAX action.
CVE-2013-7488
PUBLISHED: 2020-04-07
perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 allows remote attackers to cause an infinite loop via unexpected input.