This dumb password rule is from Microsoft (work accounts).

What doesn't seem to be a problem for personal accounts, is for work
accounts from Microsoft (e.g. Office 365 etc.).

Maximum 16 characters. So forget about using your new fancy diceware
password here - or really any secure passwords in general.

Oh - and besides that, please don't use any "exoti...

https://dumbpasswordrules.com/sites/microsoft-work-accounts/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

M%j/#@\~cI]$t<k?IJew

SphereSediment6Smell

#bot #password #passphrase #infosec #opsec

🎊 LTB Self Service Password 1.8 released!

ℹ️ LDAP Tool Box Self Service Password is a web application for end users. It allows them to change or reset their password (mail, SMS, questions) if they lost it. It works with any LDAP directory, including Active Directory.

🆕 New features: custom skin, show/hide password

🔗 https://projects.ow2.org/view/ldaptoolbox/ltb-self-service-password-1-8-0-released/

@ow2 @worteks_com

#LDAP #SSPR #Password

Reloaded in a modern Remcos RAT Infection

Analysts discovered a new Remcos RAT infection chain starting with a batch file executing encoded commands that creates hidden directories and retrieves encrypted payloads. Unlike earlier campaigns relying on PowerShell-hosted .NET loaders, this variant incorporates DonutLoader shellcode and AutoIt-based staging for in-memory payload delivery. The infection begins with a phishing email containing a malicious batch file named Bestellung.CMD. The chain abuses legitimate Windows utilities including cscript.exe and SyncAppvPublishingServer.vbs to execute Base64-encoded payloads. Additional components are downloaded from cloud storage, including 7Zip tools and password-protected archives containing obfuscated JScript. The final payload consists of DonutLoader shellcode that injects Remcos RAT version 7.2.1 Pro into colorcpl.exe, enabling remote control, credential harvesting, keystroke logging, and additional payload deployment.

Pulse ID: 6a1a2dd905d9f8c4474cb45e
Pulse Link: https://otx.alienvault.com/pulse/6a1a2dd905d9f8c4474cb45e
Pulse Author: AlienVault
Created: 2026-05-30 00:22:49

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#7Zip #Autoit #Cloud #CredentialHarvesting #CyberSecurity #Email #InfoSec #NET #OTX #OpenThreatExchange #Password #Phishing #PowerShell #RAT #Remcos #RemcosRAT #ShellCode #VBS #Windows #Word #ZIP #bot #AlienVault

S65F$:sq<`Fk0*D;3\V`

CardiacScale5Giggling

#bot #password #passphrase #infosec #opsec

'QL~jDOj=<Qi>@=_q246

CitationPresume3Stove

#bot #password #passphrase #infosec #opsec

This dumb password rule is from AmeriHealth.

Their site says "*All information is kept safe and secure.*" Just not as
secure as you'd like.

User Password must be between 6 and 14 characters and contain 1
numerical value.

https://dumbpasswordrules.com/sites/amerihealth/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

%'y<nft?4oMc-cUrFNxQ

GentileOuting4Retold

#bot #password #passphrase #infosec #opsec

413~yqcwq,Phs5y^#bLh

LapelDisplace6Clapping

#bot #password #passphrase #infosec #opsec

RE: https://blog.nyman.re/2026/05/31/passbolt-reviewing-password-managers-for.html

I'm looking for an alternative to 1Password for a org/team but I can't find it.

I tried @passbolt as it seemed promising on the label but I gave up. The UX was just bad, I can imagine the reasoning for making it bad (sEcUriTy) but I disagree with the tradeoffs.

Also I couldn't even log in to the my trial cloud instance "Server and client time is out of sync, please contact your administrator."

Even with a good track record of cure53 security audits that does not inspire confidence for a key part of modern infrastructure.

What should I look at next? #password #manager

Bonus if it's #eualternative and/or opens source.