Duo's Security Blog

FEBRUARY 16, 2022

The 2021 Verizon Data Breach Investigations Report observes passwords caused 89% of web application breaches, either through stolen credentials or brute force attacks, making the protection of credentials a high priority. Hackers are well aware of this and collect passwords from credential dumps or the dark web. million to $4.24

Retail 96

Retail Cybersecurity Data breaches Passwords 96

eSecurity Planet

AUGUST 28, 2023

For CVE-2023-38035, Ivanti recommends installing the corresponding version of Sentry using RPM scripts: Log in to a system command line interface in a terminal window as the admin user established during system installation, and enter the corresponding password. The command line prompt will be changed from > to #.

VPN 70

VPN Authentication Mobile Firewall 70

Malwarebytes

APRIL 16, 2021

Assume that a breach will happen, enforce least-privileged access, and make password changes and account reviews a regular practice. Enable robust logging of Internet-facing services and authentication functions. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services).

VPN 118

VPN Internet Internet Accountability 118

SecureWorld News

JULY 27, 2021

Ensure that old VPN remote access systems are taken down when new ones are instituted.". Ensure that employee logins and passwords that are no longer being used are turned off and disabled.". Require two-factor or multi-factor authentication for any and all remote access to the company’s computer systems.".

Ransomware 98

Ransomware Authentication VPN Cybersecurity 98

Krebs on Security

FEBRUARY 18, 2019

government — along with a number of leading security companies — recently warned about a series of highly complex and widespread attacks that allowed suspected Iranian hackers to siphon huge volumes of email passwords and other sensitive data from multiple governments and private companies. The first domain was “ ns0.idm.net.lb

DNS 267

DNS Internet Internet Government 267

eSecurity Planet

MARCH 1, 2023

To prevent unwanted access and protect data in transit, wireless connections must be secured with strong authentication procedures, encryption protocols, access control rules, intrusion detection and prevention systems, and other security measures. As a result, wireless networks are prone to eavesdropping, illegal access and theft.

Wireless 89

Wireless Encryption Authentication IoT 89

Security Affairs

APRIL 2, 2021

The threat actors are actively exploiting the following vulnerabilities in Fortinet FortiOS: CVE-2018-13379 ; CVE-2020-12812 ; CVE-2019-5591. Regularly back up data, air gap, and password protect backup copies offline. . Use multifactor authentication where possible. Disable hyperlinks in received emails.

Passwords 65

Passwords Government Firmware Accountability 65

Security Affairs

MARCH 12, 2020

The Zyxel Cloud CNM SecuManager is a comprehensive network management software that provides an integrated console to manage security gateways including the ZyWALL USG and VPN Series. ” Experts also reported the use of predefined passwords for admin accounts. and 3.1.1 – last updated in November 2018.

Accountability 82

Accountability Advertising Software Authentication 82

SecureWorld News

JULY 28, 2020

According to the Flash report, this threat is believed to have existed since 2016, with several encounters since the June 2020 incident: In July 2018, an employee of a US pharmaceutical company with business interests in China downloaded the Baiwang Tax Control Invoicing software program from baiwang.com.

Software 52

Software Banking Passwords Accountability 52

Thales Cloud Protection & Licensing

SEPTEMBER 12, 2019

At the 2018 Winter Olympic Games held in PyeongChang, for instance, cyber criminals leveraged a previously unknown family of malware called Olympic Destroyer to attack the Games’ servers just before the opening ceremony. Unfortunately, digital criminals are also closely following the buzz surrounding this tournament.

IoT 105

IoT Internet Internet VPN 105

Fox IT

JANUARY 12, 2021

Credential theft and password spraying to Cobalt Strike. This adversary starts with obtaining usernames and passwords of their victim from previous breaches. These credentials are used in a credential stuffing or password spraying attack against the victim’s remote services, such as webmail or other internet reachable mail services.

VPN 68

VPN Accountability Passwords DNS 68

Troy Hunt

NOVEMBER 14, 2018

Last week I wrote a couple of different pieces on passwords, firstly about why we're going to be stuck with them for a long time yet and then secondly, about how we all bear some responsibility for making good password choices. This week, I wanted to focus on going beyond passwords and talk about 2FA. It's a subset of MFA.

Passwords 261

Passwords Authentication Accountability Mobile 261

Malwarebytes

MAY 28, 2021

They changed their tactics in 2018 and started using ransomware in the form of Ryuk. Below is a list of recommended mitigations from the FBI, which it issued along with an alert on Conti ransomware late last week: Regularly back up data, air gap, and password protect backup copies offline. Avoid reusing passwords for multiple accounts.

Healthcare 112

Healthcare Ransomware Encryption Passwords 112

Security Affairs

OCTOBER 12, 2020

US government networks are under attack, threat actors chained VPN and Windows Zerologon flaws to gain unauthorized access to elections support systems. An attacker could also exploit the flaw to disable security features in the Netlogon authentication process and change a computer’s password on the domain controller’s Active Directory.

VPN 139

VPN Government Authentication Advertising 139

Security Affairs

DECEMBER 6, 2018

In March 2018, computer systems in the City of Atlanta were infected by ransomware, the cyber attack was confirmed by the City officials. Place any system with an open RDP port behind a firewall and require users to use a virtual private network (VPN) to access that system. Where possible, apply two-factor authentication.

Ransomware 92

Ransomware Advertising Authentication Passwords 92

Security Affairs

OCTOBER 20, 2018

Meaning, authentication bypasses weren’t enough. Both the vulnerabilities (dubbed CVE-2018-18472 and CVE-2018-18471) remain unpatched at the time of this publication. CVE-2018-18472 – XXE and Unauthenticated Remote Command Execution in Axentra Hipserv NAS firmware. . We were successful, in all the devices. Part One: XXE.

Firmware 61

Firmware IoT VPN Authentication 61

Security Affairs

NOVEMBER 27, 2020

The global impact of the Fortinet 50.000 VPN leak posted online, with many countries impacted, including Portugal. A compilation of one-line exploit tracked as CVE-2018-13379 and that could be used to steal VPN credentials from nearly 50.000 Fortinet VPN devices has posted online. Affected Products FortiOS 6.0 – 6.0.0

VPN 140

VPN Banking Passwords Malware 140

eSecurity Planet

MARCH 25, 2022

RDP intrusions are typically the result of two attacker methods: brute force authentication attempts or a meddler-in-the-middle (MITM) attack. Remote desktop software’s sensitive influence over other devices means identity and access management (IAM), password security , and multi-factor authentication are critical for risk management.

VPN 111

VPN Software Authentication Encryption 111

Malwarebytes

JUNE 3, 2022

By focusing on this context, we hope that you’ll come away with a stronger understanding about, for instance, why you should use a password manager rather than that you should use a password manager. A video of Kanye West from 2018 purportedly revealed that the rapper and producer’s iPhone passcode was 000000.

Internet 128

Internet Internet Scams Passwords 128

Herjavec Group

AUGUST 23, 2021

operators have successfully gained initial access during attack campaigns via exploitation of vulnerabilities (Exploit public-facing application) in Fortinet software components, such as the long-existing vulnerability FortiOS software components tracked under CVE-2018-13379 [6]. .

Ransomware 52

Ransomware Encryption Manufacturing Backups 52

Krebs on Security

OCTOBER 21, 2019

Antivirus and security giant Avast and virtual private networking (VPN) software provider NordVPN each today disclosed months-long network intrusions that — while otherwise unrelated — shared a common cause: Forgotten or unknown user accounts that granted remote access to internal systems with little more than a password.

Accountability 131

Accountability VPN Software Antivirus 131

Adam Levin

NOVEMBER 15, 2019

News that Virtual Private Network ( VPN ) provider NordVPN was breached spread quickly. While the breach of a major VPN service is newsworthy, this one wasn’t particularly. But one of the watchwords of good cyber hygiene, a VPN, was breached. Who Is Using VPNs? The incident put NordVPN in the hot seat.

VPN 114

VPN Cybersecurity Firewall Data breaches 114

Troy Hunt

JANUARY 10, 2018

agarwal_mohit) January 5, 2018. I think the URL is right but it seems inaccessible from other countries: [link] — Troy Hunt (@troyhunt) January 9, 2018. Blocking legitimate users is part of that problem, blocking users wanting to protect their traffic with a VPN is another: This has been there for the past year now.

Hacking 279

Hacking Government Risk Encryption 279

Troy Hunt

MARCH 29, 2018

The penny first dropped for me just over 7 years ago to the day: The only secure password is the one you can't remember. In an era well before the birth of Have I Been Pwned (HIBP), I was doing a bunch of password analysis on data breaches and wouldn't you know it - people are terrible at creating passwords! Everywhere.

Password Management 266

Password Management Passwords Data breaches Retail 266

eSecurity Planet

DECEMBER 7, 2023

Cryptographic keys can be random numbers, products of large prime numbers, points on an ellipse, or a password generated by a user. AES encryption can be commonly found in communication protocols, virtual private network (VPN) encryption, full-disk encryption, and Wi-Fi transmission protocols.

Encryption 101

Encryption Passwords IoT Firewall 101

Security Affairs

OCTOBER 22, 2019

NordVPN and TorGuard VPN firms were hacked, threat actors leaked the private keys used to secure their web servers and VPN configuration files. . Hackers have breached the systems used by NordVPN and TorGuard VPN companies and leaked the private keys used to secure their web servers and VPN configuration files. .

VPN 52

VPN Hacking Advertising Authentication 52

Adam Levin

FEBRUARY 13, 2019

According to Dailymotion, the attack took the form of a guessing game of sorts, the passwords of some Dailymotion accounts being drawn from a huge number of known login/password combinations, or by using passwords stolen from websites unrelated to Dailymotion. This strategy is made easier with a password manager.

Risk 100

Risk Data breaches Passwords Password Management 100

Security Affairs

NOVEMBER 17, 2021

One of the campaigns monitored by the experts and conducted by PHOSPHORUS APT group leveraged known vulnerabilities in Fortinet FortiOS SSL VPN and Microsoft Exchange Servers to deploy ransomware on vulnerable networks. . Microsoft added that password spray attacks on Office 365 accounts with multifactor authentication (MFA) enabled failed.

VPN 103

VPN Social Engineering Accountability Media 103

Security Affairs

OCTOBER 14, 2019

These included: email addresses hashed and salted passwords “. Laked data included email addresses and hashed and salted passwords for all Cloud WAF customers who registered before 15th September 2017. Elements of our Incapsula customer database through September 15, 2017 were exposed. ” reads the post published by Imperva. “We

Firewall 76

Firewall Passwords Accountability Data breaches 76

Krebs on Security

JANUARY 11, 2022

More commonly, the infected PC or stolen VPN credentials the gang used to break in were purchased from a cybercriminal middleman known as an initial access broker. In 2018, Wazawaka registered a slew of domains spoofing the real domain for the Hydra dark web market. ” WHO IS WAZAWAKA?

DDOS 263

DDOS Accountability Cybercrime Ransomware 263

Security Affairs

MAY 27, 2020

Some operators used additional malware during their post-exploitation activities, which gave them more opportunities to obtain authentication data and even full control over Windows domains. . How it all began. Figure 1 – Heat map of ransomware operators’ TTPs based on MITRE’s ATT&CK matrix. Game-changer.

Ransomware 86

Ransomware Phishing Advertising Encryption 86

Krebs on Security

FEBRUARY 10, 2021

The only federal law that applies to the cybersecurity of water treatment facilities in the United States is America’s Water Infrastructure Act of 2018 , which requires water systems serving more than 3,300 people “to develop or update risk assessments and emergency response plans.” NO NEWS IS GOOD NEWS?

Hacking 344

Hacking Cybersecurity Media Ransomware 344

Pen Test Partners

OCTOBER 9, 2023

For example: a user enumeration vulnerability, a weak password policy, and a lack of brute force protection and lockout can still lead to an attacker gaining access to an account. The CoP includes the following recommendations for manufacturers: No default passwords. Encryption is important when: Sending a password.

IoT 52

IoT Firmware Mobile Manufacturing 52

Privacy and Cybersecurity Law

MARCH 27, 2018

On March 15, 2018, the US Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI) issued a joint Technical Alert (TA18-074A) warning “network defenders” in critical sector industries that “Russian government cyber actors” have been intentionally targeting U.S. ” Watering-Hole.

VPN 40

VPN Phishing Government Cybersecurity 40

SecureList

OCTOBER 17, 2023

This email contained a link leading to a password-protected archive hosted on Google Drive, which represented the first stage of the infection – a.NET binary that was obfuscated and trying to pass itself off as an OpenVPN binary, when in fact it was a malware loader. We have also seen a campaign from a newly discovered threat actor, BadRory.

Government 103

Government Malware VPN Manufacturing 103

SecureList

NOVEMBER 18, 2022

The former threatened files accessible from the internet over SMB protocol and protected by a weak account password. Most of the network threats detected in Q3 2022 were again attacks associated with brute-forcing passwords for Microsoft SQL Server, RDP, and other services.

Mobile 85

Mobile Malware Ransomware IoT 85

eSecurity Planet

APRIL 26, 2022

Company Sector Year Status Vicarius Vulnerability management 2022 Private Dragos ICS and OT security 2021 Private Safeguard Cyber Risk management 2021 Private CyberGRX Risk management 2019 Private Signifyd Fraud protection 2018 Private RedOwl Security analytics 2015 Acquired: Forcepoint. Accel Investments. Andreessen Horowitz (a16z).

Cybersecurity 122

Cybersecurity Technology Marketing Healthcare 122