IT Security Guru

APRIL 12, 2022

There are a few notable exploited misconfigurations, from default built-in file sharing, and lack of password enforcement, albeit no password to multi-factor authentication (MFA), to the risks of legacy protocols and OAuth apps, that can bring a little clarity to understanding the complex landscape that is a company’s SaaS security posture.

CISO 102

CISO Passwords Marketing System Administration 102

Malwarebytes

APRIL 21, 2021

Most of the problems discovered by Pulse Secure and Mandiant involve three vulnerabilities that were patched in 2019 and 2020. CVE-2020-8243 a vulnerability in the Pulse Connect Secure < 9.1R8.2 The identified threat actors were found to be harvesting account credentials. The old vulnerabilities. The new vulnerability.

VPN 73

VPN Authentication Malware System Administration 73

Security Boulevard

DECEMBER 2, 2022

Also, remember how users can use keys rather than a password to login? So, imagine Susan is a system admin and she has access to several servers. She used SSH keygen to generate keys and she now can login to the systems via Secure Shell. These algorithms change and as they age, they become more vulnerable.

Risk 64

Risk Authentication Passwords Accountability 64

CyberSecurity Insiders

SEPTEMBER 21, 2021

If any potentially hazardous characters must be allowed as input, be sure that you implement additional controls like output encoding, secure task specific APIs, and accounting to use that data throughout the application. Authentication and password management. Implement password hashing on a trusted system.

Authentication 79

Authentication Passwords Software Accountability 79

eSecurity Planet

FEBRUARY 15, 2022

The agencies offered some sound cybersecurity advice for BlackByte that applies pretty generally: Conduct regular backups and store them as air-gapped, password-protected copies offline. Update and patch operating systems, software, and firmware as soon as updates and patches are released. BlackByte Ransomware Protection Steps.

Ransomware 117

Ransomware Encryption Backups Accountability 117

IT Security Guru

SEPTEMBER 7, 2022

Per a recent report from Q4 2020 to Q4 2021 , the average number of APIs per company increased by 221% in 12 months and that API attack traffic grew by 681% while overall API traffic grew by 321%. password guessing). Microservices Architecture has Created a Security Blind Spot. API Security Tools.

DDOS 114

DDOS Authentication Architecture Social Engineering 114

eSecurity Planet

MARCH 25, 2022

Remote desktop software’s sensitive influence over other devices means identity and access management (IAM), password security , and multi-factor authentication are critical for risk management. Like in the case of SolarWinds in 2020, masked threat actors aren’t afraid to linger for months during reconnaissance.

VPN 111

VPN Software Authentication Encryption 111

NopSec

MARCH 16, 2020

Are all Microsoft(MS) Remote Desktop connections to the outside world accounted for and adequately protected? Are all the OWA – Outlook Web Access – installations accounted for and adequately protected? Are all file sharing accounts accounted for and adequately protected? Are all CMS websites accounted for?

VPN 40

VPN Accountability Risk System Administration 40

Security Boulevard

SEPTEMBER 24, 2021

Dominion simply uses “role based security” instead of normal user accounts. The auditors claim account passwords must “be changed every 90 days”. Ideally, accounts wouldn’t be created until they were needed. In practice, system administrators aren’t available (again, it’s an airgapped system, so no remote administration).

Software 110

Software Computers and Electronics Accountability Firewall 110

Errata Security

SEPTEMBER 24, 2021

Dominion simply uses “role based security” instead of normal user accounts. The auditors claim account passwords must “be changed every 90 days”. Ideally, accounts wouldn’t be created until they were needed. In practice, system administrators aren’t available (again, it’s an airgapped system, so no remote administration).

Software 109

Software Computers and Electronics Accountability Firewall 109

eSecurity Planet

JULY 6, 2021

After a series of highly publicized ransomware attacks this spring, the Kaseya attack most resembles the compromise of SolarWinds in late 2020. Kaseya’s flagship product is a remote monitoring and management (RMM) solution called the Virtual Systems Administrator (VSA) and is the product at the center of the current attack.

Ransomware 104

Ransomware B2B Software System Administration 104

SecureList

OCTOBER 12, 2023

The group started its activities in December 2020 and has been responsible for multiple sets of attacks against high-profile entities in Europe and Asia. ToddyCat is an advanced APT actor that we described in a previous publication last year.

Encryption 112

Encryption Passwords Malware Firewall 112

Security Boulevard

JUNE 20, 2022

On December 15, 2020, Microsoft published their new revised version of Securing Privileged Access on Microsoft docs, including the Enterprise Access Model, which encompasses both on-prem, Operational Technology (OT), Azure, and other cloud providers. They recommend tiered administration with dedicated admin accounts.

Accountability 52

Accountability Risk Authentication Passwords 52

Digital Shadows

AUGUST 17, 2021

Going back a bit, it was also the top attack vector in 2020, 2019, 2018, 2017, 2016, and well, hopefully, you get the picture. The targeted phishing is going after folks in HR using fake but malicious resumes or payroll and accounts receivable teams to move legitimate payment accounts into attacker control.

Phishing 52

Phishing Accountability Social Engineering Mobile 52