Firmware and Password Management - Cyber Security Informer

Weekly Update 219: IoT Unravelled with Scott Helme

Troy Hunt

NOVEMBER 28, 2020

But Then There's Home Assistant IoT Unravelled Part 2: IP Addresses, Network, Zigbee, Custom Firmware and Soldering IoT Unravelled Part 3: Security IoT Unravelled Part 4: Making it All Work for Humans IoT Unravelled Part 5: Practical Use Case Videos Sponsored by: 1Password is a secure password manager and digital wallet that keeps you safe online. (..)

IoT

IoT Password Management Firmware Passwords

Nvidia, the ransomware breach with some plot twists

Malwarebytes

MARCH 3, 2022

In the case of the Nvidia breach, LAPSUS$ claimed it was mainly after the removal of the lite hast rate (LHR) limitations in all GeForce 30 series firmware—apparently all to help out gamers and the mining community. If you recognize one or more of them we would encourage you to not only change them, but also to start using a password manager.

Ransomware

Ransomware Password Management Passwords Hacking

[Full-Disclosure] HideezKey 2 FAIL: How a good idea turns into a SPF (Security Product Failure)

Security Affairs

MAY 7, 2021

HideezKey- This is a deep-dive into a nice concept for a security token & password manager that turned into a horrible product due to lack of proper R&D and Threat Modeling. This will help me later in the case I will be able to obtain a firmware that eventually is encrypted (i.e. known-plaintext attack).

Firmware

Firmware Passwords Password Management Encryption

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

A week in security (July 19 – August 1)

Malwarebytes

AUGUST 2, 2021

UDP Technology IP Camera firmware vulnerabilities allow for attacker to achieve root. Source: ZDNet) We can’t believe people use browsers to manage their passwords, says maker of password management tools. The Clubhouse database “breach” is likely a non-breach. Here’s why.

Wireless

Wireless Password Management Firmware Passwords

Beyond the Office: Securing Home Devices and Networks Against Corporate Breaches

SecureWorld News

OCTOBER 8, 2023

Use the administrator account only for maintenance, software installation, or firmware updates. Opt for strong, hard-to-crack passwords. Consider using dedicated password manager apps. Attention should be paid to protecting routers and updating their firmware.

Firmware

Firmware IoT Accountability Passwords

NGINX zero-day vulnerability: Check if you’re affected

Malwarebytes

APRIL 13, 2022

Because LDAP extends to IoT devices, of which there are many more than IT devices, organizations running LDAP need to encrypt traffic using TLS certificates on IoT devices, keep the firmware up to date, and apply proper password management. Make sure that you sanitize any input before it gets passed to the daemon.

Authentication

Authentication IoT Password Management Firmware

Internet safety tips for kids and teens: A comprehensive guide for the modern parent

Malwarebytes

SEPTEMBER 21, 2021

And if your child uses the same password across multiple accounts, when one gets breached they are all vulnerable. This is where a password manager comes in. Not only can it create lengthy and complex passwords, it remembers them all for you. Your password manager can help with this.

Internet

Internet Internet Passwords Password Management

CISA and FBI issue alert about Zeppelin ransomware

Malwarebytes

AUGUST 16, 2022

Use long passwords (CISA says 8 characters, we say you can do better than that) and password managers. Store passwords using industry best practice password hashing functions. Implement password rate limits and lockouts. Avoid frequent password resets (once a year is fine).

Ransomware

Ransomware Backups Passwords Authentication

5 Signs a Cyberattack Is Under Way and 5 Things You Need to Do Before It Happens

Adam Levin

FEBRUARY 10, 2020

When your phone or computer alerts you to an available software or firmware update, pay attention and do what you’re asked to do immediately (as opposed to clicking “Remind me later”) because many of these patches are security-related. Consider using a password manager. Or use a password manager.).

Passwords

Passwords Phishing Password Management Accountability

How (and Why) to Take Full Advantage of Apple’s New Advanced Data Protection Feature

Security Boulevard

DECEMBER 27, 2022

Running outdated software/firmware can leave you open to security risks, such as vulnerability exploitation or malware infections. If wanted, you can transcribe it to a password manager or separate E2EE file with another cloud provider. Enter your device passcode. The next screen prompts you to enter your recovery key.

Encryption

Encryption Backups Software Accountability

Half of EDR Tools, Organizations Vulnerable to Clop Ransomware: Researchers

eSecurity Planet

JUNE 30, 2023

Password Policies: Enforce NIST password policy requirements, such as lengthier passwords and the use of password managers. Password suggestions should be disabled, and frequent password changes should be avoided. Patch operating systems, software, and firmware on a regular basis.

Ransomware

Ransomware Backups Passwords Software

Warning issued about Vice Society ransomware targeting the education sector

Malwarebytes

SEPTEMBER 7, 2022

Use long passwords (CISA says 8 characters, we say you can do better than that) and password managers. Store passwords using industry best practice password hashing functions. Implement password rate limits and lockouts. Avoid frequent password resets (once a year is fine).

Education

Education Ransomware Backups Passwords

How to Configure a Router to Use WPA2 in 7 Easy Steps

eSecurity Planet

MARCH 3, 2023

The typical username and password for Wi-Fi routers is “admin” for both, but you may need to search online or contact your ISP if that doesn’t work. And while you’re in there, update that password to something a little less hackable, possibly saving the new one in a password manager.

Wireless

Wireless Encryption Passwords IoT

SiteLock’s Top Five Cybersecurity Predictions For 2020

SiteLock

AUGUST 27, 2021

If a manufacturer hardcodes a master password within the device’s firmware, the device becomes extremely vulnerable from a security perspective, especially if an attacker is able to locate and download the password to access the device.

Cybersecurity

Cybersecurity Phishing Data breaches IoT

Spotlight: CTIA’s IoT Cybersecurity Certification is a Big Deal. Here’s why.

The Security Ledger

MARCH 13, 2019

Dixit tells me that the standards include basic features like password management features, a strong authentication scheme in place and provisions for patching and updating the device’s software (or “firmware.”). Setting a Bar on IoT Cyber Security.

IoT

IoT Cybersecurity Internet Internet

Spyware in the IoT – the Biggest Privacy Threat This Year

SiteLock

AUGUST 27, 2021

Use best practices like creating a separate password for every account and device, using two-factor authentication, and create strong passwords with a combination of upper-case and lower-case letters, numbers, and symbols. Most manufacturers of IoT enabled devices update their firmware frequently. Update, Update, Update.

IoT

IoT Spyware VPN Passwords

10 Behaviors That Will Reduce Your Risk Online

Daniel Miessler

MAY 14, 2020

Use unique, strong passwords, and store them in a password manager. Many people get hacked from having guessable or previously compromised passwords. Good passwords are long, random, and unique to each account, which means it’s impossible for a human to manage them on their own.

Risk

Risk Password Management Passwords Accountability

Vulnerability Patching: How to Prioritize and Apply Patches

eSecurity Planet

NOVEMBER 18, 2022

firmware (hard drives, drivers, etc.), However, some patches, particularly for infrastructure, firmware, or less common software may not be automatable. While this eliminates many headaches, it does not scan for misconfigurations and may not support other critical updates such as IT infrastructure (routers, firewalls, etc.),

Firmware

Firmware Firewall Passwords Risk

How to Prevent Malware: 15 Best Practices for Malware Prevention

eSecurity Planet

OCTOBER 24, 2023

Regularly update router firmware to patch vulnerabilities and close potential avenues of attack. Create Strong, Unique Passwords Creating strong, one-of-a-kind passwords acts as a strong defense to keep your accounts safe. Some password managers offer free versions if you need help.

Malware

Malware Antivirus Software Passwords

Types of Encryption, Methods & Use Cases

eSecurity Planet

DECEMBER 7, 2023

Users can establish a symmetric key to share private messages through a secure channel, like a password manager. This feature can be included in firmware, in operating systems, or as a feature in open-source, shareware, or commercial applications.

Encryption

Encryption Authentication Passwords Password Management

What is Incident Response? Ultimate Guide + Templates

eSecurity Planet

JULY 25, 2023

Password attacks: These involve various methods to obtain or crack passwords, including brute force attacks, dictionary attacks, or credential stuffing. There are multiple password management solutions that are readily available in the market to help you protect your passwords with the help of passkeys.

Software

Software Data breaches DDOS Ransomware

10 Network Security Threats Everyone Should Know

eSecurity Planet

MARCH 16, 2023

Have regular conversations about cybersecurity in manager and employee one-on-one meetings. Install software like password managers to help employees manage their credentials safely. It’s critical for network administrators to patch firmware vulnerabilities immediately after learning of them.

Network Security

Network Security Firewall Internet Internet

Network Protection: How to Secure a Network

eSecurity Planet

MARCH 22, 2023

Improved Passwords: Organizations seeking improved security will typically increase password strength requirements to add complexity or more frequent password rotation. Password managers aid users in meeting more stringent requirements, and can enable centralized control as well.

Firewall

Firewall Network Security Penetration Testing Encryption

2024 State of Cybersecurity: Reports of More Threats & Prioritization Issues

eSecurity Planet

MAY 2, 2024

Additional security all organizations should consider for a modest investment include: Active directory security : Guards the password storage and management system against attack for Windows, Azure, and other equivalent identity management systems.

Cybersecurity

Cybersecurity DDOS Penetration Testing Passwords

Cyber Security Informer

Weekly Update 219: IoT Unravelled with Scott Helme

Nvidia, the ransomware breach with some plot twists

Webinars

Trending Sources

[Full-Disclosure] HideezKey 2 FAIL: How a good idea turns into a SPF (Security Product Failure)

Webinars

A week in security (July 19 – August 1)

Beyond the Office: Securing Home Devices and Networks Against Corporate Breaches

NGINX zero-day vulnerability: Check if you’re affected

Internet safety tips for kids and teens: A comprehensive guide for the modern parent

CISA and FBI issue alert about Zeppelin ransomware

5 Signs a Cyberattack Is Under Way and 5 Things You Need to Do Before It Happens

How (and Why) to Take Full Advantage of Apple’s New Advanced Data Protection Feature

Half of EDR Tools, Organizations Vulnerable to Clop Ransomware: Researchers

Warning issued about Vice Society ransomware targeting the education sector

How to Configure a Router to Use WPA2 in 7 Easy Steps

SiteLock’s Top Five Cybersecurity Predictions For 2020

Spotlight: CTIA’s IoT Cybersecurity Certification is a Big Deal. Here’s why.

Spyware in the IoT – the Biggest Privacy Threat This Year

10 Behaviors That Will Reduce Your Risk Online

Vulnerability Patching: How to Prioritize and Apply Patches

How to Prevent Malware: 15 Best Practices for Malware Prevention

Types of Encryption, Methods & Use Cases

What is Incident Response? Ultimate Guide + Templates

10 Network Security Threats Everyone Should Know

Network Protection: How to Secure a Network

2024 State of Cybersecurity: Reports of More Threats & Prioritization Issues

Stay Connected