Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Dangers of default password. Show all posts
LogicMonitor
Computer Hacking cyber attack Cyber Attacks Dangers of default password Hacking Insider LogicMonitor

Default Passwords Lead to Hacking Incidents Among LogicMonitor Customers

 

Some customers of LogicMonitor, a network security firm, have been compromised by hacking attacks due to their use of default passwords. A spokesperson representing LogicMonitor has officially confirmed the existence of a "security incident" that is affecting a segment of the company's customer community. 

Until recently, LogicMonitor employed default passwords for user accounts, which created a vulnerability leading to the breach. These default passwords typically followed a recognizable pattern, such as commencing with "Welcome@" followed by a concise numerical sequence. 

This security oversight made it considerably easier for malicious actors to gain unauthorized access to customer accounts, raising concerns about potential ransomware attacks on systems under LogicMonitor's monitoring. 

“We are currently addressing a security incident that has affected a small number of our customers. We are in direct communication and working closely with those customers to take appropriate measures to mitigate the impact,” LogicMonitor’s spokesperson Jesica Church said. 

 LogicMonitor took the initiative to inform one of its customers about a potential security breach through an email notification. In the message, they highlighted the exposure of usernames and passwords, underscoring the risk of a potential ransomware attack in the event of unauthorized access. This proactive approach demonstrates LogicMonitor's commitment to swiftly addressing the issue and safeguarding its customers' interests. 

Understand what is meant by default password

Equipment manufacturers commonly employ uncomplicated passwords like "admin" or "password" for all their shipped devices, with the assumption that users will modify these passwords during the initial configuration process. Typically, these default login credentials can be located in the instruction manual (which is often standardized across devices) or even directly on the device itself. 

Here are a couple of instances to illustrate the point: 

In 2014, a single website's breach of default username and password combinations resulted in the exposure of 73,011 security cameras across 256 different countries. This allowed unrestricted online access to these cameras for anyone on the internet. 

In 2015, a four-week-long spam campaign successfully infiltrated router equipment systems by exploiting default username and password settings. The attackers leveraged this access to send emails to multiple organizations, serving as a reminder of an outstanding unpaid bill. 

The prevalence of default passwords constitutes a significant element in the vulnerability of widespread home router compromises. Maintaining such default passwords accessible on publicly accessible devices poses a substantial security hazard. The initial step to enhance your online security is to prioritize password management. 

Avoid the practice of reusing the same password across multiple accounts. Instead, establish distinct and robust passwords for each of your devices and accounts. This approach acts as a crucial deterrent, making it significantly more challenging for hackers to gain unauthorized access to your devices and compromise your security.
Read more »
Password Hacking
Credential stealing Cyber Security Dangers of default password Password Hacking

Here's a Quick Guide to Safeguarding Credentials

 


Safeguarding your authentication credentials is your best defense towards preventing your identity from falling into wrong hands. A recent report from Nordpass disclosed that people still use easy-to-remember passwords which however can also be hacked with very little effort. More than 2 million people use very simple passwords for example: ‘1234567’, notably, it won't take more than a second to break. 

People use passwords to gain access to an organization's resources and for recreational purposes as well, however, if the protection of passwords is taken lightly, one might end up falling into the hands of unscrupulous cybercriminals. Password stealing is easier than most of you think as hackers have multiple tools at their disposal, here are the ways by which one can ensure the prevention of the same. 

1 Minimum password length and complexity: Longer passwords with alphanumeric and special characters are considerably harder for hackers to break. For example letters, numbers, and special characters, “while it has been seen that few passwords are very secure against brute-force attacks, but the goal is here to increase entropy to protect password without making overly complicated passwords. 

According to the Open Web Application Security Project (OWASP), password with less than 10 characters can be hacked very easily. However, the question that arises is what length is considered secure but not too long? According to OWASP 160-character passwords considered to be a reasonable length. 

2 Multi-factor authentication (MFA): You must have seen many online shopping apps have started asking for extra authentication to verify your identity, more than just a username/email and password. For example, code on your phone, face or fingerprint scan etc. However, for big IT companies, it is very essential to use multi-factor authentication such as behavioral biometrics, building device reputational controls, IP tracking, and challenge-response protocols into their systems. 

3 Password managers for employees: It can be easy to go way for the companies if companies start having a password manager. This is a very easy and productive way that can ensure whether employees are using complex passwords or not. 

4 “Zero Trust” Security model:  This Network security model implies trusting no one, not even known users or devices without verifying or validating. This security model has been introduced by an analyst at Forrester Research. Although the theory employed is not entirely new, this security model has gained prominence nowadays in digital transformation and the effects can be easily seen on business network security architecture.
Read more »
Yahoo
Dangers of default password email security Featured Information Security News Yahoo

Yahoo to the rescue of forgetful users with "on-demand password"

Passwords are not meant to be remembered. It is meant to be generated fresh, every time you forget it.

This is what Yahoo seems to think as the company just introduced an on-demand password system.

The system works like this: After signing into the Yahoo account one has to select Account security from the account information page and opt-in for “On-demand passwords”. Then one has to enter the phone number where Yahoo sends the verification code and after entering this code one never has to worry about memorizing passwords ever again.

It can be argued that the move away from default passwords is welcome as password theft is very common now a days but some feel that the privacy is being sacrificed because anybody with access to the phone for even a few seconds has the potential to read through all your communication.

But the fact remains that peril of default passwords had been dealt well with the two step authentication process; whereby if one logs in from a new device, in addition to the password one is asked for a code that has been sent to the associated mobile number. A move to completely eliminated the first step seems to be inclining towards laxer cyber-security norms.

At a time when Google tries to put one in panic mode by notifying what happens if you forget your password and repeated reports of security breaches makes one paranoid, the move from Yahoo to eliminate passwords has invited mixed reactions.

Presently, it is available only to US users.

While the effort is in the right direction to deal with password security issues by closely connecting the virtual and real identities, the approach adapted seems to be fallacious.
Read more »
Security News
Dangers of default password Featured IT Security News password hack Security News

The dangers of default passwords : Routers use default 'password'


A hacker with twitter handle SuperSl1nk has discovered a security flaw in the Router's web admin interface. The famous organization left their router password as default one.  The worst part is that the default password is 'password'

"The dangers of default passwords is a critical vulnerability that unfortunately touches a lot of school, business, government and other ... The developpers are not aware of the danger or repercussion that this may have on the entire system." The hacker said in the leak.

"I can publish a little of my results. Only for Lesson ! :p"

The list of affected network includes BellSouth.net (U.S.A), Imagination (U.S.A),
Hotwire Communications (U.S.A), Capital Market Stragies L (U.S.A), University of Maryland Baltimore County (UMBC U.S.A), U.S. Network (U.S.A), LG DACOM Corporation (Korea).

Other affected networks : Harano Telecom (Korea),SK Broadband Co Ltd (Korea) ,Korea Telecom (Korea) , Infrastructure EM (Denmark) , Bahnhof Internet AB (Sweden), Intelligente Office (Canada), Wightman Telecom (Canada).

"@EHackerNews I've seen much worse, but I did not publish everything, I have access to ISP, Telecom, Gov, Military, Big Company... " In a tweet hacker replied to EHN.

All of the affected network has the same password to sign in to the interface .  Yes it is 'password' .  

http://pasteit.com/19643
Read more »
Subscribe to: Posts (Atom)