Home Tags Credentials

Tag: credentials

APT Threat Evolution in Q1 2017

Kaspersky Lab is currently tracking more than a hundred threat actors and sophisticated malicious operations in over 80 countries.

During the first quarter of 2017, there were 33 private reports released to subscribers of our Intelligence Services, with IOC data and YARA rules to assist in forensics and malware-hunting.

Is ‘admin’ password leaving your IoT device vulnerable to cyberattacks?

Internet-connected devices in your home or office will be vulnerable to botnets and other attacks, if you don't change the original login credentials.

Mitsui USA Partners With Rajant To Advance Industrial Internet Of Things...

Companies to Jointly Leverage Rajant’s Wireless Networking Technology, Information Assurance Credentials for New MarketsPHILADELPHIA – April 25, 2017 – Rajant and Mitsui & Co. (U.S.A.), Inc. (“Mitsui USA”), a wholly owned subsidiary of Mitsui & Co., Ltd., Tokyo, Japan, announced today that they will jointly develop and market Rajant’s Kinetic Mesh™ wireless networks, and extensive information assurance and security expertise to solve the advanced communications challenges of IIoT (Industrial Internet of Things), drones, V2V (vehicle... Source: RealWire

Google zero-trust security framework goes beyond passwords

With a sprawling workforce, a wide range of devices running on multiple platforms, and a growing reliance on cloud infrastructure and applications, the idea of the corporate network as the castle and security defenses as walls and moats protecting the perimeter doesn’t really work anymore. Which is why, over the past year, Google has been talking about BeyondCorp, the zero-trust perimeter-less security framework it uses to secure access for its 61,000 employees and their devices. The core premise of BeyondCorp is that traffic originating from within the enterprise’s network is not automatically more trustworthy than traffic that originated externally. Instead of traditional methods such as VPNs and login credentials to establish trust and verify identity, Google relies on a “tiered access” model, which looks at the user’s individual and group permissions, the user’s privileges as defined by the job role, and the state of the device being used to make the request.To read this article in full or to leave a comment, please click here

Skype Fixes ‘SPYKE’ Credential Phishing Remote Execution Bug

Microsoft fixed a bug in Skype last month that could have allowed an attacker to execute code on the system it was running on, phish Skype credentials and crash the application.

Credentials Under Attack, Time to Exploit Still a Problem, Study Finds

A review of Q1 security incidents by security firm Rapid7 finds that attackers are more likely to use credentials to hack systems, although malware and industry-specific attacks continue to be popular.

Inmates built computers hidden in ceiling, connected them to prison network

Ohio prison's lax supervision was akin to "an episode from Hogan's Heroes."

Travel routers are a hot mess of security flaws

One of the worst offenders only needs a text message sent to turn over the router's admin credentials.

TP-Link 3G/Wi-Fi modem spills credentials to an evil text message

So why can it read scripts sent by SMS anyhow? TP-Link's M5350 3G/Wi-Fi router, has the kind of howling bug that gives infosec pros nightmares.…

Phishing scammers exploit Wix web hosting

Cybercriminals like to subvert legitimate online services like Google Docs and Dropbox to carry out their malicious activities.

The free website hosting company Wix is the latest addition to the list of services they’ve abused.Researchers from security company Cyren found that scammers were creating phishing sites designed to harvest Office 365 login credentials via Wix, which offers a simple click-and-drag editor for building web pages.

As typically happens with free services, the criminals are taking advantage of these tools to carry out their operations.[ 4 top disaster recovery packages compared. | Backup and recovery tools: Users identify the good, bad, and ugly. ]The phishing site looks like a new browser window open to an Office 365 login page.
In fact, it’s a screenshot of an Office 365 login page with editable fields overlaid on the image. Users would think the site is legitimate and enter the login credentials, except the information is entered into the fields on the overlay and not the actual Office 365 page.To read this article in full or to leave a comment, please click here

Tax Deadline Leads to Heightened Phishing Email Activities

IRS warns tax professionals to watch out for phishing email scams attempting to steal user credentials.

Aviation-Related Phishing Campaigns Seeking Credentials

Researchers warn of a wave in aviation-themed phishing attacks that aim to steal credentials and install malware.