Over 600k GPS trackers left exposed online with a default password of ‘123456’

Security Affairs

600,000 GPS trackers left exposed online with a default password of ‘123456’ Avast researchers found at least 600,000 GPS trackers manufactured by a Chinese vendor that were exposed online with a default password of “123456.”

Mandatory IoT Security in the Offing with U.K. Proposal

Threatpost

law mandates that manufacturers apply several security controls to their connected devices. Government IoT default password Device security Internet of things iot legislation iot manufacturers IoT security Password regulation Security Updates tech law Uk gov law uk law

IoT 91

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Username (and password) free login with security keys

Imperial Violet

Most readers of this blog will be familiar with the traditional security key user experience: you register a token with a site then, when logging in, you enter a username and password as normal but are also required to press a security key in order for it to sign a challenge from the website. On the plus side, this one-button flow frees users from having to remember and type their username and password for a given site.

Episode 164: Who owns the Data Smart Cars collect? Also: making Passwords work.

The Security Ledger

Also: LastPass’s Dan DeMichele joins us to talk about why password security is still so hard. Also: LastPass’s Dan DeMichele joins us to talk about why password security is still so hard. Why Companies struggle with Passwords.

Hackers Hit Unpatched Pulse Secure and Fortinet SSL VPNs

Data Breach Today

Vendors Issued Security Updates to Fix Severe Flaws Several Months Ago Patch or perish redux: Hackers are unleashing automated attacks to find and exploit known flaws in SSL VPNs manufactured by Fortinet and Pulse Secure to steal passwords.

UK Government Proposes IoT Security Measures

Data Breach Today

Rules Would Strengthen Password Protection and Vulnerability Reporting With the number of installed internet of things devices expected to surpass 75 billion by 2025, the U.K.

IoT 153

Hackers are Hurting the Internet of Things in More Ways Than you Think

InfoGoTo

They can enter the device via stolen credentials, weak passwords, broadly published default passwords and web-based attacks via browsers on computers that connect to the IoT. They can also include smart sensors and different apparatuses in critical infrastructure sectors like manufacturing, energy, transportation systems and more than a dozen others that the Department of Homeland Security has identified.

IoT 63

Kali Project Encryption and Isolation Using Vagrant and BitLocker

Perficient Data & Analytics

needs patching to support the survival of the “vagrant up” operation through the point in time when the Virtualbox boot process pauses to allow you to type in an encryption password. It is during this time that the encryption password entry form appears and waits for our input.

Protect Your Home Office and Network With These 5 Tips

Adam Levin

Secure Your Router: If you’re still using your router’s manufacturer default password, it’s past time for a change. Your password should be include letters, numbers and special characters in a combination you haven’t used on other accounts.

5 Ways to Ensure Home Router Security with a Remote Workforce

Adam Levin

Ensure remote workers are more secure by following these five tips: Change the Default Password: Routers should have the manufacturer default password updated the moment it’s turned on and connected.

How Microsoft Word “Protected View” Stops Information Leaks

Perficient Data & Analytics

In this attack, I will actually steal your network credentials and crack your password. I’ll then be able to use john-the-ripper or other program to crack the password. Never re-use passwords across services.

Digital Enterprises: Built on Modern MDM

Reltio

If you missed this event, check out the video presentations here to get the latest buzz in the data management industry (Login: dd19@reltio.com | Password: berightfaster). Ankur Gupta, Sr. Product Marketing Manager, Reltio.

MDM 52

Five Ways to Secure Your Home Office Webcam

Adam Levin

Update your camera’s firmware and software: Whether it’s an external camera or one built into your laptop or tablet, check for manufacturer updates and always keep your camera’s software and firmware fully up to date because patches are often released specifically to patch security vulnerabilities.

P2P Weakness Exposes Millions of IoT Devices

Krebs on Security

A map showing the distribution of some 2 million iLinkP2P-enabled devices that are vulnerable to eavesdropping, password theft and possibly remote compromise, according to new research.

IoT 244

New Guidance Published on Cybersecurity and Medical Devices

Data Matters

New European medical device guidance will require manufacturers to carefully review cybersecurity and IT security requirements in relation to their devices and in their product literature. The Guidance is intended to assist medical device manufacturers meet the new cybersecurity requirements in the Medical Devices Regulation (MDR) and the In Vitro Diagnostic Regulation (IVDR) (collectively, the Regulations).

Who’s Behind the GandCrab Ransomware?

Krebs on Security

That domain registration record included the Russian phone number +7-951-7805896 , which mail.ru’s password recovery function says is indeed the phone number used to register the hottabych_k2 email account.

A Year Later, Cybercrime Groups Still Rampant on Facebook

Krebs on Security

KrebsOnSecurity broke the news that Facebook developers wrote apps which stored somewhere between 200 million and 600 million Facebook user passwords in plain text. Finally, I periodically need to verify some new boneheaded privacy disclosure or security screw-up manufactured by Facebook.

How to Enable IoT Security and Protect Your Data From Weak Links

InfoGoTo

Change default passwords. Default passwords will be the very first attempts that a hacker will make on a device that may have been left accidentally unprotected. At the very least, change the password to something other than “password.” Regularly check up on the IoT manufacturers whose devices are being run in your organization, and plan to retire any devices that are no longer receiving the support they need to stay secure.

IoT 58

Botnet operators target multiple zero-day flaws in LILIN DVRs

Security Affairs

Experts observed multiple botnets exploiting zero-day vulnerabilities in DVRs for surveillance systems manufactured by Taiwan-based LILIN.

Data of Indian defence contractor Bharat Earth Movers Limited (BEML) available online

Security Affairs

The company manufactures a variety of heavy equipment (bulldozers, dump trucks, hydraulic excavators, wheel loaders, rope shovels, walking draglines, motor graders and scrapers), such as that used for earthmoving, transport and mining.

NEW TECH: DataLocker introduces encrypted flash drive — with key pad

The Last Watchdog

DataLocker honed its patented approach to manufacturing encrypted portable drives and landed some key military and government clients early on; the company has continued branching out ever since. All the user needs is a strong password to access to the data. The administrator can set password rules, put certain types of files on white lists or black lists, remotely reset devices; they can even disable devices lost in the field.

eCh0raix ransomware is back and targets QNAP NAS devices again

Security Affairs

The ransomware targets poorly protected or vulnerable NAS servers manufactured by Taiwan-based QNAP Systems, attackers exploits known vulnerabilities or carry out brute-force attacks.

MY TAKE: Iran’s cyber retaliation for Soleimani assassination continues to ramp up

The Last Watchdog

Hackers seeking to get in position to take over control or otherwise disrupt utilities are seeking paths through original equipment manufacturers, third-party vendors, and telecom providers. Less than 48 hours after the killing of Iran’s General Qasem Soleimani, the U.S.

Hackers infect Linux servers with JungleSec Ransomware via IPMI Remote console

Security Affairs

“In one case, the IPMI interface was using the default manufacturer passwords. Experts recommend securing the IPMI interface by changing the default password and configuring ACLs that allow only certain IP addresses to access the IPMI interface.

French Firms Rocked by Kasbah Hacker?

Krebs on Security

A search on the ing.equipepro@gmail.com address at 4iq.com — a service that indexes account details like usernames and passwords exposed in Web site data breaches — shows this email address was used to register an account at the computer hacking forum cracked[.]to

Working Remotely? Remember to Secure Your Webcam

Adam Levin

Here are a few things you can do to protect your privacy while working and schooling from home: Update default passwords : Many webcams come with a default login and password, typically something like admin / admin.

Flaws in 4G Routers of various vendors put millions of users at risk

Security Affairs

Security expert discovered multiple flaws in 4G routers manufactured by several companies, some of them could allow attackers to take over the devices. G Richter, a security researcher at Pen Test Partners discovered multiple vulnerabilities 4G routers manufactured by different vendors.

Risk 111

List of data breaches and cyber attacks in June 2020 ­– 7 billion records breached

IT Governance

Amtrak resets user passwords after Guest Rewards data breach (unknown). Tait Towers Manufacturing discloses security incident affecting employee data (unknown). CMS Joomla posts unencrypted database of user passwords online (2,700).

The Unsexy Threat to Election Security

Krebs on Security

In the wake of the 2016 attack, San Mateo County instituted two-factor authentication for its email accounts — requiring each user to log in with a password and a one-time code sent via text message to their mobile device.

ARES ADB IOT Botnet targets Android Set Top Boxes (STB) and TVs

Security Affairs

Experts noticed that most of the devices targeted by the bot are Android set-top boxes manufactured by HiSilicon , Cubetek , and QezyMedia. Ares bot also scans for both other Android systems running Telnet services and attempt to crack passwords protecting them.

IoT 98

Tracing the Supply Chain Attack on Android

Krebs on Security

” Among the responsibilities for this position were: -Crack the restrictions imposed by the manufacturer on the mobile phone.

Millions of IoT Devices exposed to remote hacks due to iLnkP2P flaws

Security Affairs

Roughly 50% of vulnerable devices is manufactured by Chinese company Hichip. An attacker could chain the issues to steal password theft and possibly remotely compromise the devices, he only needs to know the IP address of the P2P server used by the device.

IoT 103

Winnti APT group uses skip-2.0 malware to control Microsoft SQL Servers

Security Affairs

malware was used by threat actors to establish a backdoor in MSSQL Server 11 and 12 servers, allowing them to access to any account on the server using a “magic password.” Security experts have a new malware, dubbed skip-2.0

LokiBot info stealer involved in a targeted attack on a US Company

Security Affairs

Security researchers at Fortinet uncovered a malspam campaign aimed distributing the LokiBot malware at a US manufacturing company. FortiGuard SE Team experts uncovered a malspam campaign aimed distributing the LokiBot malware at a US manufacturing company. manufacturing company.

Gangnam Industrial Style APT campaign targets industrial firms worldwide

Security Affairs

Experts from the CyberX’s threat intelligence team Section 52 uncovered an ongoing cyberespionage campaign, tracked as Gangnam Industrial Style, that targeted industrial, engineering, and manufacturing organizations, most of them in South Korea (60%).

Tracing the Supply Chain Attack on Android

Krebs on Security

” “At present, pre-installed partners cover the entire mobile phone industry chain, including mobile phone chip manufacturers, mobile phone design companies, mobile phone brand manufacturers, mobile phone agents, mobile terminal stores and major e-commerce platforms,” reads a descriptive blurb about the company. ” Among the responsibilities for this position were: -Crack the restrictions imposed by the manufacturer on the mobile phone.

Consumer Reports Reviews Wireless Home-Security Cameras

Schneier on Security

They could be discovered by anyone who finds or guesses the camera's IP address­ -- and if you haven't set a strong password, a hacker might find it easy to gain access. The real news is that Consumer Reports is able to put pressure on device manufacturers: In response to a Consumer Reports query, D-Link said that security would be tightened through updates this fall. This is the sort of sustained pressure we need on IoT device manufacturers.

Adidas data breach

IT Governance

In its statement , Adidas said: “According to the preliminary investigation, the limited data includes contact information, usernames and encrypted passwords.

SHARED INTEL: Study shows mismanagement of ‘machine identities’ triggers $52 billion in losses

The Last Watchdog

The humans use usernames and passwords to identify themselves to machines. The machine don’t use usernames and passwords; they use machine identities. Hudson: We have about 400 customers worldwide: big banks, big airlines, airplane manufacturers, big payment card companies, big health care insurers, big retailers. In one sense, digital transformation is all about machines.

Moxa Industrial Switches plagued with several flaws

Security Affairs

Industrial control systems used in many industries, including the energy sector, critical manufacturing, and transportation, continues to be an element of concern for security experts.