Worldwide, a total of 890,000 computers were infected and more than fifty million passwords were stolen. This is the conclusion of security company Group-IB based on its own research. Investigators from the company identified 34 gangs behind the attacks using known malware such as RedLine and Raccoon Infostealer. This malware is capable of stealing login […]
Analysts see an uptick in token theft from authenticated users, allowing threat actors to bypass MFA protections. Stealing session cookies has become one of the most common ways that attackers circumvent multifactor authentication. For unmanaged devices, they recommend conditional access policies and strong controls.
Due to the large number of vulnerabilities in software, the continuous stream of cyber attacks and the conflict in Ukraine, the threat situation in cyberspace is higher than ever before, according to the German government in a new management report for 2022. The annual report of the Bundesamt für Sicherheit in der Informationstechnik (BSI), part […]
Thanks in part to action by the Dutch police, the American authorities have taken offline a criminal marketplace where millions of stolen login details were traded, as well as tens of thousands of credit card details and scanned passports and driver’s licenses. The alleged administrator of the WT1Shop marketplace has also been charged. This is […]
A critical vulnerability in Cisco VPN routers makes it possible for attackers to completely take over the remote devices or have them rebooted, causing a denial-of-service, the network manufacturer that released security updates to fix the problem warns. The vulnerability, designated CVE-2022-20842, is present in the web interface of Cisco Small Business RV routers RV340, […]
A stolen password gave criminals access to 140,000 payment terminals used worldwide to process credit card payments. The payment terminals are from the company Wiseasy and are used by restaurants, hotels, shops and schools, especially in Asia. Through the Wisecloud cloud service, customers’ devices can be managed, configured and updated remotely by Wiseasy. The passwords […]
The 2022 Common Weakness Enumeration (CWE™) Top 25 Most Dangerous Software Weaknesses list demonstrates the currently most common and impactful software weaknesses. Often easy to find and exploit, these can lead to exploitable vulnerabilities that allow adversaries to completely take over a system, steal data, or prevent applications from working.
75% of the most popular websites on the web allow weak passwords such as 12345678, abc123456, and P@$$w0rd. In addition, nearly half of these sites tax users by requiring a special character in their password. This is the result of research by Princeton University into the password policies of popular websites. For the study, the […]
Microsoft’s market dominance creates a big disucssion as they also have the most critical vulnerabilities. Does your organisation assess the 3rd party risk of technology suppliers?
The NetGear BR200 and B500 have such seriousvulnerabilities that they have to be sent back to the company.