Anevia Flamingo XL/XS 3.6.x Default / Hardcoded Credentials Vulnerability

Anevia Flamingo XL/XS versions 3.6.20 and 3.2.9 have a weak set of default and hardcoded administrative credentials that can be easily guessed in remote password attacks and gain full control of the system. Anevia Flamingo XL/XS 3.6.x Default/Hard-coded Credentials Vendor: Ateme Product web page:...

How Microsoft can help you go passwordless this World Password Day

It’s that time of year again. World Password Day is May 4, 2023.1 There’s a reason it’s still going strong 10 years after being created by cybersecurity professionals. A recent study that analyzed more than 15 billion passwords found that the top 10 most popular passwords still include...

How Microsoft can help you go passwordless this World Password Day

It’s that time of year again. World Password Day is May 4, 2023.1 There’s a reason it’s still going strong 10 years after being created by cybersecurity professionals. A recent study that analyzed more than 15 billion passwords found that the top 10 most popular passwords still include...

Sielco PolyEco Digital FM Transmitter 2.0.6 Default Credentials

Sielco PolyEco Digital FM Transmitter 2.0.6 Default Credentials Vendor: Sielco S.r.l Product web page: https://www.sielco.org Affected version: PolyEco1000 CPU:2.0.6 FPGA:10.19 PolyEco1000 CPU:1.9.4 FPGA:10.19 PolyEco1000 CPU:1.9.3 FPGA:10.19 PolyEco500 CPU:1.7.0 FPGA:10.16 PolyEco300 CPU:2.0.2...

2023 identity security trends and solutions from Microsoft

Welcome to 2023! I wanted to kick this year off by having a quick look at the trends in identity security, what you can do about it, and what Microsoft is doing to help you. One of the things we talk about on the team is “shiny object syndrome”—there are a ton of innovative and scary attacks and...

Microsoft Security innovations from 2022 to help you create a safer world today

The start of a new year is always a great time for reflection—to be grateful for all we have and the progress security teams have made as well as look ahead to how we can reshape the security landscape. I use this time to think about goals for the future, and to reflect on the highlights,...

Microsoft Security innovations from 2022 to help you create a safer world today

The start of a new year is always a great time for reflection—to be grateful for all we have and the progress security teams have made as well as look ahead to how we can reshape the security landscape. I use this time to think about goals for the future, and to reflect on the highlights,...

​​Microsoft Entra: 5 identity priorities for 2023

Welcome to 2023. After the pandemic upended how we work, learn, play, and manage our lives, we find ourselves more connected than ever, with more convenient access to an ever-wider range of online tools and experiences. But as our global digital footprint continues to grow, so does the risk of...

New Windows 11 security features are designed for hybrid work

Attackers are constantly evolving, becoming increasingly sophisticated and destructive—the median time for an attacker to access your private data if you fall victim to a phishing email is 1 hour, 12 minutes.1 Microsoft tracks more than 35 ransomware families and more than 250 unique nation-state...

Microsoft: Slow MFA adoption presents “dangerous mismatch” in security

Multi-factor authentication MFA has been around for many years now, but few enterprises have fully embraced it. In fact, according to Microsofts inaugural "Cyber Signals" report, only 22 percent of all its Azure Active Directory AD enterprise clients have adopted two-factor authentication 2FA, a...

PT-2021-15568 · Rexroth +1 · Indramotion Mlc Indramotion Xlc +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue concerns an exposed user and password database due to an unprotected web server resource. The passwords are hashed using a weak hashing algorithm, making them susceptible ...

CVE-2021-41296

ECOA BAS controller uses weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system...

Default credentials

ECOA BAS controller uses weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system...

CVE-2021-41296

CVE-2021-41296 affects ECOA BAS controller family (ECS Router Controller ECS (FLASH), RiskBuster Terminator E6L45, RiskBuster System RB 3.0.0/TRANE 1.0, Ecoa Graphic Control Software, Ecoa SmartHome II, etc.). Root cause: weak/default administrative credentials that can be guessed, allowing remot...

The passwordless future is here for your Microsoft account

Nobody likes passwords. They’re inconvenient. They’re a prime target for attacks. Yet for years they’ve been the most important layer of security for everything in our digital lives—from email to bank accounts, shopping carts to video games. We are expected to create complex and unique passwords,...

COMMAX CVD-Axx DVR 5.1.4 - Weak Default Credentials Stream Disclosure Vulnerability

Exploit Title: COMMAX CVD-Axx DVR 5.1.4 - Weak Default Credentials Stream Disclosure Exploit Author: LiquidWorm Vendor Homepage: https://www.commax.com COMMAX CVD-Axx DVR 5.1.4 Weak Default Credentials Stream Disclosure Vendor: COMMAX Co., Ltd. Prodcut web page: https://www.commax.com Affected...

COMMAX CVD-Axx DVR 5.1.4 Weak Default Credentials Stream Disclosure

Summary COMMAX offers a wide range of proven AHD CCTV systems to meet customer needs and convenience in single or multi-family homes. Description The web control panel uses weak set of default administrative credentials that can be easily guessed in remote password attacks and disclose RTSP strea...

SOYAL Biometric Access Control System 5.0 Weak Default Credentials

Summary Soyal Access systems are built into Raytel Door Entry Systems and are providing access and lift control to many buildings from public and private apartment blocks to prestigious public buildings. Description The web control panel uses weak set of default administrative credentials no...

CVE-2020-14484

OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass the system’s account lockout protection, which may allow brute force password attacks...

CVE-2020-14484

OpenClinic GA is affected on versions 5.09.02 and 5.89.05b. The issue is an authentication flaw that bypasses account lockout protection, enabling brute-force password attempts. The ICS advisory confirms CVE-2020-14484 and links to multiple related vulnerabilities in the same product family. Impa...