CVE-2020-28998

An issue was discovered on Geeni GNC-CW013 doorbell 1.8.1 devices. A vulnerability exists in the Telnet service that allows a remote attacker to take full control of the device with a high-privileged account. The vulnerability exists because a system account has a default and static password...

What can we learn from the passwords used in brute-force attacks?

Brute force attacks are one of the most elementary cyber threats out there. Technically, anyone with a keyboard and some free time could launch one of them -- just try a bunch of different username and password combinations on the website of your choice until you get blocked. Nick Biasini and I...

ZTE MF297D Information Disclosure Vulnerability

The ZTE MF297D is a 4G wireless router from China's ZTE ZTE. The ZTE MF297D suffers from an information disclosure vulnerability that stems from the presence of a password problem vulnerability. An attacker can exploit this vulnerability to obtain sensitive information...

FIDO: Here’s Another Knife to Help Murder Passwords

We all hate passwords, but none of us want to make logging into our accounts a hassle with extra time, steps and devices. That’s why the Fast Identity Online Alliance FIDO published a white paper PDF on Thursday, outlining different use cases for the adoption of their FIDO2 set of specifications...

Google to start automatically enrolling users in two-step verification “soon”

If you use a Google account, it may soon be mandatory to sign up to Googles two-step verification program. As recently as 2017, a tiny amount of GMail users made use of its two-step options. Maybe the uptake is still slow, and Google has decided enough is enough. With so much valuable data stuffe...

Unable to Log On to NetScaler SD-WAN Using PuTTY (Password Caps Locked)

Unable to log on to NetScaler SD-WAN using PuTTY Password Caps Locked...