EUVD-2020-6069

Malware in sbrugna...

CVE-2020-13858

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They contain two undocumented administrator accounts. The sftp and mofidev accounts are defined in /etc/passwd and the password is not unique across installations...

Advice for manufacturers on the coming PSTI regulation

TL;DR PSTI: The UK Product Security and Telecommunications Infrastructure Product Security Act Regulations effective from 29 April 2024 Assess how, where, why, and when you may be affected Review supply chain and in-house teams for compliance readiness Specific obligations for manufacturers,...

10 things to do to improve your online privacy

1. Set up two-factor authentication Do this for as many of your online accounts as you can, especially the major ones like your email and social media accounts. Two-factor authentication 2FA adds an extra step of protection and makes it much harder for attackers to login as you. We recommend usin...

3 crucial security steps people should do, but don't

Cybersecurity could be as easy as 1-2-3. The problem, though, is that people have to want it. In new research conducted by Malwarebytes, internet users across the United States and Canada admitted to dismal cybersecurity practices, failing to adopt some of the most basic defenses for staying safe...

Setting Strong and Unique Passwords: The First Line of Defense for PS5 Security

By Owais Sultan A strong password for your PS5 enhances security, thwarting unauthorized access and protecting your personal information and gaming… This is a post from HackRead.com Read the original post: Setting Strong and Unique Passwords: The First Line of Defense for PS5 Security...

5 ways to spring clean your security

It is now officailly spring in the Northern Hemisphere, and with spring and the longer days comes the inescapable urge to shake off the lethargy of Winter and embrace the need to go through your stuff, throw a bunch of it out, and give the rest of it a shiny new lustre. And in our increasingly...

Why Insisting on Complicated Passwords can be a Dangerous Security Practice

According to the Forester Insider Threat report, commissioned by Imperva in 2021, 50% of the companies surveyed plan to increase security awareness among their employees over the next 12 months. Many are already doing so and have solid practices in place. According to the 2022 Ponemon Report on t...

Five Critical Password Security Rules Your Employees Are Ignoring

According to Keeper Security's Workplace Password Malpractice Report, many remote workers aren't following best practices for password security. Password security was a problem even before the advent of widespread remote work. So, what happened post-pandemic? Keeper Security's Workplace Password...

CVE-2020-13858

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They contain two undocumented administrator accounts. The sftp and mofidev accounts are defined in /etc/passwd and the password is not unique across installations...

Unspecified Vulnerability in Mofi Network MOFI4500-4GXeLTE

The Mofi Network MOFI4500-4GXeLTE is a wireless router from Mofi Network. A security vulnerability exists in the Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices, which stems from the inclusion of two unarchived administrator accounts. sftp and mofidev accounts are defined in the etc...

Mandatory IoT Security in the Offing with U.K. Proposal

The U.K. government has unveiled a proposed law aimed at securing internet of things IoT devices, which have historically been riddled with basic security issues. The drafted law, announced on Monday, comprises three main mandates for IoT manufacturers. First, all consumer IoT device passwords mu...

IoT bills and guidelines: a global response

You may not have noticed, but Internet of Things IoT rules and regulations are coming whether manufacturers want them or not. From experience, drafting up laws which are hopefully sensible and have some relevance to problems raised by current technology is a time-consuming, frustrating process...

An Astonishing 773 Million Records Exposed in Monster Breach

Collection 1 appears to be the biggest public breach yet, with millions of unique passwords sitting out in the open...

Calif. Law Takes Aim at Weak IoT Passwords

In a first of its kind law, California Governor Jerry Brown signed a bill that bans the use of default “admin” passwords on internet-connected devices sold in the state and requires manufacturers use strong passwords instead. California has been taking aggressive legislative action in 2018 to...

Experts Bemoan Shortcomings with IoT Security Bill

An internet of things IoT bill that would mandate unique passwords for connected devices has been approved by the California state legislature. It will be the first potential connected device regulation to come into effect in the United States if California Gov. Jerry Brown decides to sign it —...

Microsoft Windows: Enforce password history

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winpasswdhistory.nasl 11532 2018-09-21 19:07:30Z cfischer $ Check value for Enforce password history WMI Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This program is free...

OpenSSH Vulnerability

Palo Alto Networks makes use of a the OpenSSH tool. CVE-2016-6210 was recently confirmed to be applicable to the version in use by PAN-OS. Ref 100977/CVE-2016-6210. To exploit this vulnerability, an attacker would have to guess usernames defined as system administrators on the firewall. This issu...

Shared Host Integrated Password System: SHIPS

SHIPS is a solution to provide unique and rotated local super user or administrator passwords for environments where it is not possible or not appropriate to disable these local accounts for both Windows and Linux. Clients may be configured to rotate passwords automatically. Stored passwords can ...

Passera - Tool to generate strong unique passwords for each website

A simple tool that allows users to have strong unique passwords for each website, without the need to store them either locally or with an online service. It is available as a command-line tool for Linux/Mac/Windows and an Android app. Passera turns any entered text into a strong password up to 6...