Password Management

Cybercriminals use proxies and configurations to launch credential stuffing attacks

Application Security, Cybersecurity Attacks, Password Management / By Frank Crast / August 22, 2022 August 22, 2022 / CDN, Cyberattack, Cybersecurity Threat Center, FBI, MFA, OWASP, passwords, SSL

The Federal Bureau of Investigation (FBI) have spotted cybercriminals using proxies and configurations to launch credential stuffing attacks against US companies.

GitLab issues security update for Critical hard-coded password vulnerability (CVE-2022-1162)

Application Security, Password Management, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / April 2, 2022 April 2, 2022 / CVE-2022-1162, GitLab, LDAP, Oauth, OmniAuth, passwords

GitLab has issued a security update to address a Critical vulnerability CVE-2022-1162 where static passwords were inadvertently set during OmniAuth-based registration.

FluBot: Beware of this Android password-stealing malware

Malware, Mobile Security, Password Management / By Frank Crast / April 26, 2021 April 26, 2021 / FluBot, malware, mobile, NCSC, Trojan

Security experts from UK’s National Cyber Security Centre (NCSC) warned of a new malware strain FlyBot, an Andoid password-stealing malware.

PHP user database leak allegedly led to PHP source code compromise

Application Security, Password Management, Vulnerabilities & Exploits / By Frank Crast / April 7, 2021 April 7, 2021 / Gilotine, PHP, Source Code

PHP maintainer Nikita Popov has published new details regarding the likely cause of a recent PHP source code compromise and insert of malicious code.

Hackers target 50K vulnerable Fortinet devices to steal passwords

Cybersecurity Attacks, Network Security, Password Management, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / November 27, 2020 November 27, 2020 / CISA, CVE-2018-13379, Fortinet, FortiOS, VPN

Cybersecurity experts are warning hackers are targeting nearly 50,000 vulnerable unpatched Fortinet VPNs to steal passwords.

Mozilla releases Firefox 78 with new ‘Protections Dashboard’ feature

Password Management, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / July 2, 2020 July 2, 2020 / CVE-2020-12415, CVE-2020-12416, CVE-2020-12417, CVE-2020-12418, CVE-2020-12419, CVE-2020-12420, CVE-2020-12426, Firefox, Firefox 78, Mozilla

The Mozilla Foundation has released Firefox 78 that includes security fixes for multiple vulnerabilities, as well as a new ‘Protections Dashboard’ feature.

FBI and CISA warning of Chinese targeting COVID-19 research organizations

Cybersecurity Attacks, Password Management, Vulnerabilities & Exploits / By Frank Crast / May 15, 2020 May 15, 2020 / CISA, Coronavirus, COVID-19, DHS, FBI, healthcare, Medical

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued a warning of likely targeting and compromise of U.S. COVID-19 research organizations by the People’s Republic of China (PRC).

Alert: Threat actors continue to exploit patched Pulse Secure VPN devices

Identity & Access Management, Network Security, Password Management, Vulnerabilities & Exploits / By Frank Crast / April 17, 2020 April 17, 2020 / Active Directory, CISA, CVE-2019-11510, DHS, Juniper, passwords, Pulse Secure, VPN

Organizations that are running Pulse Security VPN devices may still be at risk of being exploited, even if previously patched, according to a new Department of Homeland Security (DHS) advisory. The risk is elevated if an actor previously exploited CVE-2019-11510 and stole AD credentials from the victim organization.

Zoom patches vulnerability that could allow eavesdropping

Cloud Security, Messaging Security, Password Management, Security Updates & Patches, Uncategorized, Vulnerabilities & Exploits / By Frank Crast / January 28, 2020 January 28, 2020 / Checkpoint, Cloud, eavesdropping, Meeting ID, Password, Vulnerabilities, Zoom

Remote conferencing service company, Zoom, has patched a vulnerability that could allow a bad actor to eavesdrop on your company’s online meetings.

CStealer: a new Windows trojan password stealer

Malware, Password Management / By Frank Crast / November 30, 2019 January 25, 2020 / C2, Chrome, CStealer, malware, MalwareHunterTeam, MongoDB, Trojan

A new Windows trojan dubbed CStealer attempts to steal passwords from Chrome browser. The malware also uses a remote MongoDB server to store the stolen passwords.