November 19, 2023 at 09:36PM
NordPass has released its annual list of the most common passwords, with “123456” ranking as the most popular password globally. Passwords like “admin” and sequential number strings also remain popular. NordPass highlights the importance of longer, more complex passwords and recommends using password generators and password managers. In cybersecurity news, the US Federal Communications Commission has enacted rules to combat SIM swapping and port-out fraud, while the FBI warns of a new ransomware strain called Rhysida that exploits well-known vulnerabilities like ZeroLogon.
From the meeting notes, here are the key takeaways:
1. NordPass released its annual list of the most common passwords. While some improvements were seen, many users still have weak passwords. “123456” remains the most popular password globally.
2. Local variations in password choices were observed. US users tend to use generic passwords, while UK users often show team pride or use words like “cheese” and “dragon.”
3. Streaming platforms have particularly weak passwords compared to other credential categories.
4. It is emphasized that longer passwords with a combination of upper and lower-case characters, numbers, and symbols are always better. Password reuse should be avoided, and a password manager is recommended.
Regarding critical vulnerabilities:
1. The Juniper firewall vulnerabilities that were previously reported are now being exploited in the wild. Patches should be applied promptly.
2. The SysAid helpdesk software vulnerability has also been added to the exploited vulnerabilities list. Ensure that the necessary patches are installed.
3. Siemens products have multiple vulnerabilities, including Red Lion Sixnet Remote Terminal Units, Siemens COMOS software, Siemens SIPROTEC 4 7SJ66 control and monitoring devices, Siemens SINEC PNI software, Siemens SIMATIC MV500 optical reader software, Siemens Desigo CC software, Siemens Scalance switches, Siemens Scalance W700-series WAPs, Siemens Ruggedcom APE1808 devices, and Siemens SIMATIC PCS neo versions. Attention should be given to these vulnerabilities even if they weren’t included in the Patch Tuesday roundup.
In terms of the FCC’s new rules:
1. The FCC has introduced rules to combat SIM swapping and port-out fraud. Wireless providers will be required to use secure methods of authenticating customers, notify customers of SIM changes or port-out requests, provide options to block SIM swaps and ports, and keep records of change requests and authentication methods.
2. Customers should ensure they have strong authentication measures in place and report any fraud incidents to their wireless providers.
Finally, an alert has been issued regarding the Rhysida ransomware strain:
1. Rhysida ransomware is active and targeting critical sectors such as education, healthcare, manufacturing, IT, and government.
2. It exploits well-known vulnerabilities like ZeroLogon, which should have been patched in 2020.
3. Rhysida’s controllers also leverage external-facing remote services and use phishing techniques to trick victims into installing malicious software.
It is crucial to stay updated on these vulnerabilities and take appropriate actions to mitigate any risks.