Emergency patch: Cisco fixes bug under exploit in brute-force attacks

October 24, 2024 at 02:26PM Cisco has patched a medium-severity security flaw (CVE-2024-20481) in its ASA and FTD software, exploited through brute-force attacks leading to resource exhaustion in devices with remote access VPN enabled. The vulnerability is included in CISA’s Known Exploited Vulnerabilities Catalog, and Cisco urges users to apply updates promptly. ### Meeting Takeaways: … Read more

Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack

October 24, 2024 at 09:03AM Cisco released updates for a critical security flaw (CVE-2024-20481) in its Adaptive Security Appliance, impacting the Remote Access VPN service. Exploitation may cause a denial-of-service (DoS). Cisco advises enabling logging and threat detection as preventive measures against brute-force attacks, while also addressing three additional vulnerabilities in its software. ### Meeting … Read more

Contractor Software Targeted via Microsoft SQL Server Loophole

September 18, 2024 at 05:09PM Threat actors have been targeting Foundation accounting software used in construction, exploiting vulnerabilities in plumbing, HVAC, and concrete sub-industries. Researchers at Huntress discovered the threat, involving host/domain enumeration commands. The software’s MSSQL instance allows mobile app access, potentially exposing TCP port 4243 to the public. Organizations are advised to rotate … Read more

How to defend against brute force and password spray attacks

September 9, 2024 at 10:16AM Today’s organizations face a range of sophisticated cyber threats, including brute force attacks. While lacking finesse, these attacks rely on persistence and can leave well-defended systems vulnerable. Various brute force techniques are used, exploiting weak password practices and predictable patterns. To defend against these attacks, organizations should enforce robust password … Read more

Okta Warns of Credential Stuffing Attacks Using Tor, Residential Proxies

April 29, 2024 at 07:19AM Okta has warned of a surge in credential stuffing attacks utilizing anonymity services, such as Tor, and residential proxies. These attacks leverage stolen credentials to compromise online accounts. The increase in activity may be linked to a recent global brute-force campaign on VPN and SSH services. Okta recommends measures such … Read more

New Password Cracking Analysis Targets Bcrypt

April 24, 2024 at 07:06AM Hive Systems analyzed password cracking through brute-force attacks, shifting from MD5 to Bcrypt. With a dozen NVIDIA GeForce RTX 4090 GPUs, they found that Bcrypt significantly delays cracking times, making strong passwords more secure. However, non-randomly generated passwords can still be breached quickly due to predictability. Hive’s study is based … Read more

Cisco: Multiple VPN, SSH Services Targeted in Mass Brute-Force Attacks

April 17, 2024 at 10:01AM Cisco’s Talos unit warns of mass brute-force attacks targeting VPN services, web application authentication interfaces, and SSH services. The attacks, originating from Tor exit nodes, use generic and valid usernames, affecting various services. Cisco observed a significant increase in these attacks and has added the associated IP addresses to its … Read more

Hacked WordPress sites use visitors’ browsers to hack other sites

March 6, 2024 at 05:40PM Hackers have been targeting WordPress sites with widescale attacks, initially using crypto wallet drainer scripts to steal cryptocurrency. More recently, they have switched to injecting malicious scripts that force visitors’ browsers to conduct bruteforce attacks on other websites. The threat actor’s goal seems to be building a larger portfolio of … Read more

Kenya Detected Over 1B Cyber Threats in Q4

February 9, 2024 at 11:10AM Kenyan officials reported over 1 billion cyber threats in the final quarter of last year, a significant increase from the previous quarter’s 123 million. The surge is attributed to enhanced monitoring capabilities and attackers exploiting vulnerabilities in the nation’s increased internet devices. Efforts to upgrade threat detection systems and staff … Read more

What’s worse than paying an extortion bot that auto-pwned your database?

January 17, 2024 at 10:10AM The Border0 security researchers have identified a malicious extortion bot targeting publicly exposed PostgreSQL and MySQL databases with weak passwords. This bot autonomously wipes out vulnerable databases and leaves a ransom note, claiming to back up the data when in reality it only saves a small portion. It has managed … Read more