Researcher Says Healthcare Facility’s Doors Hackable for Over a Year

September 25, 2024 at 08:48AM Researcher Shawn Merdinger discovered a serious vulnerability in a US healthcare facility that allows threat actors to hack its building doors. The vulnerability stems from the exposure of the facility’s door access system to the internet and the use of default credentials. The facility has denied the findings, and some … Read more

Hackers Exploit Default Credentials in FOUNDATION Software to Breach Construction Firms

September 19, 2024 at 12:21PM Cybersecurity company Huntress has identified threat actors targeting the construction sector by infiltrating the FOUNDATION Accounting Software. Attackers use brute force to exploit default credentials, gaining access to plumbing, HVAC, concrete, and related sub-industries. To mitigate risk, it’s advised to rotate default credentials, avoid exposing the application over the public … Read more

Contractor Software Targeted via Microsoft SQL Server Loophole

September 18, 2024 at 05:09PM Threat actors have been targeting Foundation accounting software used in construction, exploiting vulnerabilities in plumbing, HVAC, and concrete sub-industries. Researchers at Huntress discovered the threat, involving host/domain enumeration commands. The software’s MSSQL instance allows mobile app access, potentially exposing TCP port 4243 to the public. Organizations are advised to rotate … Read more

Threat Actors Target Accounting Software Used by Construction Contractors

September 18, 2024 at 11:14AM Huntress warns of cyberattacks targeting Foundation Accounting Software, widely used in construction. Threat actors are brute forcing the application and exploiting default credentials, compromising organizations in various sub-industries. The attackers target MSSQL accounts, execute OS commands, and automate attacks. Only 33 publicly exposed hosts running the software with unchanged default … Read more

Protect your Active Directory from these Password-based Vulnerabilities

December 14, 2023 at 11:25AM Active Directory (AD) is a prime target for threat actors due to its role in identity management. Vulnerabilities like Kerberoasting, password spraying, default credentials, and privilege escalation pose significant risks. Specops Password Policy and Specops Password Auditor offer solutions to safeguard against these threats, through strong password enforcement and breach … Read more