Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Weak Password. Show all posts
Weak Password
Cyber Security Data Encryption Data Theft Email Attacks Multi-Factor Authentication (MFA) NSA and CISA Phishing Attacks VPNS Weak Password

Top 10 Cybersecurity Misconfigurations by NSA and CISA

Protecting your organization's data is more important than ever in an era where digital dangers are pervasive and cyberattacks are increasing in frequency and sophistication. Recognizing the pressing need for heightened cybersecurity, the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have joined forces to release a comprehensive list of the 'Top 10 Cybersecurity Misconfigurations.' As identified by the two agencies, these misconfigurations represent common vulnerabilities that malicious actors often exploit to infiltrate systems, steal data, or disrupt operations.

  • Weak Passwords: Passwords serve as the first line of defense against unauthorized access. Weak or easily guessable passwords are a major vulnerability.
  • Inadequate Access Controls: Failing to implement proper access controls can lead to unauthorized individuals gaining access to sensitive information.
  • Outdated Software and Patch Management: Neglecting software updates and patches can leave known vulnerabilities unaddressed, making systems susceptible to exploitation.
  • Misconfigured Cloud Storage: In the age of cloud computing, misconfigured cloud storage solutions can inadvertently expose sensitive data to the public internet.
  • Improperly Configured VPNs: Virtual Private Networks are vital for secure remote access. Misconfigurations can lead to unauthorized access or data leaks.
  • Lack of Multi-Factor Authentication (MFA): Relying solely on passwords is no longer sufficient. Implementing MFA adds an extra layer of security.
  • Neglecting Security Event Monitoring: Without proper monitoring, suspicious activities may go unnoticed, allowing potential threats to escalate.
  • Inadequate Email Security: Email remains a common vector for cyber attacks. Misconfigurations in email security settings can lead to phishing attacks and malware infections.
  • Insufficient Data Backups: Failing to regularly backup critical data can result in significant data loss during a cyber incident.
  • Unencrypted Data Transmission: Failing to encrypt data in transit can expose it to interception by malicious actors.
Organizations should take a proactive approach to cybersecurity in order to reduce these risks. This entails carrying out frequent security audits, putting in place strict access controls, and keeping up with the most recent cybersecurity risks and best practices.

Programs for employee awareness and training are also essential. An organization's overall security posture can be significantly improved by training personnel on the value of using strong passwords, spotting phishing attempts, and reporting suspicious activity.

Misconfigured cybersecurity poses a serious risk in today's digital environment. Organizations may strengthen their defenses against cyber threats and protect their digital assets by resolving the top 10 misconfigurations identified by the NSA and CISA. Keep in mind that the best kind of defense in the world of cybersecurity is frequently prevention.

Read more »
WiFi
Cyber Security Israel Network Security Security Researchers Weak Password WiFi

70% of WiFi Networks in Tel Aviv were Cracked by a Researcher

 

In his hometown of Tel Aviv, a researcher cracked 70% of a 5,000 WiFi network sample, demonstrating that residential networks are extremely vulnerable and easy to hijack. Ido Hoorvitch, a CyberArk security researcher, first strolled about the city center using WiFi sniffing equipment to collect a sample of 5,000 network hashes for the study. 

The researcher then took the use of a vulnerability that allowed the extraction of a PMKID hash, which is typically generated for roaming purposes. Hoorvitch sniffed with WireShark on Ubuntu and utilized a $50 network card that can function as a monitor and a packet injection tool to collect PMKID hashes. 

Although Hoorvitch highlighted that this form of attack does not require such heavy-duty technology, the team deployed a 'monster' cracking rig made up of eight xQUADRO RTX 8000 (48GB) GPUs in CyberArk Labs. The attack is centered on a weakness found by Hashcat's primary developer, Jens 'atom' Steube. This bug can be used to obtain PMKID hashes and crack network passwords.

"Atom’s technique is clientless, making the need to capture a user’s login in real-time and the need for users to connect to the network at all obsolete," explains Hoorvitch in the report. "Furthermore, it only requires the attacker to capture a single frame and eliminate wrong passwords and malformed frames that are disturbing the cracking process." 

The generation and cracking of PMKs with SSIDs and different passphrases can then be used to crack PMKID hashes collected by wireless sniffers with monitor mode enabled. This data is created from the right WiFi password when a PMKID is generated that is equal to the PMKID acquired from an access point. Hoorvitch employed a conversion tool and Hashcat, a password recovery software, after sniffing out PMKID hashes with the Hcxdumptool utility. 

According to Hoorvitch, many Tel Aviv residents use their cellphone numbers as their WiFi password, thus it wasn't long before hashes were cracked, passwords were obtained, and doors to their networks were opened. Each crack on the researcher's laptop took around nine minutes in these circumstances. The team was able to break into over 3,500 WiFi networks in and around Tel Aviv. 

Despite the risk of being hacked, most consumers do not set a strong password for their WiFi networks, according to the report. Passwords should be at least ten characters long, contain a mix of lower and upper case letters, symbols, and numerals, and be unique. Keeping your router firmware up to date will also safeguard your hardware from attacks based on vulnerability exploits, according to the researcher. WAP/WAP1 and other weak encryption protocols should be disabled as well.
Read more »
Weak Password
Cyber Security Password Hacking Russia Russian Cyber Security Weak Password

Weak passwords is one of the main reasons for computer hacking in Russia

 According to Sberbank Bi.Zone branch cybersecurity specialists, most users use passwords that are too simple, which cybercriminals can easily guess in 46 percent of cases.

In addition, according to a study of the Russian payment system "Mir Plat.form", less than a third of Russians (28%) use different passwords on the Internet, and the data of other Russian citizens are under threat.

For example, most Russians are used to using the same or similar passwords for different sites. At the same time, 76% of them remember passwords, 40% use auto-save, 29% write them down on paper and 18% save them on their devices in text form.

Digital security experts believe you should use different passwords for different sites and services. Moreover, it's safer to remember them than to write them down or use auto-save. According to them, most break-ins occur because of the leakage of a single password and brute-force it to other services.

Yandex confirmed that the repeats are dangerous, if the attacker finds out the password, he will try to enter with it in social networks, in the mail services, and in online banks.

Yandex added that they monitor the appearance of various databases of stolen passwords on the Internet and, if they suspect that a person may use the same combination of characters, they send him in advance to a mandatory change of login data.

The press service of the Vkontakte said that their system will not allow the use of a combination of letters, numbers and signs, which has already been used before when changing credentials.

Specialists urge Internet users to be more responsible in choosing a password to avoid losing important information, money and not to become a victim of blackmail. The most secure password is a combination of upper and lower case letters and digits in random order, with punctuation symbols added.


Read more »
Subscribe to: Posts (Atom)