New data from Outpost24 reveals that IT administrators could be just as predictable as end-users when it comes to passwords. An analysis of just over 1.8 million passwords ranks ‘admin’ as the most popular password with over 40,000 entries, with additional findings pointing to a continued acceptance of default passwords.
On October 4, 2023, the curl project maintainers sent out a pre-notification that curl version 8.4.0, expected to be released on October 11 (around 06:00 UTC), will address what they denote as the most serious vulnerability in recent years. Curl is a de-facto standard in the software business when it comes to web requests, and supports a wide range of communication protocols. Depending on the vulnerability, it could have far reaching implications.
The infostealer malware Rhadamanthys was discovered in the last quarter of 2022. Its capabilities showed a special interest in crypto currency wallets, targeting both wallet clients installed in the victim’s machine and browser extensions. The main distribution methods observed for this threat are fake software websites promoted through Google Ads, and phishing emails, without discriminating by region or vertical.
During some standard research as part of the Outpost24 Ghost Labs Vulnerability Research department, I discovered four different vulnerabilities in Nagios XI (version 5.11.1 and lower). Three of these vulnerabilities (CVE-2023-40931, CVE-2023-40933 and CVE-2023-40934) allow users, with various levels of privileges, to access database fields via SQL Injections.
Imagine your organization’s digital fortress – now picture a thousand hidden doors, each a potential entry point for cyber threats. In the world of cybersecurity, these doors are known as ‘external attack surface vulnerabilities’ and understanding them is the first step to locking them down. External attack surface vulnerabilities are the weak points of a company’s network that can potentially be exploited by malicious actors.
During a recent customer engagement, I came across an instance of a rather rare vulnerability class called HTTP request smuggling. Over the course of several grueling days of exploit development, I was eventually able to abuse this vulnerability to trigger a response queue desynchronization, allowing me to capture other users’ requests, leading to session hijacking.
Threat Intelligence Analyst How does phishing-as-a-service (PhaaS) really work, and can it really bypass MFA? Here, we will walk you through the user interface of a PhaaS platform, and how its users can quickly build their own attacks using the built-in attack models and templates (and bypass MFA). For a layered approach, beyond MFA, we will introduce you to the benefits of using a threat intelligence solution to stay-ahead of emerging and advanced phishing attacks.
As the threat landscape evolves, so must the methods and tools to safeguard critical digital assets. Vulnerability management programs that were once considered the gold standard are starting to show limitations in their ability to address complex cyber risks.
Threat actors are constantly looking for new ways or paths to achieve their goals, and the use of Artificial Intelligence (AI) is one of these novelties that could drastically change the underground ecosystem. The cybercrime community will see this new technology either as a business model (developers and sellers) or as products to perpetrate their attacks (buyers).
How can you take a proactive approach to your organization’s cybersecurity strategy? Scoping the threat landscape and having a solid incident response plan is a good start. But you also need to continuously seek out vulnerabilities and weaknesses to remediate or mitigate. These vulnerabilities and weaknesses aren’t just limited to systems and processes – the human factor plays a prominent part in many cybersecurity breaches.
