Protecting Against Critical Infrastructure Attacks: Nuclear & Otherwise
The Nuclear Regulatory Commission (NRC) was the target of three separate breaches, according to DarkReading.com and NextGov.com.
Hard-Coded & Default Passwords: Gateway for Massive Attacks
According to an analyst at CERT/CC’s Vulnerability Notes Database, certain Netgear switches contain hard-coded passwords that can allow a remote attacker to authenticate to the web server running on the device.
Anatomy of a Data Breach (2014)
> When it comes to the 2014 Verizon Data Breach Investigations Report (DBIR), web application, cyber-espionage and POS intrusions topped off the list of most frequently occurring categories of data breaches.
POS Remote Access Software: Vulnerable Without 2FA
Breaches of card data and point of sale systems often involve remote access management tools, as attackers scan for remote administration software, then use automated tools to break into weakly protected systems.
The PayPal 2FA Bypass: How Legacy Infrastructure Impacts Modern Security
> If you haven’t enabled two-factor on your PayPal account, you must like living dangerously. With the prevalence of phishing and other credential stealing techniques, relying solely on a password to protect your financially-lucrative accounts is a bad idea.
Duo Security Researchers Uncover Bypass of PayPal’s Two-Factor Authentication
> Researchers at Duo Labs, the advanced research team at Duo Security, discovered that it is possible to bypass PayPal’s two-factor authentication Security Key mechanism, in PayPal nomenclature.
Human Error Accounts for Over 95 Percent of Security Incidents, Reports IBM
According to the IBM Security Services 2014 Cyber Security Intelligence Index, over 95 percent of all incidents investigated recognize human error as a contributing factor.
Two-Factor Authentication for Bank Wire Transfers
> In the case of large-scale retail data breaches, class action lawsuits have been brought against the corporations with claims that they did not implement strong enough security standards to keep consumer data safe.
The Weekly Ink #2
The Weekly Ink is a summary of the top security content of the week injected with our own pointed opinions, and will be posted to our blog…well, weekly.
Default Passwords: Breaching ATMs, Highway Signs & POS Devices
> No matter how many times default passwords are pinpointed as the culprit of a high-profile, wide-spread, massive-scale data breach, they’re still out there. On everything, from highway sign software, to ATMs, POS (Point of Sale) devices, television station broadcasting systems and more.