In-brief: A hard-coded password in many versions of GE’s MultiLink industrial networking switches could open the door to hackers, the Department of Homeland Security ICS-CERT warned.
Passwords
LastPass Says Hackers Stole Account Data
In-brief: LastPass, the keeper of passwords for millions of security conscious Internet users said on Monday that its own systems were breached by hackers.
Cat and Mouse: Web Attacks Increasingly Sidestep WAF Protections
Recently, the Akamai Threat Research Team unveiled a unique distributed brute force attack campaign targeting nearly five hundred WordPress applications. What’s interesting about this campaign? It clearly demonstrates how Web attackers are becoming more sophisticated, attempting to evade security controls – specifically Web Application Firewalls (WAFs) and rate control protections. A Short Primer to Brute-Force Attacks Brute force Web attackers attempt to gain privileged access to a Web application by sending a very large set of login attempts, within a short period of time. Using volumetric single source of attack is easily mitigated by blacklisting. Today’s brute force attacks are typically characterized by volumetric attacks coming from distributed IPs. In this way, if the attacker’s source IP is detected, they can still continue with the attack campaign by switching a source IP. As part of this cat-and-mouse evolution, WAFs are enhanced with several rate control measures that detect and block […]
For Cyber Security Awareness Month: Change Your Passwords, Or Ditch Them?
October has arrived. And while that means colorful foliage and Halloween for many of us, it is also a special time in the information security industry: cyber security awareness month – or NCSAM. Security Ledger will be supporting NCSAM this month with banner ads and other content that highlight NCSAM events. Cyber Security Awareness Month – in its 11th year- is a public-private effort to raise public awareness about online security and safety. It’s best known for the “Stop. Think. Connect.” meme, but also is an occasion for elected officials and private sector firms to highlight cyber security issues. In a Presidential Proclamation released on Tuesday, President Obama called cyber threats “one of the gravest national security dangers the United States faces.” “They jeopardize our country’s critical infrastructure, endanger our individual liberties, and threaten every American’s way of life. When our Nation’s intellectual property is stolen, it harms our economy, […]
Online Authentication Group FIDO Alliance Grabs A Big Bone: Alibaba
The FIDO Alliance, an up-and-coming industry consortium aimed at simplifying online identity and doing away with passwords added IPO darling Alibaba to its Board of Directors, according to a statement on Tuesday. The FIDO (or “Fast IDentity Online”) Alliance announced that Alibaba Group’s payments business, Alipay will be among the first to deploy FIDO technology for secure payments authentication. On September 17, the company announced that it will use Nok Nok Labs’ FIDO-compliant NNL™ S3 Authentication Suite to enable secure online payments via the Fingerprint Sensor (FPS) technology on the Samsung Galaxy S5. Alipay customers will be able to make payments and transfers using Alipay’s mobile application, Alipay Wallet by applying their fingerprint to the Galxy’s fingerprint sensor. “We look forward to participating on the FIDO Alliance board, and assuring that commerce and authentication are uniquely cooperative and seamlessly compatible,” said Ni Liang, Alibaba group, senior director, department of security, in a statement. Mobile payments […]
