In-brief: A hidden, backdoor account affects a line of VoIP gateways made by DblTek, researchers from TrustWave found. The manufacturers fix, however, may not solve the problem.
Passwords
Survey: Hackers for Hire Find Most Networks Easy Prey
In-brief: A survey of penetration testers by Rapid7 finds most organizations are failing to detect malicious activity on their networks.
FTC Sues D-Link Citing Security Flaws in Routers, Cameras
In-brief: The FTC filed suit against home networking gear maker D-Link alleging the company’s products are insecure and pose a danger to consumers. (Editor’s note: updated to include D-Link’s official statement on the FTC case. – PFR 1/10/2017)
Flaws in connected devices go beyond passwords | CSMonitor.com
In-brief: cybercriminals in recent weeks have amassed a powerful online weapon from compromised internet-linked cameras and video recorders prompting warnings to consumers to change default passwords on their gadgets. But experts warn that changing passwords or making them stronger won’t solve the problem. (Editor’s note: this story is cross posted from Christian Science Monitor Passcode. You can read the full text of the article there.) Cybercriminals in recent weeks have amassed a powerful online weapon from compromised internet-linked cameras and video recorders prompting warnings to consumers to change default passwords on their gadgets. But experts warn that changing passwords or making them stronger won’t solve the problem. Cyber criminals and script kiddies have used weak, easily guessed and default passwords on Internet connected cameras and other devices to assemble botnets of hundreds of thousands of infected devices. Those botnets, in turn, have been the lynch pin in massive and distributed denial […]
Land Rush: Race is On To Hack Vulnerable IoT Devices
In-brief:Cyber criminal groups are racing to gain control over a population of insecure “Internet of Things” devices, with new malware families targeting embedded devices appearing at a steady rate and a noticeable uptick in so-called “brute force” password guessing attacks against embedded systems.
