All About Password Managers: Benefits and Risks

All About Password Managers: Benefits and Risks

Password security is important but not everyone has good password habits. In a global survey, 75% of employees admitted to reusing passwords across their personal and work accounts. This is problematic and can put organizations at risk. One of the ways people solve this problem is by using password managers. But are password managers safe?

password management

Source: Ovum

What is a Password Manager?

Password managers are programs that store and manage your passwords across all your accounts. Password managers store your passwords in an encrypted database that can only be accessed through a master password.

What are the benefits?

Convenience: Password managers make accessing your accounts easier because you only need to remember the master password. This eliminates the headache of having to remember several different passwords for each of your accounts.

Secure passwords: Password managers can generate random, unique passwords for each of your accounts, removing the effort needed to come up with a different password each time. This is done through encryption algorithms that use a combination of symbols, numbers and upper and lowercase letters. As a result, your passwords are harder to guess, which makes them more secure.

Easy to use: Password managers can lead to a seamless user experience. Some managers can autofill your credentials, meaning they can recognize the URL of a website and enter the corresponding credentials automatically. This can help prevent you from entering your credentials into a fake website.

What Are the Risks?

They’re targets: Although password manager databases are encrypted, they are still vulnerable. Due to the important information they house, they are prime targets for hackers. Password manager Blur recently disclosed a breach that exposed information of 2.4 million users, including their encrypted Blur passwords.

Putting your eggs in one basket: When you use a password manager, you are relying on one program to house access to all your accounts. This means that if your password manager gets hacked, all your passwords are exposed. Similarly, forgetting your master password means losing access to all your passwords.

Autofill: Most password managers use autofill to make it easier for users to log in. The downside of autofill is that it remains a big security risk. Research has found that saved information can be accessed through invisible log in forms that trick your browser into filling your personal information.

Do I Need a Password Manager?

Overall, password managers are considered to be more secure than storing your passwords in a computer file or writing them down. Unlike browser-based password storage, password managers are encrypted, making it harder for outside parties to view your credentials. If you decide to use a password manager, you need to make sure you understand the pros and the cons.

Make sure you do your research when deciding on using a password manager. Some highly recommended password managers are KeePass, 1Password, and Dashlane.

When it comes to security, you should not just be relying on a password manager to keep your accounts safe. It’s still important to use multi-factor authentication and a blend of threat defence techniques (such as email and firewall security solutions) to protect against malware.

Threats of the Week – January 7, 2019

Threats of the Week – January 7, 2019

Mirai Malware

 

 

Trend Micro noted that the threat, which was first identified in early December, takes advantage of an exploit in the ThinkPHP programming framework. The remote code execution (RCE) vulnerability allows threat actors to infect machines based on the Linux operating system and execute Miori, which then generates a notification on the victim’s console.

Once attackers verify that a system has been infected through their command-and-control (C&C) server, they utilize the Telnet protocol and take advantage of weak or commonly used passwords to conduct brute-force attacks on other IP addresses.

Source: SecurityIntelligence

How do you protect yourself?

Proper security measures must be in place to defend against Mirai malware and similar threats. Make sure you only download legitimate apps from the app store and do not click on suspicious links. Having proper up-to-date endpoint and firewall security provides a cross-generational blend of threat defense techniques to protect systems from malware.

 

CVE-2018-16011

 

 

Adobe has released security updates for Adobe Acrobat and Reader for Windows and MacOS. These updates address critical vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Affected Versions

Product Track Affected Versions Platform
Acrobat DC Continuous 2019.010.20064 and earlier versions Windows and macOS
Acrobat Reader DC Continuous 2019.010.20064 and earlier versions Windows and macOS
Acrobat 2017 Classic 2017 2017.011.30110 and earlier version Windows and macOS
Acrobat Reader 2017 Classic 2017 2017.011.30110 and earlier version Windows and macOS
Acrobat DC Classic 2015 2015.006.30461 and earlier versions Windows and macOS
Acrobat Reader DC Classic 2015 2015.006.30461 and earlier versions Windows and macOS

Source: Adobe

How do you protect yourself?

Adobe recommends users update their software installations to the latest versions.

 

EternalBlue Exploit

 

 

The latest version of NRSMiner has been spotted in recent attacks across Asia which are compromising systems which have not been patched against the well-known EternalBlue exploit.

According to cybersecurity researchers from F-Secure, unpatched machines in Asia — centered in Vietnam — are being infected with the latest version of NRSMiner, malware designed to steal computing resources in order to mine for cryptocurrency.

The new version of the malware relies on the EternalBlue exploit to spread through local networks.

EternalBlue is an SMBv1 (Server Message Block 1.0) exploit which is able to trigger remote code execution (RCE) attacks via vulnerable Windows Server Message Block (SMB) file-sharing services. The security flaw responsible for the attack, CVE-2017-0144, was patched by Microsoft in March 2017 and yet many systems have still not been updated and remain vulnerable to attack.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against EternalBlue exploit and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

7 Security New Year’s Resolutions for Your Business

7 Security New Year’s Resolutions for Your Business

2018 was a big year in security. New privacy laws were implemented  (GDPR in Europe and PIPEDA in Canada) and 2018 had the second greatest number of reported data breaches in a year since 2005. Some of the major data breaches that happened this year include those that affected airline Cathay Pacific, Marriott hotels and Facebook.

With 2019 coming up, many organizations will be looking to see how they can take their security to the next level. To help your organization get cyber ready for the new year, here are 7 security resolutions for 2019.

Source: Cisco 

7 Security New Year’s Resolutions

1. Manage local admin passwords: Local administrative accounts are privileged accounts that allow access across your network. These accounts often have easy-to-guess, default passwords that are the same across all the machines in your network This means that if a hacker is able to get hold of your local admin account, they can move freely across your network. In order to protect yourself, you need to either disable these accounts or make each local admin password unique. If you haven’t already done this, now’s a good time to start.

2. Adjust your social media privacy settings: Social media has become an integral for businesses to market themselves and reach out to their customers. However, social media can lead to great security risks. It’s important for businesses to adjust their security settings on their social media accounts. Limit access to your accounts and disable auto location tracking. You should be in control of your social media accounts, not the other way around.

3. Secure remote devices: Working remotely helps business productivity but it is also a security risk. Research has found that a third of cyber attacks are a result of unsecure remote working. Businesses need to ensure that employees are taking the proper precautions when they are working remotely. All remote devices should include endpoint security with anti-virus and firewalls. The new year might be a good time to re-evaluate your BYOD and remote working policies.

4. Implement Zero Trust security model: “Never trust; always verify” is the motto of a Zero Trust model. This means that nothing in your network (including users, devices, servers, etc.) should be trusted until you can verify its identity. Implementing Zero Trust requires a shift in how your organization thinks about security. Start by assessing your devices and data and adjust your security controls appropriately.

5. Limit privilege access: According to Forrester, 80% of security breaches involve privileged credentials. Limiting your local admin privileges is important, and one way to do this is to use least privilege access. Least privilege is the practice of restricting access rights for users and accounts. Make sure that you are limiting access to only those who need it.

6. Use a comprehensive prevention system: Hackers will be looking for any weak spots to exploit your vulnerabilities. It’s important to be one step ahead by protecting every layer of your organization. This includes using advanced security technology, like a SIEM system, to monitor your environment for threats.

7. Boost your security culture: 95% of organizations say their current cybersecurity environments are far from the ones that they would like to have. The new year is often a time for fresh starts, so why not improve your cybersecurity culture? Start the new year by educating your employees with cyber awareness training or with a cybersecurity assessment from our Consult IT team. It’s never too late to start protecting your organization.

Threats of the Week – December 31, 2018

Threats of the Week – December 31, 2018

Siren Bot

 

 

Researchers identified a new DoS bot family named Siren that uses 10 different DoS methods to carry out attacks.

The bot is capable of carrying out HTTP, HTTPS, and UDP flooding on any web server location as instructed by the command-and-control (C&C) server, according to a Dec. 21 blog post.

Siren is also capable of downloading and executing a payload from the URL given by the C&C server, updating, deleting itself using the cmd process, and uninstalling itself using the same process.

Source: SC Media

How do you protect yourself?

Proper security measures must be in place to defend against Siren bot and similar threats. Make sure you only download legitimate apps from the app store and do not click on suspicious links. Having proper up-to-date endpoint and firewall security provides a cross-generational blend of threat defense techniques to protect systems from malware.

 

CVE-2018-7800

 

 

Schneider Electric is warning about a critical vulnerability in its EVLink Parking devices – a line of electric vehicle charging stations. The energy management and automation giant said the vulnerability is tied to a hard-coded credential bug that exists within the device that could enable attackers to gain access to the system. Affected are EVLink Parking floor-standing units (v3.2.0-12_v1 and earlier).

Source: ThreatPost

How do you protect yourself?

The vulnerability is fixed in the latest EVlink Charging Station software updates.

 

JungleSec Ransomware

 

 

A ransomware called JungleSec is infecting victims through unsecured IPMI (Intelligent Platform Management Interface) cards since early November.

When originally reported in early November, victims were seen using Windows, Linux, and Mac, but there was no indication as to how they were being infected. Since then, BleepingComputer has spoken to multiple victims whose Linux servers were infected with the JungleSec Ransomware and they all stated the same thing; they were infected through unsecured IPMI devices.

IPMI is a management interface built into server motherboards or installed as an add-on card that allow administrators to remotely manage the computer, power on and off the computer, get system information, and get access to a KVM that gives you remote console access.

This is extremely useful for managing servers, especially when renting servers from another company at a remote collocation center. If the IPMI interface is not properly configured, though, it could allow attackers to remotely connect to and take control of your servers using default credentials.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against JungleSec ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

5 Cyber Awareness Mistakes and How to Fix Them

5 Cyber Awareness Mistakes and How to Fix Them

According to a new report, nearly one in four employees are unaware of common cyber threats like ransomware and phishing. This is alarming, as these types of cyber threats affect businesses of all sizes everyday.

Take the recent BEC scam that hit American non-profit Save the Children as an example. A hacker managed to compromise an employee account and use it to send fake invoices that scammed the charity of almost $1 million.

Stories like this highlight the importance of cyber awareness training. If employees are not equipped with the knowledge to operate safely online, how can your business stay protected? Technology alone cannot prevent your employees from falling for social engineering tactics. Your employees need to fill the security gaps within your organization and act as a human firewall.

cyber awareness mistakes

Source: ISACA 

Avoid These 5 Security Awareness Mistakes

Cyber awareness training is important for your organization and can help protect you in the long run. But if training is not implemented properly, your organization won’t see any change. When considering cyber awareness training, consider the following pitfalls.

1. Training is only a one-time event: So, you’ve already implemented cybersecurity awareness training. But just because you did it once, doesn’t mean that you automatically have cyber aware staff. Employees can forget what they’ve learned, or new information can be released that you’re missing out on. You should consider training your employees at least once every quarter. It’s important to keep the information fresh in their minds so that they can apply it to their everyday work.

2. Failing to include security training during onboarding: Onboarding a new employee often focuses on acquainting your new hire with their role and about the company. While all of this is important, so is educating them about security. Include a review of your company’s security and BYOD policy when you train your new employees. This will show new hires that security is important to your organization and get them to think mindfully about security from the start.

3. Training doesn’t align with your objectives/goals: It’s hard to encourage your employees to get behind awareness training if there is no clear objective. Think about why you are implementing this training. What are the weak points within your organization? How will training address these issues to your employees? Security awareness training should compliment your IT/security goals. Be upfront with your employees about the training and explain what you expect from them.

4. Employees are not tested: You can’t measure the impact of your training if you are not testing your employees. You should test your employees before and after training to see if there are any improvements. The objective of training your employees is to change their behaviour towards security and your tests should reflect that. Having your employees apply what they’ve learned by using a phishing test will give you a better idea on their improvement than simply testing their knowledge.

5. Failing to remind employees of their learning: Security awareness should be a continuous learning process. This change cannot happen overnight. In order for your employees to retain what they’ve learned, they need to be refreshed with the content. Send out weekly newsletters on the latest threats to keep your employees informed of the threat landscape. Remind them of your security policies and best practices.

At Jolera, we offer a comprehensive cyber awareness training course for employees. We cover a wider variety of topics related to the threat landscape and provide posters and a training portal for your organization to access. Contact us today to learn more about Secure IT – Training.

Threats of the Week – December 24, 2018

Threats of the Week – December 24, 2018

ThreadKit Malware

 

 

In the recently released report, Fidelis threat research analysts found that despite reported arrests, Cobalt Group continues to remain active, using a new version of ThreadKit, a macro delivery framework sold and used by numerous actors and groups. In addition, researchers identified CobInt, a loader and backdoor framework utilized in profiling systems.

The threat group had largely been targeting banks in Eastern Europe using phishing emails with malicious PDF attachments that allowed the group to steal more than $32,000 from multiple ATMs in an overnight attack.

Prior to Interpol reportedly arresting the group’s leader in March 2018, it was estimated that the threat actors had pilfered as much as $1.2 billion from banks across 40 different countries.

Source: Infosecurity Magazine

How do you protect yourself?

Proper security measures must be in place to defend against ThreadKit malware and similar threats. Make sure you only download legitimate apps from the app store and do not click on suspicious links. Having proper up-to-date endpoint and firewall security provides a cross-generational blend of threat defense techniques to protect systems from malware.

 

CVE-2018-20299

 

 

A recently discovered security vulnerability affects both the Bosch Smart Home 360° indoor as well as the Eyes outdoor cameras. It potentially allows the unauthorized execution of code on the device via the network interface.

The vulnerability can be used to remotely execute code on the device (RCE). This would enable a potential attacker, for example, to bypass access restrictions (e.g. username / password) or to reactivate disabled features (e.g. telnet). A necessary prerequisite for this attack is the network access to the webserver (HTTP / HTTPS) of the device. Despite its high rating, possible attacks are considered incapable of accessing private keys if they are stored on the devices’ Trusted Platform Module (TPM). An affected camera can be restored to its original state by the factory reset button.

Source: Bosch

How do you protect yourself?

The recommended approach is to update the firmware of all Bosch Smart Home cameras to a fixed version, that is, 6.52.4 or higher. Updated firmware files are available and offered to all customers via the existing update mechanism in the Bosch Smart Home camera app.

 

Zebrocy Trojan

 

 

The Zebrocy trojan – a custom downloader malware used by Russia-linked APT Sofacy (a.k.a. APT28, Fancy Bear or Sednit) – has a new variant. While it’s functionally much the same as its other versions, the new code was written using the Go programming language.

The similarities between the new payload and previous Zebrocy variants start with the fact that the versions share the same command-and-control (C2) URL, according to an analysis from Palo Alto’s Unit 42 group. Beyond that, additional overlaps include the fact that it does initial data collection on the compromised system, exfiltrates this information to the C2 server and attempts to download, install and execute an additional payload from the C2.

Source: Threatpost

How do you protect yourself?

Proper security measures must be in place to defend against Zebrocy Trojan and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.