I had to share this article by Mr. Krebs for a variety of reasons, not the least of which is I have seen ATM’s like this in the wild. It happens far too often and admins and users alike ignore the pitfalls for the sake of convenience. Beware!
Month: July 2016
LastPass Patches Ormandy Remote Compromise Flaw
A patch for the most recent vulnerability in LastPass has been released. Please review your browser extensions and patch accordingly.
https://threatpost.com/lastpass-patches-ormandy-remote-compromise-flaw/119533/
Citibank IT guy deliberately wiped routers, shut down 90% of firm’s networks across America
This is a valuable cautionary tale and it happens more often than any of us want to admit. Insider threats are very real and should be considered as a valid risk in every level of IT Security planning.
Why does Kevin Mitnick recommend 20-character passwords?
This is an interesting read on password/passphrase length by the team at KnowBe4.
https://blog.knowbe4.com/why-does-kevin-mitnick-recommend-20-character-passwords
NIST Recommends SMS Two-Factor Authentication Deprecation
This is an intriguing draft document by NIST concerning SMS and two-factor authentication. This is a commonly used technique for many two-factor providers so conversion to more secure methods may take time. This is certainly not a finalized recommendation and adoption will take time if it moves forward.
https://threatpost.com/nist-recommends-sms-two-factor-authentication-deprecation/119507/
LastPass password manager “zero-day” bug hits the news
This is a very good, common sense explanation of the “zero-day” vulnerability that has been discussed in the press for the popular password manager LastPass. I agree that caution is warranted, but I do not believe it is time to wholesale abandon the product or the use of password managers in general. Watch for the patch and apply as soon as possible.
https://nakedsecurity.sophos.com/2016/07/27/lastpass-password-manager-zero-day-bug-hits-the-news/
Time is of the Essence: Announcing the Cisco 2016 Midyear Cybersecurity Report
Cisco has released their Mid-Year Cybersecurity report. Enjoy!
http://blogs.cisco.com/security/announcing-the-cisco-2016-midyear-cybersecurity-report
