October 30, 2024

Dsimpson6thomsoncooper

Consider It Solved

We just told you • The Register

We just told you • The Register

In temporary NordPass has introduced its list of the most widespread passwords of 2022, and frankly we are dissatisfied in all of you.

Topping the listing of the most common passwords was, sadly, “password,” adopted by “123456” and its far more protected relative “123456789,” “guest,” “qwerty” and lots more you can absolutely determine out without the need of needing the assistance of a cracking device.

Severely, several of the passwords in this checklist are even words and phrases: Most are just repetitions of a single character, sequences of simple-to-guess quantities, a straight operate down a row of keys, or primary mixtures like “go@123.” 

Alongside with a depressingly primary record of widespread passwords and the velocity it can take to crack them (most are mentioned as < 1 second), NordPass shared some statistics about what's trending in the password world, like the word "Oscars," which pops up especially around award season, as well as "batman," "euphoria" and "encanto" after the eponymous films and TV series that have been popular this year.

This is hardly the first time a list of the most common passwords was led by such easy-to-guess words – nor even the first time this year. Unfortunately, that means there’s a problem with people not getting the message on password hygiene.

Alternatively, it’s possible many of the basic passwords on this list may be from internet connected devices whose owners didn’t change their default passwords. Whether that’s the case or not is unknown, but if true it could indicate another problem that really needs to be dealt with.

Getting back to passwords generated by humans, NordPass has some tips for those among us who would rather be opened up to a simple hack than set a tricky-to-guess one. You’ve probably heard these before, but they clearly need to be stated again. 

For starters, make sure it’s at least 12 characters long, and combine upper/lowercase letters with numbers and symbols. Better yet, use a password generator. 

It’s also essential to not reuse passwords on different accounts, something most of us are probably guilty of, as well as regularly auditing accounts to see which you no longer use and can close to reduce your online footprint.

Be sure to also check your password strength regularly, which lots of password managers and web browsers that store credentials are capable of doing. Regularly change passwords, too.

Speaking of which, NordPass, which is in the password management business, says everyone should get a password manager, but of course they would. 

Cisco warns over Secure Email Gateway

Cisco has published a bug report that warns that Sophos and McAfee scanning engines on Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to bypass specific filtering features. “The issue is due to improper identification of potentially malicious emails or attachments. An attacker could exploit this issue by sending a malicious email with malformed Content-Type headers (MIME Type) through an affected device,” the alert says. “An exploit could allow the attacker to bypass default anti-malware filtering features based on the affected scanning engines and successfully deliver malicious messages to the end clients.”

Nighthawk may be the next Cobalt Strike, researchers warn

A command-and-control framework intended for use by red teams, known as Nighthawk, is becoming more popular, and will likely end up in the hands of threat actors before we know it, Proofpoint researchers are warning

Nighthawk was first detected by Proofpoint in September of this year, and is described by the security company as “a mature and advanced” framework “that is specifically built for detection evasion, and it does this well.”

Nighthawk hasn’t been spotted in the wild being used by bad actors, Proofpoint said, but notes that it would be “incorrect and dangerous to assume that this tool will never be appropriated.” 

Proofpoint said it observed a 161 percent increase in threat actors using Cobalt Strike, a similar C2 framework, between 2019 and 2020, along with additional quick adoption of Silver, an open-source adversary simulation tool. 

Like Cobalt Strike, the company that sells Nighthawk vets its customers to ensure the software doesn’t end up in the hands of bad actors. As Google noted in a blog post this week, vetting hasn’t stopped threat actors from getting their hands on Cobalt Strike, which is why the search giant said in the same post that it recently made back end changes to ensure Cobalt Strike is “harder for bad guys to abuse.” ®

Leave a Reply

dsimpson6thomsoncooper.com | Newsphere by AF themes.