article thumbnail

Root Admin User: When Do Common Usernames Pose a Threat?

Data Breach Today

Honeypot Hits Reinforce Need for Strong Passwords and Multifactor Authentication Honeypot data collected by CISO Jesse La Grew highlights how attackers continue to target default usernames - including for SSH - together with weak passwords to gain brute force remote access to their targets.

Honeypots 317
article thumbnail

Stealthworker botnet targets Windows and Linux servers

Security Affairs

Akamai security researcher Larry Cashdollar discovered the campaign after his honeypot was hit by the malware. Once the malicious code has guessed the admin password, Stealthworker installs and deletes various components. Once the malicious code has guessed the admin password, Stealthworker installs and deletes various components.

Honeypots 334
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Edge Devices Face Surge in Mass Brute-Force Password Attacks

Data Breach Today

Scale of Long-Running Attacks 'Unprecedented,' Warns The Shadowserver Foundation Honeypots designed to track malicious internet activity have detected a surge in brute-force password login attempts against edge devices, and especially - but not exclusively - targeting equipment manufactured by Palo Alto Networks, Ivanti and SonicWall, said The Shadowserver (..)

Passwords 165
article thumbnail

Over 19,000 Orange Livebox ADSL modems leak WiFi credentials

Security Affairs

Threat actors are attempting to exploit a flaw in Orange LiveBox ADSL modems to retrieve their SSID and WiFi password in plaintext. Experts at Bad Packets observed a scan targeting their honeypot, further investigation allowed them to discover that they were leaking the local network access details. admin/admin).

Honeypots 275
article thumbnail

Two Linux botnets already exploit Log4Shell flaw in Log4j

Security Affairs

Researchers at NetLab 360 reported that their Anglerfish and Apacket honeypots were already hit by attacks attempting to trigger the Log4Shell flaw in the Log4j library. ssh/authorized_keys file, the attacker can directly log into the remote server without password authentication. After the public key is added to the ~/.ssh/authorized_keys

Honeypots 363
article thumbnail

Evolution of threat landscape for IoT devices – H1 2018

Security Affairs

The researchers set up a honeypot to collect data on infected IoT devices, the way threat actors infect IoT devices and what families of malware are involved. Top 10 countries from which Kaspersky traps were hit by Telnet password attacks is led by Brazil, China, and Japan. What is infecting IoT devices and how?

IoT 266
article thumbnail

Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467

Security Affairs

The SonicWall researchers discovered that the magic string requirePasswordChange=Y is the root cause of the authentication bypass regardless of the username and password field or other parameters in an HTTP request. The experts pointed out that almost all of these are honeypots.

Honeypots 360