The U.S. government warns all businesses that they're at elevated risk of online attacks during Thanksgiving, given attackers' proclivity to strike on weekends and
Death to Fluffy : Please Stop With the Pet Name Passwords
May 5, 2021
euroinfosec) • April 9, 2021
Loving your pet and creating tough-to-crack passwords should remain two distinctly separate activities. Using your pet’s name as a password could make you an easy target for callous cybercriminals.
An independent survey conducted for the NCSC - which is the public-facing arm of intelligence agency GCHQ - found that many individuals appear to favor simple passwords that they can remember. Hence, respondents say they often base passwords on:
Pet names - 15%;
Favorite sports team - 6%;
Using the word password - 6%.
The NCSC is using National Pet Day, which is Sunday, as the occasion to remind people to practice good password hygiene. But it s also offering a reminder to businesses to help equip their employees to always use strong, unique passwords across every site and service.
Source: Microsoft, Bleeping Computer
Ransomware-wielding attackers have begun to exploit a serious proxy-logon flaw in unpatched versions of Microsoft Exchange running on premises, Microsoft reports. Hackers have exploited the flaw to access vulnerable servers, crypto-lock files and demand a ransom from victims in return for the promise of a decryption tool.
News of the attack campaign follows Microsoft on March 2 issuing emergency patches to fix four zero-day flaws in Microsoft Exchange, which is one of the most widely used pieces of IT infrastructure in the world. Because we are aware of active exploits of related vulnerabilities in the wild, Microsoft said in its March 2021 Exchange Server Security Updates alert, which it continues to update, our recommendation is to install these updates immediately to protect against these attacks.