Cyber Security Today, Jan. 16, 2023 – Hackers use stolen credentials to beat Norton Password Manager, and more

Share post:

Hackers use stolen credentials to beat Norton Password Manager, and more.

Welcome to Cyber Security Today. It’s Monday, January 16th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

Using a password manager application to keep track of your passwords for the office or home is an essential element of good cybersecurity. However, using a poor password for logging into the password manager is a recipe for disaster. The latest example is a warning being issued to users of Norton LifeLock Password Manager. Notices are going out to over 6,000 people in the U.S. and possibly many more around the world after Norton detected a large volume of attempted logins into subscriber accounts last month. A hacker was using stolen lists of usernames and passwords to brute force their way into Norton Password Manager. These credentials weren’t stolen from Norton. They were likely stolen by hackers in other attacks and sold on the dark web. Some people have trouble understanding that they may have created a safe 16-character password for any password manager, but if they also use it for their email, or Facebook, or Instagram or stamp collecting site or any other site and it’s stolen, crooks will try to use it somewhere else. Norton’s parent company, Gen Digital, told the Bleeping Computer news service that 925,000 active and inactive accounts may have been targeted. That means the hacker had a list of 925,000 stolen passwords. Remember, there’s no shortcut to good security.

Hackers are trying to exploit Linux environments running unpatched versions of a server administration utility called Control Web Panel. Formerly called CentOS Web Panel, the patch for the serious vulnerability has been available since October. However, according to a news report advisories didn’t go public until earlier this month. A commentator with the SANS Institute notes that smart Linux administrators know this interface should not be exposed to the internet. If remote access is needed a VPN or other security connectivity method should be used. The commentator says a quick look on the internet suggests there are only a few instances of Control Web Panel currently exposed to the internet. Still, researchers at GreyNoise say attempts to exploit this hole have recently increased.

Last October also saw ManageEngine issue patches for a number of its IT management products. They close a vulnerability if administrators have enabled single-sign-on for authentication and identity management. Hopefully the patches have been installed by now. For administrators worried if they were compromised before the patches were installed researchers at Horizon3 AI have created indicators of compromise that security teams should watch for. The company says a search shows there are likely thousands of instances of ManageEngine products exposed to the internet with single-sign-on enabled. Hopefully they all have been patched.

Governments and government-related organizations using Fortinet’s FortiOS VPN are being targeted by an unnamed threat actor. According to researchers at Fortinet, the goal is to exploit a vulnerability first revealed in December. Last week Fortinet expanded on that report, saying the attackers are trying to install a variant of a generic Linux malware that has been customized for the Fortinet operating system. If they haven’t already done so Fortinet administrators should disable the VPN connectivity, then upgrade to the latest release of the operating system.

Separately, Fortinet researchers warned Python developers of three malicious packages in the PyPI repository of free code libraries. The packages promise to be utilities from an author called ‘Lolip0p’. However, they link to malware. The suspicious libraries are called ‘colorslib’, ‘httpslib’ and ‘libhttps.’ As I have said before, developers have to be careful before downloading packages of code from any open repository, especially from new authors.

Finally, Juniper Networks has released 32 security advisories for a number of its products. According to Security Week, they include dealing with about 24 vulnerabilities in the Junos operating system. Administrators of Juniper network devices should be prioritizing the patches.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. U.S. listeners can also find me on TechNewsDay.com.

The post Cyber Security Today, Jan. 16, 2023 – Hackers use stolen credentials to beat Norton Password Manager, and more first appeared on IT World Canada.

Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

40 thousand routers compromised: Hashtag Trending for Wednesday, March 27th, 2024

A new cyberthreat is taking down home routers. Germany passes a law insisting on end to end encryption. Reports expose the craziness of tech hiring practices, the US government has had it with SQL injection attacks and Elon Musk gets a smackdown from a federal judge as we see more from the X files –

Cyber Security Today, March 27, 2024 – A botnet exploits old routers, a new malware loader discovered, and more warnings about downloading code from...

This episode reports on a new network of 40,000 infected small and home office routers and other devices that are part of a criminal botnet

Apple gets hammered by the EU again: Hashtag Trending for Tuesday, March 26, 2024

Apple gets hammered by the EU once again while there’s a threat in the US of breaking up the big tech giants. Google appears to have another problem AI implementation, Steve Wozniak is back as an unlikely critic of the TikTok ban, a new open source AI that runs on your computer an an Amazon

CIOs complain of “application sprawl” – Hashtag Trending, Monday March 25th, 2024

Apple may get an unexpected penalty from the US Governments new lawsuit, survey of CIOs complains of application sprawl but proposes that the way to get out of it is “more applications”, 1% of employees cause 89% of data loss events and information surfaces about some potentially enormous developments in AI in the coming months.

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways