{"id":34060,"date":"2023-01-16T08:00:07","date_gmt":"2023-01-16T13:00:07","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=522116"},"modified":"2023-01-17T09:29:14","modified_gmt":"2023-01-17T14:29:14","slug":"cyber-security-today-jan-16-2023-hackers-use-stolen-credentials-to-beat-norton-password-manager-and-more","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/cyber-security-today-jan-16-2023-hackers-use-stolen-credentials-to-beat-norton-password-manager-and-more\/","title":{"rendered":"Cyber Security Today, Jan. 16, 2023 \u2013 Hackers use stolen credentials to beat Norton Password Manager, and more"},"content":{"rendered":"<p data-ar-index=\"0\">Hackers use stolen credentials to beat Norton Password Manager, and more.<\/p>\n<p data-ar-index=\"1\">Welcome to Cyber Security Today. It\u2019s Monday, January 16th, 2023. I\u2019m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.<\/p>\n<p data-ar-index=\"2\"><iframe style=\"border: none;\" title=\"Libsyn Player\" src=\"https:\/\/html5-player.libsyn.com\/embed\/episode\/id\/25618572\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/000000\/\" width=\"100%\" height=\"90\" scrolling=\"no\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.amazon.com\/ITWC-Cyber-Security-Today\/dp\/B07BRNG89P\/ref=sr_1_1?s=digital-skills&amp;ie=UTF8&amp;qid=1522688435\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396718 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-alexa-200.png\" alt=\"Cyb er Security Today on Amazon Alexa\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<td><a href=\"https:\/\/www.google.com\/podcasts?feed=aHR0cDovL2N5YmVyc2VjdXJpdHl0b2RheS5saWJzeW4uY29tL3Jzcw%3D%3D\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"thumbnail aligncenter wp-image-408712 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2018\/09\/sub-gp-200.png\" alt=\"Cyber Security Today on Google Podcasts\" width=\"200\" height=\"74\" \/><\/a><\/td>\n<td><a href=\"https:\/\/itunes.apple.com\/ca\/podcast\/cyber-security-today\/id1363182054\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396720 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-itunes-200.png\" alt=\"Subscribe to Cyber Security Today on Apple Podcasts\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p data-ar-index=\"3\"><strong>Using a password manager<\/strong> application to keep track of your passwords for the office or home is an essential element of good cybersecurity. However, using a poor password for logging into the password manager is a recipe for disaster. The latest example is a warning being issued to users of Norton LifeLock Password Manager. <a href=\"https:\/\/apps.web.maine.gov\/online\/aeviewer\/ME\/40\/96dcb549-498b-4cb7-8eee-da182a1aaee3.shtml\" rel=\"noopener\">Notices are going out to over 6,000 people in the U.S.<\/a> and possibly many more around the world after Norton detected a large volume of attempted logins into subscriber accounts last month. A hacker was using stolen lists of usernames and passwords to brute force their way into Norton Password Manager. These credentials weren\u2019t stolen from Norton. They were likely stolen by hackers in other attacks and sold on the dark web. Some people have trouble understanding that they may have created a safe 16-character password for any password manager, but if they also use it for their email, or Facebook, or Instagram or stamp collecting site or any other site and it\u2019s stolen, crooks will try to use it somewhere else. Norton\u2019s parent company, Gen Digital, <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/nortonlifelock-warns-that-hackers-breached-password-manager-accounts\/\" rel=\"noopener\">told the Bleeping Computer<\/a> news service that 925,000 active and inactive accounts may have been targeted. That means the hacker had a list of 925,000 stolen passwords. Remember, there\u2019s no shortcut to good security.<\/p>\n<p data-ar-index=\"4\"><strong>Hackers are trying to exploit<\/strong> Linux environments running unpatched versions of a server administration utility called Control Web Panel. Formerly called CentOS Web Panel, the patch for the serious vulnerability has been available since October. However, <a href=\"https:\/\/arstechnica.com\/information-technology\/2023\/01\/vulnerability-with-9-8-severity-in-control-web-panel-is-under-active-exploit\/\" rel=\"noopener\">according to a news report<\/a> advisories didn\u2019t go public until earlier this month. A commentator with the SANS Institute notes that smart Linux administrators know this interface should not be exposed to the internet. If remote access is needed a VPN or other security connectivity method should be used. The commentator says a quick look on the internet suggests there are only a few instances of Control Web Panel currently exposed to the internet. Still, <a href=\"https:\/\/viz.greynoise.io\/tag\/centos-web-panel-rce-cve-2022-44877-attempt?days=10\" rel=\"noopener\">researchers at GreyNoise say<\/a> attempts to exploit this hole have recently increased.<\/p>\n<p data-ar-index=\"5\"><strong>Last October<\/strong> also saw ManageEngine issue patches for a number of its IT management products. They close a vulnerability if administrators have enabled single-sign-on for authentication and identity management. Hopefully the patches have been installed by now. For administrators worried if they were compromised before the patches were installed <a href=\"https:\/\/www.horizon3.ai\/manageengine-cve-2022-47966-iocs\/\" rel=\"noopener\">researchers at Horizon3 AI have created<\/a> indicators of compromise that security teams should watch for. The company says a search shows there are likely thousands of instances of ManageEngine products exposed to the internet with single-sign-on enabled. Hopefully they all have been patched.<\/p>\n<p data-ar-index=\"6\"><strong>Governments<\/strong> and government-related organizations using Fortinet\u2019s FortiOS VPN are being targeted by an unnamed threat actor. According to researchers at Fortinet, the goal is to exploit a vulnerability first revealed in December.<a href=\"https:\/\/www.fortinet.com\/blog\/psirt-blogs\/analysis-of-fg-ir-22-398-fortios-heap-based-buffer-overflow-in-sslvpnd\" rel=\"noopener\"> Last week Fortinet expanded on that report,<\/a> saying the attackers are trying to install a variant of a generic Linux malware that has been customized for the Fortinet operating system. If they haven\u2019t already done so Fortinet administrators should disable the VPN connectivity, then upgrade to the latest release of the operating system.<\/p>\n<p data-ar-index=\"7\"><strong>Separately,<\/strong> <a href=\"https:\/\/www.fortinet.com\/blog\/threat-research\/supply-chain-attack-using-identical-pypi-packages-colorslib-httpslib-libhttps\" rel=\"noopener\">Fortinet researchers warned Python developers<\/a> of three malicious packages in the PyPI repository of free code libraries. The packages promise to be utilities from an author called \u2018Lolip0p\u2019. However, they link to malware. The suspicious libraries are called \u2018colorslib\u2019, \u2018httpslib\u2019 and \u2018libhttps.\u2019 As I have said before, developers have to be careful before downloading packages of code from any open repository, especially from new authors.<\/p>\n<p data-ar-index=\"8\"><strong>Finally,<\/strong> Juniper Networks has released 32 security advisories for a number of its products. <a href=\"https:\/\/www.securityweek.com\/juniper-networks-kicks-2023-patches-over-200-vulnerabilities\" rel=\"noopener\">According to Security Week<\/a>, they include dealing with about 24 vulnerabilities in the Junos operating system. Administrators of Juniper network devices should be prioritizing the patches.<\/p>\n<p data-ar-index=\"9\">Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. U.S. listeners can also find me on TechNewsDay.com.<\/p>\n<p data-ar-index=\"10\">The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-jan-16-2023-hackers-use-stolen-credentials-to-beat-norton-password-manager-and-more\/522116\">Cyber Security Today, Jan. 16, 2023 \u2013 Hackers use stolen credentials to beat Norton Password Manager, and more<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This episode reports on hackers trying to exploit unpatched versions of Control Web Panel, indicators of compromise for a ManageEngine bug, FortiOS VPNs being targete<\/p>\n","protected":false},"author":17,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[360,16],"tags":[389],"class_list":["post-34060","post","type-post","status-publish","format-standard","hentry","category-podcasts","category-security","tag-cyber-security-today"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/34060","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=34060"}],"version-history":[{"count":3,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/34060\/revisions"}],"predecessor-version":[{"id":34118,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/34060\/revisions\/34118"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=34060"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=34060"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=34060"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}