Hackers use stolen credentials to beat Norton Password Manager, and more.
Welcome to Cyber Security Today. It’s Monday, January 16th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
Using a password manager application to keep track of your passwords for the office or home is an essential element of good cybersecurity. However, using a poor password for logging into the password manager is a recipe for disaster. The latest example is a warning being issued to users of Norton LifeLock Password Manager. Notices are going out to over 6,000 people in the U.S. and possibly many more around the world after Norton detected a large volume of attempted logins into subscriber accounts last month. A hacker was using stolen lists of usernames and passwords to brute force their way into Norton Password Manager. These credentials weren’t stolen from Norton. They were likely stolen by hackers in other attacks and sold on the dark web. Some people have trouble understanding that they may have created a safe 16-character password for any password manager, but if they also use it for their email, or Facebook, or Instagram or stamp collecting site or any other site and it’s stolen, crooks will try to use it somewhere else. Norton’s parent company, Gen Digital, told the Bleeping Computer news service that 925,000 active and inactive accounts may have been targeted. That means the hacker had a list of 925,000 stolen passwords. Remember, there’s no shortcut to good security.
Hackers are trying to exploit Linux environments running unpatched versions of a server administration utility called Control Web Panel. Formerly called CentOS Web Panel, the patch for the serious vulnerability has been available since October. However, according to a news report advisories didn’t go public until earlier this month. A commentator with the SANS Institute notes that smart Linux administrators know this interface should not be exposed to the internet. If remote access is needed a VPN or other security connectivity method should be used. The commentator says a quick look on the internet suggests there are only a few instances of Control Web Panel currently exposed to the internet. Still, researchers at GreyNoise say attempts to exploit this hole have recently increased.
Last October also saw ManageEngine issue patches for a number of its IT management products. They close a vulnerability if administrators have enabled single-sign-on for authentication and identity management. Hopefully the patches have been installed by now. For administrators worried if they were compromised before the patches were installed researchers at Horizon3 AI have created indicators of compromise that security teams should watch for. The company says a search shows there are likely thousands of instances of ManageEngine products exposed to the internet with single-sign-on enabled. Hopefully they all have been patched.
Governments and government-related organizations using Fortinet’s FortiOS VPN are being targeted by an unnamed threat actor. According to researchers at Fortinet, the goal is to exploit a vulnerability first revealed in December. Last week Fortinet expanded on that report, saying the attackers are trying to install a variant of a generic Linux malware that has been customized for the Fortinet operating system. If they haven’t already done so Fortinet administrators should disable the VPN connectivity, then upgrade to the latest release of the operating system.
Separately, Fortinet researchers warned Python developers of three malicious packages in the PyPI repository of free code libraries. The packages promise to be utilities from an author called ‘Lolip0p’. However, they link to malware. The suspicious libraries are called ‘colorslib’, ‘httpslib’ and ‘libhttps.’ As I have said before, developers have to be careful before downloading packages of code from any open repository, especially from new authors.
Finally, Juniper Networks has released 32 security advisories for a number of its products. According to Security Week, they include dealing with about 24 vulnerabilities in the Junos operating system. Administrators of Juniper network devices should be prioritizing the patches.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. U.S. listeners can also find me on TechNewsDay.com.