Hard-coded account in ZyXel equipment

This past Christmas, researcher Niels Teusink of the Dutch company EYE reported a vulnerability in Zyxel equipment: an undocumented admin-level account called “zyfwp” with a hard-coded password in a number of hardware firewalls and wireless controllers. The firmware code contains the password, which is unencrypted. Owners are urgently advised to…Read More

Training by security console

The notable shortage of cybersecurity specialists on the market in recent years has become particularly problematic in 2020. The pandemic, which has led to a widespread shift to remote working, has also highlighted the need to change security strategies at many companies. Even small firms have realized that the skills…Read More

Collaboration tools from a security perspective

For many companies, the mass transition of staff to remote working created a need for new tools. Years of fine-tuning employee interaction mechanisms went down the drain overnight as IT departments scrambled to deploy market-ready collaboration solutions. These solutions aroused no less interest among cybercriminals, who smelled an opportunity to…Read More

How to fight delayed phishing

Phishing has long been a major attack vector on corporate networks. It’s no surprise, then, that everyone and everything, from e-mail providers to mail gateways and even browsers, use antiphishing filters and malicious address scanners. Therefore, cybercriminals are constantly inventing new, and refining old, circumvention methods. One such method is…Read More

Zerologon vulnerability threatens domain controllers

On August’s Patch Tuesday, Microsoft closed several vulnerabilities, among them CVE-2020-1472. The Netlogon protocol vulnerability was assigned a “critical” severity level (its CVSS score was the maximum, 10.0). That it might pose a threat was never in doubt, but the other day, Secura researcher Tom Tervoort (who discovered it) published…Read More