Commonly Used Passwords
by Artie Kaye
Cybersecurity company Rapid7 has conducted research involving honey pots to gather data on the most commonly used passwords. They found just over half a million different passwords were used against their trapped devices. Having a secure password is critical for keeping your data safe. Users on your network should also maintain secure passwords. A password manager is a great tool as it will generate random passwords for you.
The most commonly attempted passwords and user names.
Username: administrator, user, admin
Password: root, admin, nproc, password, 123456
https://www.darkreading.com/endpoint/a-common-password-list-accounts-for-nearly-all-cyberattacks
https://www.securityweek.com/password-report-honeypot-data-shows-bot-attack-trends-against-rdp-ssh
Google’s New Tool GUAC
by Artie Kaye
Graph for Understanding Artifact Composition, or GUAC is designed to make open source digital supply chains more secure. It will be able to help companies test any dependencies in their products for validity or trustworthiness. The functionality is multipurpose, and can be used at any stage of development. This is ultimately a consolidation of information that will be constantly updating and scanning for known vulnerability types or issues that can arise in products. It will be an invaluable tool for anyone using open source to help keep their end users and their products safe.
https://www.securityweek.com/googles-guac-open-source-tool-centralizes-software-security-metadata
https://thehackernews.com/2022/10/google-launches-guac-open-source.html
WordPress Updates
by Artie Kaye
The blogging site has released patches for their software relating to cross-site scripting, SQL injection, and other vulnerabilities. If you are not setup to get automatic updates, make sure to patch to protect yourself and visitors to your site. Compromised WordPress sites are a major source of credit card skimming attacks. The patched version is 6.0.3.
https://www.securityweek.com/wordpress-security-update-603-patches-16-vulnerabilities
Large Oracle Bug Patch
by Artie Kaye
Patch Tuesday saw 370 flaws addressed by Oracle. Many of the flaws are severe to critical and should be attended to as soon as you are able. If you are using any of their products, please update. For the full list of what was fixed, please click the Oracle link below.
https://www.oracle.com/security-alerts/cpuoct2022.html
https://www.securityweek.com/oracle-releases-370-new-security-patches-october-2022-cpu