News for October 21, 2022


Commonly Used Passwords
by Artie Kaye

Cybersecurity company Rapid7 has conducted research involving honey pots to gather data on the most commonly used passwords.  They found just over half a million different passwords were used against their trapped devices.  Having a secure password is critical for keeping your data safe.  Users on your network should also maintain secure passwords.  A password manager is a great tool as it will generate random passwords for you.

The most commonly attempted passwords and user names.
Username:  administrator, user, admin
Password:  root, admin, nproc, password, 123456

https://www.rapid7.com/blog/post/2022/10/20/new-research-were-still-terrible-at-passwords-making-it-easy-for-attackers/

https://www.darkreading.com/endpoint/a-common-password-list-accounts-for-nearly-all-cyberattacks

https://www.securityweek.com/password-report-honeypot-data-shows-bot-attack-trends-against-rdp-ssh

Google’s New Tool GUAC
by Artie Kaye

Graph for Understanding Artifact Composition, or GUAC is designed to make open source digital supply chains more secure.  It will be able to help companies test any dependencies in their products for validity or trustworthiness.  The functionality is multipurpose, and can be used at any stage of development.  This is ultimately a consolidation of information that will be constantly updating and scanning for known vulnerability types or issues that can arise in products.  It will be an invaluable tool for anyone using open source to help keep their end users and their products safe.

https://www.darkreading.com/application-security/googles-guac-project-aims-to-democratize-software-supply-chain-security-metadata

https://www.securityweek.com/googles-guac-open-source-tool-centralizes-software-security-metadata

https://thehackernews.com/2022/10/google-launches-guac-open-source.html

WordPress Updates
by Artie Kaye

The blogging site has released patches for their software relating to cross-site scripting, SQL injection, and other vulnerabilities.  If you are not setup to get automatic updates, make sure to patch to protect yourself and visitors to your site.  Compromised WordPress sites are a major source of credit card skimming attacks.  The patched version is 6.0.3.

https://www.wordfence.com/blog/2022/10/patch-now-the-wordpress-6-0-3-security-update-contains-important-fixes/

https://www.securityweek.com/wordpress-security-update-603-patches-16-vulnerabilities

Large Oracle Bug Patch
by Artie Kaye

Patch Tuesday saw 370 flaws addressed by Oracle.  Many of the flaws are severe to critical and should be attended to as soon as you are able.  If you are using any of their products, please update.  For the full list of what was fixed, please click the Oracle link below.

https://www.oracle.com/security-alerts/cpuoct2022.html

https://www.securityweek.com/oracle-releases-370-new-security-patches-october-2022-cpu