default password | Breaking Cybersecurity News | The Hacker News

Not following cybersecurity best practices could not only cost online users but also cost cybercriminals. Yes, sometimes hackers don't take best security measures to keep their infrastructure safe. A variant of IoT botnet, called Owari , that relies on default or weak credentials to hack insecure IoT devices was found itself using default credentials in its MySQL server integrated with command and control (C&C) server, allowing anyone to read/write their database. Ankit Anubhav, the principal security researcher at IoT security firm NewSky Security, who found the botnets, published a blog post about his findings earlier today, detailing how the botnet authors themselves kept an incredibly week username and password combination for their C&C server's database. Guess what the credentials could be? Username: root Password: root These login credentials helped Anubhav gain access to the botnet and fetch details about infected devices, the botnet authors who

US CERT warn about Some Samsung printers, including models the Korean company made for Dell, have a backdoor administrator account coded into their firmware. This hard coded admin account in firmware could enable attackers to change their configuration, read their network information or stored credentials and access sensitive information passed to them by users. Screenshot Even if SNMP is disabled, this " backdoor administrator account " is still active and could be used by an attacker to access the printer. SNMP is an Internet protocol commonly used to monitor and read statistics from network-attached devices. US-CERT did not provide a list with the exact printer models affected by the issue, but said that, according to Samsung, models released after Oct. 31, 2012, are not vulnerable. As for the Dell model, Samsung builds Dell printers such as the B1160w modeled after Samsung's ML-2165W compact all-in-one printer. It's unclear what other Dell b

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.