While many Mac-owning consumers believe their devices to be relatively safe from malware, Kaspersky has penned a new report showing that they are far from immune. The Russian cybersecurity firm has tracked the rise in the Shlayer malware since it first surfaced back in February 2018. Since then, Shlayer has been distributed by about 1,000 "partner" websites. While generally considered more annoying than harmful, Shlayer's focus on adware is generally thought to help its authors save money and generate more revenue than something more destructive.
A hacker has recently published a list of over 515,000 telnet credentials for IoT devices. Telnet is one of the original remote terminal protocols, originating in 1969, and has waned in usage significantly in favour of SSH due to the numerous security concerns and limitations it has. Most modern systems do not make it easy to set up a telnet server, however a variety of IoT devices appear to have it installed and publicly exposed. Worse yet, many of these systems are using weak or default username and password combinations.
Hacker Leaks More Than 500K Telnet Credentials for IoT Devices
The list of credentials, including target IP addresses, was published by a hacker that runs a DDoS-for-hire (DDoS booter) service, and had recently upgraded his botnet from relying on commandeered IoT devices to high-output servers from cloud service providers.
However, while telnet may have been the protocol targeted in this case, the issue is less with which protocol these devices use than it is with the failure of admins to use secure passwords to protect them. Indeed, this is the exact same methodology notoriously deployed to such great effect over three years ago by the original Mirai botnet attack. Clearly, lessons have not been learned.
A hacker has deliberately leaked a list of 515,000+ logins. It turns out there are countless devices on the internet with open telnet ports. And loads of them have easily guessable username/password combos.
In April 2020, WHO (World Health Organization) announced that some of the accounts of their employees were accessed without authorization. This case is not a breach per se, since the credentials used for unlawful access were part of a huge database of credentials collected from various leaks. However, some WHO employees had used the company login credentials on third-party services that were breached, and the hackers used the re-used information to gain access.
In early 2020, Zoom has announced that 500,000 stolen credentials from its servers were listed for sale. The news scared over 300 million users who were active on Zoom at that time. The investigations revealed that hackers collected the data from online crime forums and dark web supermarkets. Since people tend to re-use their login credentials, the hackers noticed that they could gain access to a lot of Zoom accounts simply by using the information found through other leaks.
UPDATE June 6th: Many more devices are affected by VPNFilter than originally thought. Ars Technica estimates that over 200,000 additional models may be affected. Click here for the full list of routers.
2ff7e9595c
Comments