Everything You Need to Know to Keep Your Passwords Secure

Read Time:6 Minute, 13 Second

When it comes to passwords, most of us would love nothing more than to set it and forget it. But that’s exactly what hackers are hoping for — in fact, it makes their job a lot easier. This means the best line of defense is frequent password changes.   

But how often should you create new passwords? Cybersecurity experts recommend changing your password every three months. There may even be situations where you should change your password immediately, especially if a cybercriminal has access to your account.   

This article explores those exact situations and covers some of the best password practices you can use to help safeguard these important combinations of letters and numbers.   

Change your password immediately if: 

Your account was hacked: If you think someone has hacked your account, it’s important to act fast and change your password. Did everyone in your address book get a strange email that looks like it’s from you? Change your email password. Are your Facebook friends getting a new friend request from you? Something’s not right, so you’ll want to change your password. This can help limit the amount of time a cybercriminal has access to your account.  
You are part of a data breach: If there’s a password breach at work or within a company you do business with, you’ll want to change the password for any affected accounts. If you use that password for any other websites, you’ll definitely want to change your password to those accounts. If hackers get access to your password, they may try it on multiple websites to see what else they can steal.  
You used an unsecured network: As much as possible, try to avoid logging into your secure accounts on public Wi-Fi, such as at a library or cafe. Generally, an unsecured network means your online activity is public. If you need to use an unsecured network, change your password once you’re on a secure network.  It can also be a good idea to look into a smart VPN like McAfee Secure VPN, which automatically turns on to protect your personal data and credit card information even if you need to use public Wi-Fi.   
You discover malware: Your personal information could be at risk if malware infects your computer. If you have high-quality antivirus software (like what’s included in McAfee+) and it detects malware, you’ll want to change your passwords from another device.   
You remove people from the account: If you no longer have contact with someone, there’s no need for them to remain on your Netflix or Amazon account. There’s also no need for an ex to share a bank account or have mobile app access. Create new passwords when you’re no longer sharing an account with someone.  
You no longer use certain accounts: You may have an account you haven’t used in a year, such as from an online retailer. Change old passwords for seldom-used accounts and close the account if you don’t intend to use it again. 

How to create a strong password 

A good password can make it more difficult for hackers to access your accounts. But what exactly makes a strong password? Here are a few criteria. 

It’s used only for one account. While it can be easy to use similar passwords for multiple accounts, hackers might be able to get into your other online accounts if they access just one.   

It’s at least 12 characters long. To make it easy to remember, use a lyric from a song or poem (for example, “andtherocketsredglare”). Or make an abbreviation from the words in a sentence (changing “the quick brown fox jumped over the lazy dog in the backyard” to “tqbfjotlditb,” for instance).   

It’s a complex password. Include at least one capital letter, one number, and one symbol. A computer can guess a password with eight letters immediately. But a 12-character password with at least one uppercase and one lowercase letter, number, and a special character would take 34,000 years to crack. Some sites allow users to create a passphrase. That’s a string of words that can be up to 100 characters long.  

It’s hard to guess. Don’t use information that people who know you or look at your social media can guess. Avoid personal information like your nickname or initials, birthday, address or street name, or a child or pet’s name.  

It doesn’t use common words like “password” or “qwerty.” You’d be surprised how many people use “password123” or “123456” as a password. A cybercriminal would not.  

What are the most common ways passwords get hacked?

A cybercriminal may use a variety of strategies to access your passwords. Here are some of their most common tactics.  

Guesswork: This is why password security requires unique passwords that don’t include personal information.  

Buying passwords on the dark web: Search engines don’t index the dark web. A lot of dark web activity isn’t traceable, including the sale of passwords.   

Phishing: This is when a hacker sends an email that appears to be from a trusted source to trick the recipient into typing in their password.  

Malware: Cybercriminals may infect a device with malicious software that allows them to access personal data, including passwords.  

Shoulder surfing: This could happen in a coffee shop or office if you leave sticky notes showing your passwords on your desk or laptop. 

Spidering: These are bots that search the web looking for personal data.  

Brute force attack: A bot systematically tries thousands of passwords hoping to find the correct one.  

How can you keep your online passwords secure? 

When it comes to keeping your data secure, password complexity is just the beginning. Here are a few key steps for keeping your passwords safe.  

Do a password audit: Review the passwords for all of your accounts. Make sure you’re not using any for multiple websites. See if your passwords are guessable. Do they include personal information like birthdays or addresses? If you find passwords that are weak or repeated, change those first.  
Use multi-factor authentication: Set up multi-factor authentication for important accounts, such as with financial institutions. Logging into a website with two-factor authentication requires you to enter a code sent by text or email in addition to a username and password. Some accounts require multi-factor authentication with biometric factors for added security, such as a thumbprint or face scan. Using multi-factor authentication with long, complicated passwords can make an account more secure.  
Use a password manager: A password manager can help prevent unauthorized access to your online accounts by protecting your passwords with strong encryption. It also comes with a password generator to help you create complex passwords while storing them safely.  
Add an extra layer of security: McAfee+ can help you defend your personal data. If you are hacked or the victim of a data breach, McAfee+ can help with 24/7 identity monitoring and alerts, plus up to $2 million in identity theft coverage, for greater peace of mind. AI-powered security on unlimited devices also provides real-time protection against viruses, hackers, and risky links. 

With McAfee, you can continue enjoying the internet the way it was intended — free from hackers. 

The post Everything You Need to Know to Keep Your Passwords Secure appeared first on McAfee Blog.

Read More

USN-6886-1: Go vulnerabilities

Read Time:2 Minute, 25 Second

It was discovered that the Go net/http module did not properly handle the
requests when request’s headers exceed MaxHeaderBytes. An attacker could
possibly use this issue to cause a panic resulting into a denial of service.
This issue only affected Go 1.21 in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
(CVE-2023-45288)

It was discovered that the Go net/http module did not properly validate the
subdomain match or exact match of the initial domain. An attacker could
possibly use this issue to read sensitive information. This issue only
affected Go 1.21 in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-45289)

It was discovered that the Go net/http module did not properly validate the
total size of the parsed form when parsing a multipart form. An attacker
could possibly use this issue to cause a panic resulting into a denial of
service. This issue only affected Go 1.21 in Ubuntu 20.04 LTS and Ubuntu
22.04 LTS. (CVE-2023-45290)

It was discovered that the Go crypto/x509 module did not properly handle a
certificate chain which contains a certificate with an unknown public key
algorithm. An attacker could possibly use this issue to cause a panic
resulting into a denial of service. This issue only affected Go 1.21 in
Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2024-24783)

It was discovered that the Go net/mail module did not properly handle
comments within display names in the ParseAddressList function. An
attacker could possibly use this issue to cause a panic resulting into a
denial of service. This issue only affected Go 1.21 in Ubuntu 20.04 LTS and
Ubuntu 22.04 LTS. (CVE-2024-24784)

It was discovered that the Go html/template module did not validate errors
returned from MarshalJSON methods. An attacker could possibly use this
issue to inject arbitrary code into the Go template. This issue only
affected Go 1.21 in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2024-24785)

It was discovered that the Go net module did not properly validate the DNS
message in response to a query. An attacker could possibly use this issue
to cause a panic resulting into a denial of service. This issue only
affected Go 1.22. (CVE-2024-24788)

It was discovered that the Go archive/zip module did not properly handle
certain types of invalid zip files differs from the behavior of most zip
implementations. An attacker could possibly use this issue to cause a panic
resulting into a denial of service. (CVE-2024-24789)

It was discovered that the Go net/netip module did not work as expected
for IPv4-mapped IPv6 addresses in various Is methods. An attacker could
possibly use this issue to cause a panic resulting into a denial of service.
(CVE-2024-24790)

Read More

Building a Robust Defense-in-Depth Architecture for Digital Transformation

Read Time:8 Minute, 12 Second

The content of this post is solely the responsibility of the author.  LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Exploring Defense-in-Depth Architecture security strategy for ICS in the digital transformation era.

Today’s businesses are transforming through integrating IT and OT environments, a shift that’s enhancing efficiency and unlocking new operational capabilities. Key functionalities like remote access and telemetry collection are becoming increasingly central in this digitally integrated landscape.

However, this merger also brings heightened cybersecurity risks, exposing sensitive systems to new threats. To address these vulnerabilities, a defense-in-depth architecture approach is vital. This method layers multiple security mechanisms, ensuring robust protection. Each layer is designed to intercept threats, providing a comprehensive shield against complex cyberattacks and fortifying the organization’s digital backbone.

What is Defense-in-Depth Architecture?

Defense-in-Depth Architecture is a strategic approach to cybersecurity that employs multiple layers of defense to protect an organization’s IT and OT environment. This architecture is designed to provide a comprehensive security solution by layering different types of controls and measures.

Here are the five layers within this architecture:

Layer 1 – Security Management

This layer serves as the foundation of the defense-in-depth strategy. It involves the establishment of a cybersecurity program tailored to support the OT environment. This includes program and risk management considerations, guiding the cybersecurity strategy and influencing decisions across all other layers. It’s essential for organizations to establish a strong security management layer before implementing other layers.

Layer 2 – Physical Security

Physical security measures aim to prevent accidental or deliberate damage to an organization’s assets. This layer includes the protection of control systems, equipment, and intellectual property. It encompasses a range of measures like access control, surveillance systems, and physical barriers, ensuring the safety of both the assets and the surrounding environment.

Layer 3 – Network Security

Building on the foundation of physical security, this layer focuses on protecting network communications within the OT environment. It involves applying principles of network segmentation and isolation, centralizing logging, and implementing measures for malicious code protection. This layer also considers the adoption of zero trust architecture (ZTA), enhancing security by continuously evaluating authorization close to the requested resources.

Layer 4 – Hardware Security

Hardware security involves embedding protection mechanisms directly into the devices used within an organization. This layer establishes and maintains trust in these devices through technologies like Trusted Platform Modules (TPM) and hardware-based encryption. It ensures the integrity and security of the hardware, forming a crucial part of the overall defense strategy.

Layer 5 – Software Security

The final layer focuses on the security of software applications and services that support OT. It includes practices such as application allowlisting, regular patching, secure code development, and configuration management. This layer is vital for ensuring that the software used in the organization is resilient against security threats and vulnerabilities.

How to Implement Defense-in-Depth Architecture

Implementing a defense-in-depth architecture requires a strategic and structured approach to create a multi-layered defense system against various cyberthreats. Here’s a step-by-step guide to effectively implement this architecture:

1. Assessing Organizational Infrastructure

Comprehensive Infrastructure Analysis: Conduct a detailed analysis of your IT and OT systems, focusing on the integration between them. This should involve mapping network structures, identifying all connected devices, and understanding data flow patterns.

Vulnerability Identification: Utilize tools and techniques to uncover weak points in both IT and OT environments, considering the evolving digital transformation initiatives and their impact on security.

2. Developing a Tailored Strategy

Aligning Security with Business Objectives: Tailor your defense-in-depth strategy to support key business objectives such as maintenance of field devices, telemetry collection, or industrial-level process systems, and enhanced data collection and dissemination.

Risk Management Considerations: Incorporate risk management strategies in line with your organizational needs, focusing on the integration and changing requirements of IT and OT environments.

3. Layered Implementation

Layer 1- Security Management

Policy Development and Enforcement: Develop clear cybersecurity policies, including incident response plans, access controls, and data protection protocols.
Continuous Risk Management: Implement a dynamic risk management process that evolves with changing threat landscapes and business needs.

Layer 2 – Physical Security: ·

Protection of Physical Locations: Execute measures to protect physical locations, including architectural elements like fences, gates, and surveillance systems. ·
Access Control and Monitoring: Use access control technologies and monitoring systems such as badge readers and video surveillance to ensure security.

Layer 3 – Network Security:

Network Architecture Principles: Apply principles of segmentation and isolation in network architecture, using devices like firewalls and routers to enforce security policies.
Monitoring and Malicious Code Protection: Deploy centralized logging, network monitoring, and protective measures against malicious code.

Layer 4 – Hardware Security:

Trust and Integrity Maintenance: Focus on maintaining the trust and integrity of devices in your environment, using hardware with embedded security technologies such as Trusted Platform Module (TPM), Advanced Encryption Standard (AES), and Secure Hash Algorithm (SHA). Regularly update firmware and hardware components.

Layer 5 – Software Security:

Rigorous Application Control: Implement application allowlisting to ensure only approved software runs on network devices.
Continuous Software Maintenance: Establish a regular software update and patch management schedule. Use automated tools for efficient patch deployment.

Must-Have Defense-in-Depth Security Technologies

Certain key technologies are essential to implementing a Defense-in-Depth strategy effectively. These technologies enhance each layer of defense and ensure that the architecture operates cohesively to protect against a wide range of cyberthreats.

Firewalls and Network Segmentation Tools

Purpose: To create boundaries within the network, controlling incoming and outgoing network traffic based on an applied rule set.

Importance: Firewalls are fundamental for establishing secure network perimeters and segmenting the network to limit the spread of threats.

Intrusion Detection and Prevention Systems (IDPS)

Purpose: To continuously monitor the network for suspicious activity and potential threats, automatically preventing or mitigating attacks.

Importance: IDPS are crucial in identifying and responding to threats in real-time, providing an essential layer of automated defense.

Access Control and Monitoring Systems

Purpose: To manage and monitor user access to network resources, ensuring that only authorized users and devices can access sensitive areas of the IT and OT environment.

Importance: Robust access control is a cornerstone of both physical and cybersecurity. It prevents unauthorized access and potential breaches.

Encryption Tools

Purpose: To secure data in transit and at rest by converting it into a coded format that can only be accessed with the correct encryption key.

Importance: Encryption is vital for protecting sensitive data from interception and unauthorized access, especially important in OT environments where data integrity is crucial.

Security Information and Event Management (SIEM) Systems

Purpose: To provide real-time analysis of security alerts generated by applications and network hardware.

Importance: SIEM systems are essential for aggregating, correlating, and analyzing security data from various sources, providing a holistic view of an organization’s security posture.

Advanced Endpoint Protection

Purpose: To protect endpoints like workstations, servers, and mobile devices from a spectrum of threats, using techniques like machine learning and behavioral analysis.

Importance: As endpoints are often targets of cyberattacks, advanced protection is crucial for detecting and responding to threats that bypass traditional security measures.

Application Allowlisting

Purpose: To ensure that only verified and trusted applications are allowed to run, significantly reducing the risk of malicious software execution.

Importance: Application allowlisting helps prevent malware infections and limits the scope of potential cyberattacks by ensuring that only known and trusted software is operational.

Patch Management Software

Purpose: To manage the acquisition, testing, and installation of software updates across an organization’s devices and applications.

Importance: Regular patching is key to protecting against vulnerabilities, ensuring that all systems are up-to-date and resistant to known exploits.

Vulnerability Scanners

Purpose: To identify security weaknesses in systems and networks, providing insights into potential vulnerabilities.

Importance: These scanners are essential for proactive security, allowing organizations to address vulnerabilities before they are exploited.

Data Backup and Recovery Solutions

Purpose: To ensure data is regularly backed up and can be quickly recovered in the event of a cyber incident, like a ransomware attack or data corruption.

Importance: Reliable data backup and recovery are critical for maintaining business continuity and protecting against data loss.

Top 5 Defense-in-Depth Security Challenges

Implementing a Defense-in-Depth Architecture is crucial for robust cybersecurity but comes with its own challenges. Here are the top five challenges to be aware of:

1. Layer Integration and Policy Management

Effectively integrating various layers (physical, network, hardware, software) and ensuring consistent policy management across these layers present significant challenges. Ensuring that policies and controls are harmoniously applied across different layers is critical for a seamless defense.

2. Maintaining Up-to-Date Security Measures

Continuously updating security measures, including patch management and application allowlisting, requires rigorous attention. This includes ensuring that updates do not disrupt OT operational capabilities or safety.

3. Adapting to Evolving Cyber Threats

The cyberthreat landscape is constantly changing. Adapting defense mechanisms, such as intrusion detection and prevention systems, and applying advanced strategies like Zero Trust Architecture requires ongoing effort and adaptation.

4. Balancing Security with Operational Requirements

Implementing comprehensive security measures, such as access controls and encryption, must be balanced with the operational requirements of OT environments. This includes considering the impact of security measures on system performance and latency.

5. Training and Awareness Among Staff

Ensuring that all staff members are adequately trained and remain vigilant about cybersecurity practices is challenging but essential. Human error or lack of awareness can often be a weak link in the security chain.

Conclusion

Deploying a Defense-in-Depth Architecture enables businesses to protect their interconnected IT and OT systems better. This approach, focusing on layered security, directly addresses the unique challenges of today’s cyber landscape. It ensures that companies can maintain their operational integrity and trust while embracing the efficiencies of digital transformation.

Read More

Progress Telerik Report Server Authentication Bypass Vulnerability

Read Time:42 Second

What is the Vulnerability?Progress Telerik Report Server contains an authorization bypass by spoofing vulnerability, allowing an attacker to bypass authentication and create rogue administrator users. The flaw, tracked as CVE-2024-4358, has been added to CISA’s known exploited vulnerabilities catalog (KEV) in mid-June and FortiGuard Labs continues to see attack attempts targeting this particular vulnerability.What is the recommended Mitigation?Apply mitigations as outlined in the vendor instructions: https://docs.telerik.com/report-server/knowledge-base/registration-auth-bypass-cve-2024-4358 What FortiGuard Coverage is available?FortiGuard Labs has provided protection through the IPS signature “Progress.Telerik.Report.Server.Register.Authentication.Bypass” which was released in mid-June to detect and block any attack attempts targeting the vulnerability (CVE-2024-4358). The FortiGuard Incident Response team can be engaged to help with any suspected compromise.

Read More

RockYou2024: Unpacking the Largest Password Leak in History

Read Time:2 Minute, 56 Second

This Fourth of July brought fireworks in the form of a digital security breach, one that has been recorded as the most significant password leak in history. Dubbed RockYou2024, this colossal data dump was unveiled by a user named “ObamaCare” on a prominent hacking forum, revealing a staggering 9.9 billion unique passwords in plain text.

The Scale of RockYou2024

The sheer volume of compromised passwords is enough to make any security enthusiast’s head spin. RockYou2024 isn’t just a leak; it’s a behemoth collection of 9,948,575,739 passwords that could potentially affect millions of users worldwide. This event marks a critical point in cybersecurity, underscoring the relentless pace at which digital threats are evolving.

What’s Old is New Again

However, it’s crucial to note that RockYou2024, despite its unprecedented scale, is primarily a compilation of previously leaked passwords, building upon its predecessor, RockYou2021, which contained 8.4 billion passwords. This revelation might diminish the shock value for some, but it doesn’t reduce the threat level.

Implications of the Leak

According to Cybernews, which first reported on this massive compilation, RockYou2024 poses a significant threat to any system vulnerable to brute-force attacks. This includes not just online platforms but also offline services, internet-facing cameras, and even industrial hardware. When paired with other leaked databases that might include email addresses and other personal information, the potential for widespread data breaches, financial fraud, and identity theft escalates dramatically.

How to protect yourself

Despite RockYou2024 being a collection of older breaches, the updated and maintained list means everyone should remain vigilant. It is crucial to take steps to protect yourself from potential fraud or identity theft. While RockYou2024 might predominantly consist of recycled material from past leaks, it serves as a potent reminder of the ongoing cybersecurity battles. Proper password management and security measures are more crucial than ever. In today’s digital age, staying ahead means staying aware and taking proactive steps to protect your digital identity. Consider implementing the following measures:

Monitor Your Accounts: Regularly review your bank statements, credit card statements, and other financial accounts for any unauthorized transactions.
Change Passwords: Update your passwords for all online accounts, including your AT&T account. Use strong, unique passwords and consider using a password manager to securely store them.
Enable Two-Factor Authentication: Enable two-factor authentication whenever possible to add an extra layer of security to your accounts.
Be Cautious of Phishing Attempts: Stay vigilant against phishing emails, calls, or texts that may try to trick you into revealing sensitive information. Be skeptical of any unsolicited communications and verify the source before sharing any personal data
Enroll in an Identity Monitoring service: McAfee+ can help keep your personal info safe, with early alerts if your data is found on the dark web. We’ll monitor the dark web for your personal info, including email, government IDs, credit card and bank account numbers, and more
Protect your Personal info: Protection solutions like McAfee’s Personal Data Cleanup feature can help. It scours the web for traces of your personal info and helps remove it for your online privacy.

McAfee+ provides AI-Powered technology for real-time protection against new and evolving threats. With our data protection and custom guidance (complete with a protection score for each platform and tips to keep you safer), you can be sure that your internet identity is protected.

The post RockYou2024: Unpacking the Largest Password Leak in History appeared first on McAfee Blog.

Read More