Blog Welcome to PureID Research Blog

Overview In our previous research blog Passwords & MFA Melting VPNS we had explained how vulnerabilities in Fortinet VPN are being exploited to harvest user credentials and bypass MFA implementations.  The latest update from The Hacker News – 500K FortiGate VPN user credentials are available for free. Many instances of Fortinet VPN whose credentials are […]
Read More...

Ajit Hatti September 14, 2021 Credential Stealing

All the recent high profile breaches we have seen, have one common root cause – Account takeovers with compromised credentials. Solarwinds incidents is a biggest examples of how simple account takeovers lead to distribution of malicious updates, which then got amplified through the supply chain and affect the entire world. GitHub being the world’s code-repository […]
Read More...

Ajit Hatti August 25, 2021 Passwordless

PureID is glad and excited to announce the appointment of Jeremiah Grossman, the world-renowned web security expert, to its advisory board.  The PureID Advisory Board Jeremiah joins the board which also has Lamont Orange (CISO, Netskope) & James Robinson (Deputy CISO, Netskope) who have been advisors and mentors of PureID since its inception.  Charles Nasser, […]
Read More...

Ajit Hatti July 15, 2021 Advisory Board

The world was recovering from the jolt of Solarwinds, and we have this… face off with another supply chain attack shaking the world. This time it is Kaseya. About Kaseya Kaseya provides unified IT management softwares used by IT teams and Managed service providers (MSPs). VSA is their popular remote monitoring and endpoint management product […]
Read More...

Ajit Hatti July 14, 2021 Credential Stealing

FluBot is a banking malware that is specifically attacking Android phones and stealing bank details and passwords from your device. Like Covid-19, this malware has spread across a wide range of English speaking countries rapidly causing some irreparable damage.  FluBot uses “smishing” – phishing using SMS and text messages. These attacks have seen a huge […]
Read More...

Ramya Erramilli May 4, 2021 Credential Stealing,  Malware

The VPN Meltdown Throughout the March & April month, Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agent (CISA)  has reported numerous  incidents where old vulnerabilities in popular VPNs were exploited by organized (or state sponsored)   hackers, around the world. Large numbers of malware families & malicious actors across the globe […]
Read More...

Shivani Thopte April 27, 2021 Uncategorized

Online world majorly relies on passwords for access control and content security. Enterprises and individuals alike use passwords to keep sensitive information out of the wrong hands. However, enterprises are an extremely high value target for attackers and that level of attention cannot be handled by the humble passwords.  In this blog I will be […]
Read More...

Atharva Chincholkar February 22, 2021 Uncategorized

Slack introduced a bug on 21st December 2020 that caused their android app to store user passwords in plain text on their local storage. Slack communicated users to change their Slack passwords as well as to clear the Slack app data on android devices. The affected users’ passwords have been invalidated and they will be […]
Read More...

Aman Shakya February 15, 2021 Passwordless

Amongst the many known cyber-attacks, Phishing takes the throne. Users, including the experienced ones, can fall prey to phishing. Phishing has become a very cost effective, low skill & straightforward way for cyber criminals over the years now to harvest credentials from across the globe. The effectiveness of phishing attacks is getting better and better […]
Read More...

Ramya Erramilli February 4, 2021 Uncategorized

Git Server with default credentials When you set up things that are connected to the internet, they generally require protection from unauthorized access. This protection is often provided by passwords. In most of these cases, a default password with a username is given for first time configuration. As a general security practice, you are supposed […]
Read More...

Atharva Chincholkar February 4, 2021 Uncategorized