Blog - PureID

3 Ways, Passwords are Failing the Enterprises

Online world majorly relies on passwords for access control and content security. Enterprises and individuals alike use passwords to keep sensitive information out of the wrong hands. However, enterprises are an extremely high value target for attackers and that level of attention cannot be handled by the humble passwords. In this blog I will be […]

Atharva Chincholkar February 22, 2021 Uncategorized

O #slack! We found your stored PASSWORDS…

Slack introduced a bug on 21st December 2020 that caused their android app to store user passwords in plain text on their local storage. Slack communicated users to change their Slack passwords as well as to clear the Slack app data on android devices. The affected users’ passwords have been invalidated and they will be […]

Aman Shakya February 15, 2021 Passwordless

Logokit – The most advanced phishing tool kit; You cannot ignore

Amongst the many known cyber-attacks, Phishing takes the throne. Users, including the experienced ones, can fall prey to phishing. Phishing has become a very cost effective, low skill & straightforward way for cyber criminals over the years now to harvest credentials from across the globe. The effectiveness of phishing attacks is getting better and better […]

Ramya Erramilli February 4, 2021 Uncategorized

Nissan : Git, default-set, Gone..

Git Server with default credentials When you set up things that are connected to the internet, they generally require protection from unauthorized access. This protection is often provided by passwords. In most of these cases, a default password with a username is given for first time configuration. As a general security practice, you are supposed […]

Atharva Chincholkar February 4, 2021 Uncategorized

SUNBURST: A Vital Case Study of Supply Chain Attack

About SolarWinds: SolarWinds is an American company that provides IT management and administration software that can be used by the Sysadmins and IT administrators in their organization. The reach of the SolarWinds Products is quite high and their products are used by many fortune-500 companies, spreading across the globe. What is Supply Chain Attack: Supply […]

Satyam Dubey December 28, 2020 Threat Intelligence

Old vulnerability haunts unpatched FortiOS installations

In 2018, a vulnerability (CVE-2018-13379) allowed attackers to read FortiOS files without authentication by sending a carefully crafted HTTP request. This vulnerability only existed in the SSL VPN. It affected FortiOS version 5.6.3 to FortiOS version 6.0.4. According to CloudSEK this vulnerability has come back to haunt networks that use FortiOS and missed the memo […]

Atharva Chincholkar November 27, 2020 Uncategorized

Multiple Mobile Browsers Vulnerable to Address Bar Spoofing

As reported by Zscaler in April 2020, a significant increase (about 85%) in phishing attacks were seen, targeting remote workers. Attackers had registered domains featuring Covid-19 related keywords such as “virus”, “vaccine” etc. in order to steal credentials, disseminate malware, most notably ransomware for conducting financial frauds. With ever-growing advanced spear-phishing attacks, vulnerabilities like Address […]

Khush Bhatt October 22, 2020 Spoofing

Dumping & Abusing Windows Credentials [Part-1]

Introduction: We all know how crucial our credentials are to us, these shared secrets are basically the access to our resources present on various platforms. The whole process of authentication and authorization is pretty much always dependent on these shared secrets which can be in the format of passwords, access tokens, keys, tickets etc. Today […]

Satyam Dubey September 13, 2020 Uncategorized

Credential stuffing Attacks on VPN: Serious Risk for Enterprise

Virtual Private Networks (VPNs) systems are widely used by enterprises to provide secure remote access to their employees. VPN allows for easy access to the infrastructure, but it also opens up the corporate network to the internet. All VPNs use password-based authentication which is susceptible to various types of attacks. Many enterprises use 2FA to […]

Atharva Chincholkar September 4, 2020 Credential Stealing

Ever increasing Office365 Credential Phishing Campaigns

In the advent of widespread electronic communication we relied on a password for verifying the identity of a person. As it turns out, passwords are not secure enough to trust most information with. Two Factor Authentication to the rescue! right? Well, it’s not so easy. As systems have become secure, the attackers have shifted their […]

Atharva Chincholkar August 26, 2020 Credential Stealing

Blog Welcome to PureID Research Blog

Popular Posts