Blog Welcome to PureID Research Blog

Fortinet leaked credentials to fuel more Breaches
Overview In our previous research blog Passwords & MFA Melting VPNS we had explained how vulnerabilities in Fortinet VPN are being exploited to harvest user credentials and bypass MFA implementations.  The latest update from The Hacker News – 500K FortiGate VPN user credentials are available for free. Many instances of Fortinet VPN whose credentials are […]
Read More...

Ajit Hatti September 14, 2021 Credential Stealing

GitHub says #GoPasswordless
All the recent high profile breaches we have seen, have one common root cause – Account takeovers with compromised credentials. Solarwinds incidents is a biggest examples of how simple account takeovers lead to distribution of malicious updates, which then got amplified through the supply chain and affect the entire world. GitHub being the world’s code-repository […]
Read More...

Ajit Hatti August 25, 2021 Passwordless

Welcome Jeremiah Grossman
PureID is glad and excited to announce the appointment of Jeremiah Grossman, the world-renowned web security expert, to its advisory board.  The PureID Advisory Board Jeremiah joins the board which also has Lamont Orange (CISO, Netskope) & James Robinson (Deputy CISO, Netskope) who have been advisors and mentors of PureID since its inception.  Charles Nasser, […]
Read More...

Ajit Hatti July 15, 2021 Advisory Board

Kaseya Supply Chain Attack & Passwords
The world was recovering from the jolt of Solarwinds, and we have this… face off with another supply chain attack shaking the world. This time it is Kaseya. About Kaseya Kaseya provides unified IT management softwares used by IT teams and Managed service providers (MSPs). VSA is their popular remote monitoring and endpoint management product […]
Read More...

Ajit Hatti July 14, 2021 Credential Stealing

Android FluBot Malware – spreading rapidly across Europe, might target the US!
FluBot is a banking malware that is specifically attacking Android phones and stealing bank details and passwords from your device. Like Covid-19, this malware has spread across a wide range of English speaking countries rapidly causing some irreparable damage.  FluBot uses “smishing” – phishing using SMS and text messages. These attacks have seen a huge […]
Read More...

Ramya Erramilli May 4, 2021 Credential Stealing,  Malware

Passwords & MFA Melting VPNs
The VPN Meltdown Throughout the March & April month, Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agent (CISA)  has reported numerous  incidents where old vulnerabilities in popular VPNs were exploited by organized (or state sponsored)   hackers, around the world. Large numbers of malware families & malicious actors across the globe […]
Read More...

Shivani Thopte April 27, 2021 Uncategorized

3 Ways, Passwords are Failing the Enterprises
Online world majorly relies on passwords for access control and content security. Enterprises and individuals alike use passwords to keep sensitive information out of the wrong hands. However, enterprises are an extremely high value target for attackers and that level of attention cannot be handled by the humble passwords.  In this blog I will be […]
Read More...

Atharva Chincholkar February 22, 2021 Uncategorized

O #slack! We found your stored PASSWORDS…
Slack introduced a bug on 21st December 2020 that caused their android app to store user passwords in plain text on their local storage. Slack communicated users to change their Slack passwords as well as to clear the Slack app data on android devices. The affected users’ passwords have been invalidated and they will be […]
Read More...

Aman Shakya February 15, 2021 Passwordless

Logokit – The most advanced phishing tool kit; You cannot ignore
Amongst the many known cyber-attacks, Phishing takes the throne. Users, including the experienced ones, can fall prey to phishing. Phishing has become a very cost effective, low skill & straightforward way for cyber criminals over the years now to harvest credentials from across the globe. The effectiveness of phishing attacks is getting better and better […]
Read More...

Ramya Erramilli February 4, 2021 Uncategorized

Nissan : Git, default-set, Gone..
Git Server with default credentials When you set up things that are connected to the internet, they generally require protection from unauthorized access. This protection is often provided by passwords. In most of these cases, a default password with a username is given for first time configuration. As a general security practice, you are supposed […]
Read More...

Atharva Chincholkar February 4, 2021 Uncategorized

1 2

Popular Posts

© PureID. All Rights Reserved
Read More
Read More