Article Details

Your password hygiene remains atrocious, says NordPass. ALSO: FCC cracks down on SIM-swap scams, old ZeroLogon targeted by new ransomware, and critical vulnerabilities. Infosec in brief It's that time of year again – NordPass has released its annual list of the most common passwords. And while it seems some of you took last year's chiding to heart, most of you arguably swapped bad for worse. Password manager vendor NordPass, which is well aware of the poor quality of passwords, reported that last year's top password flop – "password" – fell to number seven, but previous leaders remain in the top spots.  "123456" ranked the most popular across the globe, followed by "admin," the oh-so secure "12345678," and its cousin "123456789." Strings of sequential numbers starting with the number one from four to ten characters were generally high on the list, as was UNKNOWN, which actually stood out from the group - most passwords NordPass ranked could be cracked in under a second, but UNKNOWN would require a full 17 minutes.  If you want to get local about things, NordPass customers in the US seem more likley to use generic passwords, with only one truly unique one – "shitbird" – in the top 20. UK residents prefer to show their team pride, with "liverpool," "arsenal," "chelsea," and the more-generic "football" all in the top 20, along with "cheese" and "dragon."  According to NordPass, streaming platforms seem to be relegated to the bottom of the password priority list for most users, with users adopting particularly poor passwords compared to other credential categories it catalogs.  As we seemingly need to remind you every year, longer passwords are always better, as are ones that combine upper and lower-case characters with numbers and symbols. For best results, use a password generator that can give you a long, random string that's harder to guess than 123456 – or even UNKNOWN, for that matter. And for the love of your IT team's sanity, don't reuse passwords. Get yourself a good password manager, too – be it NordPass or some other one. Just use something. Please.  Critical vulnerabilities: A sticky week for Siemens Remember the quintet of Juniper firewall vulnerabilities we reported in September that, individually, were all quite low risk but combined into a CVSS 9.8 that gave attackers the ability to remotely execute code on vulnerable devices? Well, now they're being exploited in the wild, says CISA. Get patching.  The CVSS 9.8 vulnerability in SysAid helpdesk software we reported earlier this month has also been added to CISA's known exploited vulnerabilities database (in the same alert as the Juniper ones), so be sure those patches are installed, too.  Otherwise, most of the big vulnerabilities of the week were covered in this month's Patch Tuesday roundup, but companies running lots of Siemens products better still pay attention to this list of ones we didn't include:  FCC cracks down on SIM swap, port-out scams with new rules The US Federal Communications Commission has enacted rules to combat the growing security risks of Subscriber Information Module (SIM) swapping and port-out fraud.  In a report and order [PDF] adopted Wednesday, the FCC declared it would begin requiring wireless providers to "use secure methods of authenticating customers prior to performing SIM changes and number ports" – one method of which would entail notifying customers in some other manner of a SIM change or port-out request. Telcos will also be required to give customers the option to block SIM swaps and ports on their accounts, and provide notice to all customers of such protections. Wireless providers will also have to adopt processes for responding to failed authentication requests (so be sure you don't forget that account PIN), make it easier for customers to report SIM and port-out fraud, and require providers to keep records of all SIM change requests and the methods they use to authenticate users. New ransomware targets vulnerability you should have patched years ago CISA, the FBI and the Multi-State Information Sharing and Analysis Center are warning that a new(ish) ransomware strain known as Rhysida is active, persistent and relying on some well-established vulnerabilities to break into weak networks.  Rhysida, first spotted in May, mostly targets the education, healthcare, manufacturing, IT and government sectors – critical ones, in other words – and once in a network lives off the land and double-extorts victims.  As is often the case, the criminals behind Rhysida aren't turning to cutting edge, zero-day vulnerabilities to compromise networks. They're attacking opportunistically and relying on old exploits like ZeroLogon – a vulnerability in Microsoft's Netlogon discovered and patched in 2020. If you haven't patched that yet, first things first: Why? Second, get it done. Along with targeting very well known vulnerabilities, Rhysida's controllers are leveraging other external-facing remote services, particularly VPN access points at organizations not using MFA by default. Phishing is also being used to trick victims into installing the malicious kit.