Cybersecurity

A new report from password management company LogMeIn finds that the bigger the enterprise, the bigger the problem when it comes to managing passwords. The company’s recently released Global Password Security Report scores its 43,000 customers on password strength, reuse, and use of multi-factor authentication. While the average score equaled a 52 out of 100 — a score LogMeIn considers to be good — the numbers generally showed the larger the company, the lower the average security score.

Today, the United Kingdom announced it and its allies had exposed a campaign by the GRU, the Russian military intelligence service, of indiscriminate and reckless cyber attacks targeting a variety of institutions.

Then NCCIC has released Technical Alert 18-276B about Advanced Persistent Threat (APT) actors attempted to infiltrate the networks of global managed service providers (MSPs) in order to gain unauthorized access to the networks of their customers. MSPs provide remote management of customer IT and end-user systems, and the number of organizations using MSPs has grown significantly over recent years since these services allow customers to scale and support their networks at lower costs than financing these resources internally.

The NCCIC has released an advisory on a heap-based buffer overflow vulnerability in GE Communicator. GE Communicator version 3.15 and prior and Gigasoft, a third-party product, version 5 and prior are affected. Exploitation could allow attackers to execute arbitrary code or create a denial-of-service condition. GE recommends users update to Version 4.0 or the latest available release, to mitigate this vulnerability. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.