• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Ubiquiti urges password reset, 2fa after breach

You are here: Home / General Cyber Security News / Ubiquiti urges password reset, 2fa after breach

IoT networking unit vendor Ubiquiti professional a breach of a web portal it employs to control remote products and as a help portal.

The web servers stored data pertaining to consumer profiles for the account.ui.com portal that Ubiquiti will make accessible to customers who bought one particular of its router or webcam products, a ZDNet report claimed.

The corporation mentioned in a statement it only not long ago turned conscious of the breach. And whilst there’s no evidence of obtain to any databases that host user data, Ubiquiti is not selected no matter whether the breach exposed user data, these kinds of as names, addresses, phone quantities, email addresses and just one-way encrypted passwords to person accounts.

✔ Approved Seller by TheCyberSecurity.News From Our Partners
Acronis True Image 2021

Protect and backup your data using Acronis True Image. Acronis is made in Germany and is a leading brand in IT back up and secirity for years. Acronis True Image take secure and enxrypted backups from your Wdindows and macOS. With Acronis True image you will never be worried about Ransomware attacks and virus infections.

Get Acronis with 50% discount from our partner: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


As a precaution, Ubiquiti stated, end users should really transform their passwords on the company’s web portal and on any web-site wherever they may possibly have made use of the same consumer ID or password. Ubiquiti also recommend that customers enable two-factor authentication on all accounts they have with the corporation.

But advising buyers to rotate passwords, which include any other internet services where the exact same passwords have been utilised, is a widespread poor follow that frequently results in information breaches escalating further more, in accordance to Joseph Carson, main security scientist and advisory CISO at Thycotic. 

“The reaction has been mixed as the notification did not provide considerably detail on what a fantastic password is. or advice on employing a password manager to enable enhance the security of these kinds of privileged access,” Carson claimed. “The scary assumed is whether or not or not this unauthorized obtain has authorized attackers entry to customer’s networks, which includes security digicam footage. Companies such as Ubiquiti that emphasis on obtain and security should demand from customers multi-factor authentication by default and integrate into password administration security options, as this breach reveals the importance of not permitting a password be your only security command.”

With the passwords to IoT products and the method to manage them, Craig Lurey, co-founder and CTO of Keeper Security, mentioned cybercriminals could consider a amount of malicious steps, including:

  • Logging into the IoT devices and use them to start a DDoS attack.
  • Logging into the IoT devices and use them for authentic-planet crimes. For instance, entry to webcams can be utilised for cyberspying/cyberstalking, and undesirable actors can access smartlocks to conduct burglaries.
  • Employing the stolen passwords in brute-force attacks on other sites. Password reuse is frequent, and in truth, in its email, Ubiquiti instructed shoppers to reset passwords that they’re reusing somewhere else.

Some sections of this article are sourced from:
www.scmagazine.com

Previous Post: «Complexity And Cost Chip Away At Socs’ Perceived Return On Complexity and cost chip away at SOCs’ perceived return on investment

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Recent Posts

  • Ubiquiti urges password reset, 2fa after breach
  • Complexity and cost chip away at SOCs’ perceived return on investment
  • Critical Microsoft Defender Bug Actively Exploited; Patch Tuesday Offers 83 Fixes
  • SolarWinds attackers suspected in Microsoft authentication compromise
  • World’s Largest Illegal Dark Web Marketplace Taken Down
  • Data Breach at ‘Resident Evil’ Gaming Company Widens
  • BumbleBee Opens Exchange Servers in xHunt Spy Campaign
  • 11 Jan 2021(ISC)² Offers Online Exam Proctoring
  • 11 Jan 2021Francisco Partners Completes Forcepoint Acquisition
  • Adobe Fixes 7 Critical Flaws, Blocks Flash Player Content

Copyright © TheCyberSecurity.News, All Rights Reserved.