news 
FBI Warns Of Brute-Force Password Spy Attacks—What You Need To Know
The Federal Bureau of Investigation has issued a stark warning about brute-force password attack tactics employed by malicious cyber actors, urging individuals and organizations to take immediate action to mitigate the risk. In a notification published on January 16, the FBI revealed that threat actors are exploiting weak vendor-supplied passwords and unresolved vulnerabilities in web cameras and digital video recorders (DVRs) from Xiongmai and Hikvision.
It has been observed by the FBI that these malicious cyber actors are scanning devices for vulnerabilities including CVE-2017-7921, CVE-2018-9995, CVE-2020-25078, CVE-2021-33044, and CVE-2021-36260. Furthermore, they have used tools such as Ingram to scan webcams and Medusa to conduct brute-force authentication cracking.
To protect yourself from these HiatusRAT attacks, the FBI recommends taking the following steps:
* Limit the use of the affected devices or isolate them from your network
* Regularly monitor networks for suspicious activity
* Review and establish security policies, user agreements, and patching plans to address emerging threats
* Promptly patch and update operating systems, software, and firmware as soon as manufacturer updates become available
* Avoid using default passwords for these devices and instead opt for strong and unique ones
* Enforce a strong password policy that requires users to create complex and one-of-a-kind passwords
* Implement multi-factor authentication whenever possible
* Scan your network for open and unnecessary ports, and take steps to mediate them
It is imperative that individuals and organizations take immediate action to secure their devices and networks. The FBI’s warning serves as a stark reminder of the importance of password security in today’s digital landscape.
Davey Winder is a veteran cybersecurity writer, hacker, and analyst with over two decades of experience in the field.
Source: http://www.forbes.com
