1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Linux and Raspberry Pi devices are proving a major security weak

    From TechnologyDaily@1337:1/100 to All on Wed Mar 16 15:45:04 2022
    Linux and Raspberry Pi devices are proving a major security weak link

    Date:
    Wed, 16 Mar 2022 15:26:17 +0000

    Description:
    There are hundreds of thousands of devices still being protected by nothing more than default passwords.

    FULL STORY ======================================================================

    There are hundreds of thousands of Linux and Raspberry Pi devices connected
    to the internet right now, protected by nothing more than the default
    password .

    In possession of these default passwords, cybercriminals are using numerous automated bots to scan for vulnerable devices. Once they find them, planting malware becomes relatively easy.

    These are the findings of a new threat report from Bulletproof, which claims knockknockwhosthere, nproc, 1, x, 1234, 123456, root, and raspberry are among the most common default passwords out there. TechRadar needs you!

    We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a 100 Amazon gift card (or equivalent in USD). Thank you for taking part.

    Click here to start the survey in a new window << Easy attack point

    On the list are the default Raspberry Pi credentials (un:pi/pwd:raspberry). There are more than 200,000 machines on the internet running the standard Raspberry Pi OS, making it a reasonable target for bad actors. We also can
    see what looks like credentials used on Linux machines (un:nproc/pwd:nproc). This highlights a key issue - default credentials are still not being
    changed, said Brian Wagner, Chief Technology Officer at Bulletproof.

    Using default credentials provides one of the easiest entry points for attackers, acting as a skeleton key for multiple hacks. Using legitimate credentials can allow hackers to avoid detection and makes investigating and monitoring attacks much harder.

    To make the situation even worse, the report claims a quarter of the
    passwords attackers use today originate from the RockYou database leak that happened more than a decade ago.

    For the purpose of the report, Bulletproofs cybersecurity researchers created a honeypot, in the form of servers in public cloud environments with deliberate security vulnerabilities, in order to attract bad actors. Read
    more

    Raspberry Pi OS just got a serious upgrade


    Installing an OS on your Raspberry Pi is about to become a lot simpler


    Raspberry Pi can now detect malware without any software

    Over the course of the research, bad actors initiated more than 240,000 sessions, while in total, more than half (54%) of over 5,000 unique IP addresses had intelligence that suggested they were bad actor IP addresses.

    Within milliseconds of a server being put on the internet, it is already
    being scanned by all manner of entities. Botnets will be targeting it and a host of malicious traffic is then being driven to the server, continued Wagner. Although some of our data shows legitimate research companies
    scanning the internet, the greatest proportion of traffic we encountered to our honeypot came from threat actors and compromised hosts." Stay safe with the best antivirus software right now



    ======================================================================
    Link to news story: https://www.techradar.com/news/linux-and-raspberry-pi-devices-are-proving-a-ma jor-security-weak-link/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)