PRTG Network Monitor Account Compromise

prtg

An internal PRTG Network Monitor error caused some Active Directory integrated PRTG user account passwords and some other account passwords from the PRTG System Administration to be stored to the configuration file PRTG Configuration.dat in plain text, instead of being encrypted.

Paessler is recommending users take immediate action and follow the steps as noted in this KB: https://www.paessler.com/about-prtg-17-4-35-through-18-1-37

 

Advertisements

#DeleteFacebook Movement Gains Steam After 50 Million Users Have Data Leaked

delete-facebook

People are jumping on Twitter to announce their breakup with Facebook.

The hashtag #DeleteFacebook is trending on Monday after the New York Times reported this weekend that the data of 50 million users had been unknowingly leaked and purchased to aid President Trump’s successful 2016 bid for the presidency.

And you should delete yours too – I did.

More…

1.7Tbps – Memcached DDoS the Next Generation in Digital Attacks

memcached-servers

Security experts from some security firms have reported that threat actors have started abusing the memcached protocol to power distributed denial-of-service (DDoS) Attacks, so-called memcached DDoS attacks.

Memcached is a free and open source, high-performance, distributed memory caching system designed to speed up dynamic web applications by alleviating database load.

Clients communicate with memcached servers via TCP or UDP on port 11211.

More…

Flight Sim Company “FSLabs” Combats Piracy by Sending Them Your Chrome Passwords

vc4

This has to be a first. The tl;dr of this is that if the company detects their software installation using a blacklisted/fraudulent product key, it pushes a “test.exe” to the target machine. This executable was revealed to be the Chrome Password Dumping Tool by SecurityXploded – available at http://securityxploded.com/chrome-password-dump.php. The dump of the passwords is packaged by an included “base64.exe” and sent via HTTP back to FSLabs. Once this was revealed to the public, the company issued a statement defending their stance on piracy, followed by a new release of their downloader that promises this DRM is not included. Superhero or supervillian? Read more here.