In recent weeks, the occurrence of brute force login attempts targeting WordPress and Joomla installations have significantly increased in volume, with some entities reporting triple the attempts seen in the past. The attack volume has been so severe that it has led some hosting providers to block all attempts to access wp-login.php, even for site owners or administrators. While blocking all access outright might seem a bit draconian, about 25% of websites globally include WordPress installations – a tremendous attack surface if left undefended.
During the course of its investigation, Cisco TRAC discovered a repository of data believed to potentially be feeding the brute force login attempts. The trove included user lists, site lists, and password lists. Additionally, there is a list that appears to be a compilation of usernames and passwords used in previous brute force login attempts, scrapings from phishing and cracking forums, as well as the Nmap password list of common passwords. The compiled list has over 25,000 entries, half of which were duplicates. After cleaning up the duplicates, we were left with 783 unique usernames and 11,001 unique passwords -- resulting in over 8.6 million possible combinations. However, it doesn’t appear the attackers are going to that extent; the total list of username/password pairs (with dupes removed) contained just over 13,000 combinations.
Examples of some of the more complex passwords discovered include:
Read More »
Tags: brute force login, Cisco Security, Joomla Brute Force, TRAC, WordPress
Cisco Chairman and CEO John Chambers penned a message for 2013 college graduates in the San Jose Mercury News this weekend. Chambers will receive an honorary doctorate from San Jose State University on Friday, April 26th and offered these words of advice for new graduates…and all those of us looking to succeed in the 21st Century: “Never stop learning.”
In part, he wrote:
… “In speaking of new graduates, New York Times columnist Tom Friedman recently wrote that “given the pace of change today, even they will have to reinvent, re-engineer, and reimagine that job much more often than their parents if they want to advance in it.” He says these young people must be “innovation ready,” not just able to find a job, but invent one.
San Jose State University is part of this reinvention. This month, the university announced an expansion to its collaboration with edX, the not-for-profit online learning enterprise founded by Harvard and the Massachusetts Institute of Technology. The result is that online courses will be made available to as many as eleven other California State University (CSU) campuses and thousands more students across California.” …
… Everyday across the world we are seeing this type of innovative teaching and learning, setting the stage for a different kind of lifelong training.
That’s what it takes in today’s fast moving, data driven Internet of Everything world. All of us must be innovation-ready, and realize that career growth will go to those who continue to leverage the 21st Century Mind by adapting, discovering, and learning new skills. To all graduates, I say congratulations and offer these three words of advice: Never stop learning.”
You can read his full op-ed here.
Tags: 21st Century Mind, advice to graduates, Harvard, IoE, john chambers, MIT, neverstoplearning, SJSU
The Common Vulnerability Reporting Framework (CVRF) is a security automation standard intended to make your life easier by offering a common language to exchange traditional security and vulnerability bulletins, reports, and advisories. You can read more about it on the official ICASI CVRF 1.1 page, in my CVRF 1.1 Missing Manual blog series, or in the cvrfparse instructional blog. CVRF 1.1 has been available to the public for almost a year and we would like to know how its helped and how we can improve it. Please take a moment to take the poll and please feel free to share it with any interested parties. Comments are encouraged and welcomed. The more feedback we get, the more we can improve CVRF.
Read More »
Tags: advisories, Cisco Security, cvrf, cybersecurity, exploits, psirt, security, vulnerability
In the last MSE blog, my colleague Lucy discussed wIPS as a feature of MSE Release 7.4. To further the conversation around Release 7.4, I’m going to describe the new licensing scheme.
We at Cisco believe strongly in the mantra of valuing customer satisfaction. Feedback we received on the Mobility Services Engine (MSE) licensing scheme inspired us to make the following adjustments in a new licensing scheme, which is available as a part of the MSE software release for version 7.4 along with Advanced Location Services:
- AP-based licenses to align with Controller and Cisco Prime Infrastructure: In the earlier releases, you needed to plan and try to predict how many Endpoints you expected on the network before buying the license. Now it’s easier to buy Location Services licenses by simply buying based on the AP count and what services from the MSE you anticipate deploying for your network.
- Simplified WIPS SKUs: Adaptive wIPS licensing scheme was already AP-based so we just reduced the number of SKUs(1-AP, 100-AP and 1000-AP SKUs) for Local Mode and Monitor Mode licenses. Read More »
Tags: access point, advanced location, analytics, AP, aWIPS, Cisco, connected mobile experiences, customer, feedback, license, licensing, licensing scheme, location, location services, mobility services engine, mse, release 7.4, SKU, WIPS
Cisco Connected Mobile Experiences is a new solution that helps enable retail organizations to use Wi-Fi location services to deliver engaging store experiences and generate valuable shopper insights. Our industry-specific webinars so far break down use cases for Connected Mobile Experiences for airports/transportation and retail..with more coming soon.
Our latest CMX webinar on demand is specific for retailers: “Boost Revenue, Build Loyalty.”
View this 45-minute on-demand video webcast to learn how to captivate your shoppers with new mobile apps supported by Cisco Connected Mobile Experiences. Discover how real-time location intelligence from your wireless network can enhance customer loyalty, improve store operations, and help you:
- Deliver a personalized in-store shopping experience that increases customer intimacy
- Provide important information at critical purchase decision points Read More »
Tags: advanced location, Cisco, Connected, connected mobile experiences, customer, department store, experience, Indoor location, location, loyalty, mobile, mobility, network, retail, revenue, services, store, venue, wi-fi, wireless