2024-03-05 - Version 2

Finding ScreenConnect installations with runZero

ConnectWise disclosed two serious vulnerabilities in their ScreenConnect (formerly Control) remote-access product.

The first vulnerability is an authentication bypass vulnerability. Successful exploitation of this vulnerability would allow attackers to execute arbitrary commands with full privileges on the target system. This vulnerability has been assigned a CVSS score of 10, indicating a highly critical vulnerability.

The second issue is a path-traversal vulnerability. Successful exploitation of this vulnerability would allow attackers to access restricted resources on vulnerable systems. The vendor has not disclosed what resources may be accessed when exploiting this vulnerability. This vulnerability has been assigned a CVSS score of 8.4, indicating a high severity.

Note that CVEs are not yet assigned for these vulnerabilities.

Note that there is evidence that these vulnerabilities are being actively exploited in the wild.

What is the impact?

Successful exploitation of these vulnerabilities would allow attackers to execute arbitrary commands with full privileges on the target system, potentially leading to complete system compromise.

Are updates or workarounds available?

ConnectWise has released an update, version 23.9.8, that fixes these issues. ConnectWise recommends that all users upgrade to this version immediately.

How do I find ScreenConnect installations with runZero?

From the Services Inventory, use the following query to locate potentially vulnerable ConnectWise ScreenConnect systems:

vendor:ConnectWise AND (product:Control OR product:ScreenConnect)

Note the check for the former product name (“Control”).

Additional fingerprinting research is ongoing, and additional queries will be published as soon as possible.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.

2024 runZero

The Mother of All Data Breaches: Why It’s Worse Than All the Others

It seems like every other day, there’s news of a new data breach hitting the news. It’s so common that we’ve become largely desensitized to it; after all, this has been going on for years, and despite a lot of handwringing, nothing bad really seems to happen to most people. However, this breach, which has already been called “the mother of all data breaches,” promises to bring a lot of heartache and trouble to impacted people, and there are a LOT of them.

Old News

To understand why, we need to look at exactly what this is, and it might be shocking to find out that nothing in this breach is, in fact, new. Some enterprising data scientist-turned-hacker collected as much information as they could from all the previous public data breaches and combined it into one mega-breach database, consisting of over 26 BILLION records. Breaches from companies like LinkedIn, Twitter, Weibo, Tencent, MySpace, Zynga, and X (you can tell from some of those names that they went back quite a long way! I bet you haven’t checked on your farm in FarmVille for a long time…) Now, the most shocking news coming from that statement might be that some of these websites still exist, but the second most shocking thing is the sheer scope of the breach. The dirty reality of cybercrime is that for all the fancy hacks you read about, like acoustic attacks where listening to the keys you type might reveal a password or the rise of AI in cyber-attacks, the number one way a hacker gets into anything is via compromised credentials. And the way credentials get compromised is because we simply don’t take cyber security seriously enough. In one survey by LastPass, 91% of people surveyed acknowledged that re-using passwords is bad; 66% of them do it anyway. The most common password in 2024 is 123456. It’s not a huge shock that passwords remain the weakest link in the chain.

The Problem in the Patterns

Here’s what makes the mother of all breaches so bad: the ability to correlate login data. A hacker who has bought access to this massive database can pick an e-mail, any e-mail, and query every record containing that e-mail and see the associated password for each service. So, let’s say you’ve had your e-mail, llamas@gmail.com, since the days when MySpace was cool and your beloved cat, Dr. Whiskers, was just a kitten. A hacker would see something like this:

Application	E-mail	Password
X (formerly Twitter)	llamas@gmail.com	Dr.Whiskers1!
MySpace	llamas@gmail.com	Dr.Whiskers1!
Zynga	llamas@gmail.com	Dr.Whiskers1234!
LinkedIn	llamas@gmail.com	Dr.59Whiskers1234!

You see the issue there – even though the passwords themselves aren’t inherently insecure (they’re long, alpha-numeric, and have special characters), they’re re-used in a similar enough way to give the hackers a massive clue as to how to get into your account. Now, they have options.

Credential Stuffing

23andMe drew some fire when they blamed their recent hack on users re-using passwords, but they weren’t wrong – it was a simple credential stuffing hack – when hackers try previously leaked username/password combinations in an attempt to find one that works. Users who had opted to share their information via the DNA Relatives feature opened up the door for other accounts’ information to be breached as well.

Attacker in the Middle

The second option employed by the hackers is far more concerning because of how difficult it is to detect. Commonly known as Attacker in the Middle, or AiTM, this involves setting up a fake site to resemble a legit bank. The attacker then sends out a targeted phishing e-mail campaign with the goal of getting you to enter your credentials and intercepting the one-time passcode you get from your bank: Last year, researchers at Microsoft uncovered a massive AiTM attack targeted at financial institutions; and of course, it all started with a phishing campaign designed to get credentials.

So, What Can We Do?

First and foremost, stop re-using your passwords. With the proliferation of password managers, having strong, unique passwords for everything is much easier. From a personal standpoint, you must make sure all your passwords are unique – especially your e-mail passwords. If someone hacks into your e-mail, they can use that to do a lot more damage (like changing the passwords on all your other accounts!) More and more companies are allowing some form of multi-factor authentication for personal services – turn that on whenever possible. And don’t ever mix work and personal functions on your devices – both Cisco and Okta were hacked via an employee’s personal Gmail account. Even though it wasn’t anything the employee did deliberately, they probably didn’t have a good day when that was discovered. From a business standpoint, get rid of the passwords altogether and implement certificate-based authentication. It’s several orders of magnitude more secure than any other MFA/password combo, and actually provides a better user experience since the user doesn’t have to enter anything – authentication is handled when the device presents a certificate. And one more time, louder for those in the back…STOP. REUSING. YOUR. PASSWORDS!!!!

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

How to reset or change a Spotify password

The music doesn’t have to stop just because you’ve forgotten your Spotify password. This streaming service offers everything from personalized playlists to pop culture podcasts. For many of us, it’s the first stop to hear the latest music from our favorite artists. Knowing how to perform a Spotify password reset is a must, just as remembering to change your Spotify password regularly to keep your account well-protected.

How to reset your Spotify password

If you’ve forgotten your Spotify password, resetting it is the quickest option to regain access to your account. To do so, you’ll need to use your browser because it won’t work on desktop or mobile apps. Head to the Password Reset page on your browser and follow these simple steps.

Type your Spotify username or email address into the text box and click “Send.”
Open a new tab, navigate to your inbox, and look for an email with the subject “Reset your password.” Check your spam folder if you don’t see it within a few minutes. For Gmail users, look in the “Social and Promotion” sections.
In the email, click “Reset password.”
You’ll be redirected to the “Reset” page. Enter and confirm your new password.
Click “Send.”
You can now return to the browser or the app and log in with your new password.

It’s imperative to keep passwords secure across all your devices and profiles, but too many people still use the same login details for multiple accounts.

That can be convenient and make credentials easy to remember, but it also increases the threat posed by cybercriminals and hackers. You could be in trouble if someone broke into one of your accounts and that password was reused across many different profiles.

For this reason, you must change your password regularly and differentiate it from others.

One of the easiest and quickest ways to equip all your favorite online accounts with strong and unique passwords is by using a password generator. The NordPass Password Generator can create custom, virtually uncrackable passwords instantly.

How to change a Spotify password

Still, remember your Spotify password but want to change it today? Here’s how:

Open Spotify on your browser (again, this won’t work on desktop or phone apps).
Log into your account.
Click on the profile icon in the upper-right corner of the screen.
Click “Account.”
Click “Change password.”
Input your current password and your new password.
Click “Set new password.”

Now you can open your app and input your new password if you’ve been automatically logged out.

Frequently asked questions

Does Spotify send emails to reset passwords?

Yes, sending emails is a part of the Spotify password reset procedure. However, stay vigilant. If you received an email titled “Reset your password” but didn’t initiate the process, it could be an attempt to take over your Spotify account.

Under any circumstances, do not click on the link provided in the email. Instead, change Spotify password immediately (you’ll find the instructions above!).

After changing your password, make sure to remove third-party apps’ access to your Spotify accounts and log out from all devices and web pages. Here’s how to do it:

Open and log in to Spotify via your browser.
Click on your profile icon in the upper-right corner of the screen and choose “Account.”
Go to “Manage apps.”
Review the app list and remove all the apps linked to your account by clicking on the “Remove Access” button next to each item. You can reconnect your favorite apps with Spotify later after securing your account.
Go back to the Account tab and choose “Sign out everywhere.”
Tap the “Sign out everywhere” button. It will log you out of Spotify on all devices and web pages where you’re currently logged in.
Now, log in to the streaming platform with the new secure password!

How often should I change my Spotify password?

We do not advise changing your Spotify password more often than once a year unless you have a reason to do so. Frequent password changes can lead to frustration and cutting corners by reusing old passwords or choosing a minor variation of the previous one.

Reasons for changing your Spotify password immediately:

Security breach

If a data breach affects Spotify or one of the third-party apps connected to your account, change Spotify password as soon as possible.

Note: You can use the NordPass password manager with the built-in Data Breach Scanner to find out if your email got compromised. This advanced security tool will send you real-time notification if any breach occurs.

Suspicious activity related to your account

Received an out-of-the-blue email suggesting you initiated a Spotify password reset? Got an unexpected two-factor authentication request? Noticed any mysterious activity on your profile, such as disappearing playlists or unknown artists popping up in the Music section? It may be a sign that someone has broken into your account or is attempting to do so.

Malware

If you detect malware that has been running rampant for a while, you should change the passwords for all your online accounts.

Public or shared devices

Public or shared computers may be infected by malware. That’s why it’s a good safety practice to change your Spotify password after logging in on any unknown device.

May I use special characters in my password?

Yes, you may and should! When creating the password, Spotify recommends using letters, capitals, numbers, and special characters. Your password should contain at least 8 characters; however, the longer, the better.

Check out Spotify’s tips on how to protect your account and consider using a Password Generator to create truly strong passwords.

What if I can no longer access the email linked to my Spotify account?

You can try to regain access to the email associated with your Spotify profile or create a new account.

However, if you’ve ever logged into Spotify via Google, Facebook, or Apple, you can still do it. Once you access your account, change the email address by following these steps:

Open and log in to Spotify using your browser.
Go to the profile icon in the upper-right corner of the screen.
Choose “Account.”
Click “Edit profile” at the very top of the action list.
Type in your new email address and confirm it by choosing “Save profile.”

Is there a limit to the number of password reset attempts?

Spotify doesn’t specify how many times you can carry out a password reset. However, for security purposes, you can request a password reset once every few hours.

You keep resetting your password because you haven’t received the “Reset your password” email? Check all your email folders, including Spam and Trash, and/or contact Spotify’s Customer Service.

Keep your passwords safe with NordPass

Changing your password with ease is always helpful, and it’s an integral part of best practices in digital security.

To avoid this problem of having to change or reset your passwords, you can and should use a password manager.

NordPass is a secure and intuitive password manager built to make your life easier. With NordPass, you can securely store your login details for your favorite online accounts, credit card details, personal information, and secure notes.

One of the best things about NordPass is the Autofill enhanced by machine learning, which automatically fills out online forms, credit cards, and passwords for you.

Additionally, NordPass comes equipped with advanced security features. One of those goes by the name of Password Health and helps you detect weak, old, or reused passwords. Another one, known as a Data Breach Scanner, allows you to find out if any of your personal information has been compromised in a data breach.

These days, with cybercrime on the rise, having a password manager should be a no-brainer.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordPass
NordPass is developed by Nord Security, a company leading the global market of cybersecurity products.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

Nord Security NordPass 2024

What is the impact?

Are updates or workarounds available?

How do I find ScreenConnect installations with runZero?

About Version 2 Digital

The Mother of All Data Breaches: Why It’s Worse Than All the Others

Old News

The Problem in the Patterns

Credential Stuffing

Attacker in the Middle

So, What Can We Do?

About Version 2 Digital

How to reset your Spotify password

How to change a Spotify password

Frequently asked questions

Keep your passwords safe with NordPass

About Version 2 Digital

Hello!