It has been reported that Ubiquiti, a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. The company says an incident at a third-party cloud provider may have exposed customer account information and credentials used to remotely manage Ubiquiti gear.
In an email sent to customers, Ubiquiti said it recently became aware of “unauthorized access to certain of our information technology systems hosted by a third party cloud provider,” although it declined to name that provider.
Experts Comments
Cybercriminals utilize various attack vectors to access organizations. A primary example is via social engineering techniques such as phishing emails to employees or by leveraging third-party access through another organization. Organizations need to increase their third-party access procedures, training and technology to reduce the risk of attack by a third-party vendor.
Cybercriminals will continue to leverage attacks against smaller organizations to work their way into larger ones that are
Dot Your Expert Comments
Only for registered and approved experts. Please register before providing comments. Register here
Passwords again are at the forefront of the latest unauthorized access at network equipment provider Ubiquiti Networks, which has been a popular solution in recent years with its unified solutions bringing together network access, WIFI, switching, camera, phone and door security into a single platform. The latest data breach and unauthorized access has led Ubiquiti to advise its customers to rotate passwords, including any other internet services where the same passwords have been used - a
.....Read MorePasswords again are at the forefront of the latest unauthorized access at network equipment provider Ubiquiti Networks, which has been a popular solution in recent years with its unified solutions bringing together network access, WIFI, switching, camera, phone and door security into a single platform. The latest data breach and unauthorized access has led Ubiquiti to advise its customers to rotate passwords, including any other internet services where the same passwords have been used - a common poor practice that results in data breaches escalating further.
The response has been mixed as the notification did not provide much detail on what a good password is or using a password management solution to help increase the security of such privileged access. The scary thought is whether or not this unauthorized access has allowed attackers access to customer’s networks, including security camera footage.
Companies such as Ubiquiti that focus on access and security should demand multi-factor authentication by default and integrate into password management security solutions, as this breach shows the importance of not letting a password be your only security control.
Read LessLinkedin Message
@Joseph Carson, Chief Security Scientist & Advisory CISO, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"The latest data breach and unauthorized access has led Ubiquiti to advise its customers to rotate passwords...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/ubiquiti-urges-customers-to-quickly-enable-2fa
Facebook Message
@Joseph Carson, Chief Security Scientist & Advisory CISO, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"The latest data breach and unauthorized access has led Ubiquiti to advise its customers to rotate passwords...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/ubiquiti-urges-customers-to-quickly-enable-2fa