According to an analyst at CERT/CC’s Vulnerability Notes Database, certain Netgear switches contain hard-coded passwords that can allow a remote attacker to authenticate to the web server running on the device.
> When it comes to the 2014 Verizon Data Breach Investigations Report (DBIR), web application, cyber-espionage and POS intrusions topped off the list of most frequently occurring categories of data breaches.
Breaches of card data and point of sale systems often involve remote access management tools, as attackers scan for remote administration software, then use automated tools to break into weakly protected systems.
> If you haven’t enabled two-factor on your PayPal account, you must like living dangerously. With the prevalence of phishing and other credential stealing techniques, relying solely on a password to protect your financially-lucrative accounts is a bad idea.
> Researchers at Duo Labs, the advanced research team at Duo Security, discovered that it is possible to bypass PayPal’s two-factor authentication Security Key mechanism, in PayPal nomenclature.
