A critical flaw in GNU inetutils’ telnetd enables remote compromise — legacy services still carry modern risk. Disable what you don’t need, patch what you keep. 🧨🔧 #LegacySecurity #CriticalVuln
https://thehackernews.com/2026/01/critical-gnu-inetutils-telnetd-flaw.html
🖥️ VNC might be convenient for legacy systems, but it's just as convenient for attackers...
Unencrypted traffic makes it easy to intercept credentials. Some setups don’t require a password at all. And even when passwords are used, they’re often weakly stored and easily cracked.
Attackers might not even need to log in, just sniff the traffic and capture screens or keystrokes without being noticed.
To prove the point, our Kieran built a Python script (VncCrack.py) that cracks VNC passwords in plaintext using intercepted traffic.
📌Check it out in action in our latest blog post: https://www.pentestpartners.com/security-blog/vnc-rdp-for-all-to-see/
#CyberSecurity #PenTesting #VNC #LegacySecurity #DFIR #NetworkSecurity #CredentialTheft
TL;DR VNC still remains in some legacy environments due to legacy deployments and ease of use. Without proprietary extensions, VNC transmits data without encryption, making credential theft through packet sniffing possible. The captured challenge and response between a VNC client and server can lead to obtaining credentials. Introduction VNC (Virtual Network Computing) is a widely
Pearson’s hack wasn’t just a data leak—it exposed how outdated systems can backfire big time. How did old tech and missteps lead to a costly wake-up call in cybersecurity?
https://thedefendopsdiaries.com/pearson-cyberattack-lessons-in-cybersecurity-and-transparency/
#pearsoncyberattack
#cybersecurity
#legacysecurity
#databreach
#transparency
Manuel Bissey
Offensive Sequence
Pen Test Partners
The DefendOps Diaries