Tag Archives: Botnet

Security Never Sleeps- U.S. Security, IoT Vaccines?

U.S. Government Cybersecurity Ranks 16th Out of 18 Industry Sectors

“Very small improvement over last year”

The U.S. government’s cybersecurity standing (both state and federal) is ranked 16th of 18 industry sectors in a new report published by SecurityScorecard, a firm that seeks to help business manage third- and fourth-party risk. This is a very small improvement on the nations position last year, which was 18th out of 18. This still presents a disappointing  and dangerous scenario of public sector readiness to defend systems against cybercrime and cyber espionage. The report was generated by collecting and analyzing subject data through its own data engine, ThreatMarket — which uses 10 categories such as web applications, network security, and DNS health.

Is Your Mobile Carrier Your Weakest Link?

“Mobile security more important than ever”

Now that more online services than ever now offer two-step authentication, i.e., requiring customers to complete a login using their phone or other mobile device after supplying a username and password, many services relying on your mobile devices for that second factor, there has never been more riding on the security of your mobile account. Click the link for a few tips to ensure your mobile device (or, more specifically, your mobile carrier) isn’t the most vulnerable link in your security chain.

This Mirai malware vaccine could protect insecure IoT devices

“Poorly protected IoT devices are the source of many problems”

The hazard of unsophisticated and poorly secured Internet of Things devices came to the front last year with the Mirai DDoS attack that involved nearly a million bots. Many of these devices remain a threat. Researchers have now posed an original solution to the problem: Use the vulnerability of these devices to inject a ‘white worm’ that secures the devices. It is an epidemiological approach that creates immunity with a vaccine by exposing the immune system to a weakened form of the disease.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 190

Sweden Accidentally Leaks Personal Details of Nearly All Citizens

“Swedish Transport Agency breached”

Virtually all Swedish citizens personal vehicle details may have been leaked due to a mishandling of an outsourcing  deal with IBM. Swedish media reports that this breach extends to private vehicles and even police and military transportation as well.

Wells Fargo Gets Regulatory Questions After Data Breach

“Release of client details prompts questions”

Wells Fargo, despite already being a target of regulatory scrutiny from last years fake account scandal, has drawn even more attention to itself after a new leak. A lawyer working for the firm has released sensitive client data for tens of thousands of accounts, mostly of wealthy clients in the brokerage unit.

Second Major Ethereum Hack In a Week Leads to $34 Million Theft

“Popularity met with skepticism of security”

Cryptocurrencies like Ethereum and BitCoin have been rising fast in popular use, however many investors remain cautious due to concerns over vulnerabilities. Ethereum is not doing much to ease doubters, being majorly hacked for the second time in a single week.

Cybercriminals Kept Botnet That Infected 500,000 Computers Hidden For Five Years

“Stantinko is new creeping botnet”

The Mirai botnet and ransomware programs like WannaCry and Petya have often caught our attention, but have you heard of Stantinko? It’s been able to stealthily execute its criminal mission for over five years without attracting much, or perhaps any, media attention.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 144

Locked and Loaded: Huge Botnet Updated for DDoS

“Botnets equipped with new, far-reaching features”

BitSight Technologies, a division of Anubis Networks, has announced that one of the largest botnet systems has been armed with several new weapons that would allegedly dwarf any DDoS attack the public has witnessed so far.

Russian cybersecurity expert charged with treason

“Allegedly shared ‘secrets’ with U.S. firms”

Apparently Ruslan Stoyanov, a cybercrime investigator with Kaspersky Labs who was charged for treason by the Russian government, was arrested for passing secrets of state to several United States firms, including Verisign.

Remember when Ruslan Stoyanov, a top cybercrime investigator for Kaspersky Lab, was arrested and charged with treason? It is now being reported that the treason charges were for allegedly passing state secrets to Verisign and other US companies.

A Super-Common Crypto Tool Turns Out to Be Super-Insecure

“SHA-1 concerns no longer theoretical”

SHA-1 vulnerabilities that until recently seemed unlikely to be exploited are now demonstrably exposed to cybercriminals. A team of researchers from CWI Amsterdam and Google have both been successful in developing programs that are able to easily pull assets and other data from SHA-1 files.

More on Bluetooth Ingenico Overlay Skimmers

“Card and PIN skimmer stories increasing in frequency”

Ingenico-brand card readers at check-out lanes and other self serve pay stations are receiving massive amounts of ‘overlay’ incidences. This article shares several photos detailing the devices from compromised terminals and provide more insight into how the system is so successful.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 124

Personal email is becoming less personal as hackers, government eye access

“Stakes are higher than ever for data security”

Privacy expert Claire Gartland has been warning of increased risks towards user data of electronic messaging services, most recently with her appearance on CNBC’s ‘On The Money.’ Under the context of the recent United States Presidential Election season, Gartland emphasized the exponential increase in the hacking of public figure hacks and leaks of sensitive information.

Millions exposed to malvertising that hid attack code in banner pixels

“Millions exposed to potential danger”

Malicious ads attacking embed codes in banner pixels have left many mainstream website users at risk of fraud and security concerns. The script remains concealed in the alpha channel that defines the transparency of the pixels. This makes it very difficult for even experienced ad networks to detect. After the malware assesses that adequate security measures are not in use that can detect its presence, the script can redirect the browser to sites that host exploitation in the users security.

Security News This Week: A Botnet Takes Down Nearly a Million German Routers

“New variant detected”

The same botnet malware that temporarily took down several popular websites just a few weeks ago, dubbed Mirai, has returned this week with devastating results. Over 900,000 routers from customers of German ISP Deutsche Telekom were affected and cut off from access to the web. This fuels growing concerns over a new reality of cyber-attacks that may not be preventable.

Latest Android security update fixes Dirty COW, GPS vulnerabilities

“Provides attack mitigation”

Per the monthly updates Android releases, serious security concerns have been addressed for customers. The most recent of these is a privilege escalation vulnerabilities that has been exploitable for over nine years (The Dirty COW, or copy-on-write), since the creation of Linux.

10fold- Security Never Sleeps- 123

San Francisco Muni Says Server Data Not Accessed in Ransomware Hit

“Ransom never paid”

San Francisco Municipal authorities have released a statement on Monday indicating that its servers had not been breached by a hacking attempt. The potential cyber criminal responsible claimed 30GB of stolen data would be dumped from the agency if roughly $73,000 worth of Bitcoin was not paid, a sum the SFMTA never even considered paying when no indications of a breach had been found.

Researchers Exploit App Flaw and Steal a Tesla Model S

“Remote hacking and driving now possible”

Chinese researchers working in Keen Security Lab were able to access and execute commands on a Tesla S vehicle, adding to concerns existing as driverless cars become less prevalent in science fiction and more in reality. Lack of security in the Tesla smartphone apps allows cybercriminals to remotely access and drive away with a car in just a few seconds without a key fob being physically present.

Upgraded Mirai Botnet Disrupts Deutsche Telekom by Infecting Routers

“Vulnerable routers being targeted”

IoT malware menace Mirai has been plaguing the German state firm Deutsche Telekom, causing connection issues for nearly a million customers. Blame for the disruptions was placed on a new strain of the Mirai malware, found to have infected over 500,000 IoT devices ranging from surveillance cameras to DVR’s.

Feds Provide Legal Loophole to Hacking IoT Devices

“Changes release researchers from select legal liabilities”

What many consider long overdue exemptions from legal action are currently being celebrated by technology security researchers in the United States. The Digital Millenium Copyright Act has been amended to provide a two year ‘good-faith’ window, allowing security analysts to break into softwares that involve IoT devices and more without violating copyright laws under section 1201.

10Fold- Security Never Sleeps- 115

‘Serious’ Windows Vulnerability Found by Google

“Adobe have issued fix, Windows has yet to issue its own patch”

Per Google’s new policy of exposing exploitative problems to the software creator, the firm has issued a public notice to Microsoft regarding sections of code that are capable of being appropriated by cyber criminals. The flaw, described as a “security sandbox escape,” bypasses cyber defense measures and allows malicious or dysfunctional programs to damage of collect sensitive information from the rest of the device. As of now Adobe’s patch for this issue, released October 21st, have been successful at resolving the issue. Microsoft itself has offered no security fix yet.

New Malware for Mirai Botnet Observed

“Coded partially with Tsunami/Kaiten protocol”

A new strain of malware that specifically targets IoT vulnerabilities and converts the into ‘slave’ devices has been released in the last few days by a collective of cybercriminals. ‘Linux/IRCTelnet’ is capable of conducting massive DDoS attacks, using common IoT appliances such as DVR’s, routers, lighting systems, and more, according to a research team on Malware Must Die.

Major ‘upgrade’ for Nymaim Malware

“Includes increased obfuscation and blacklisting softwares”

Verint researchers have observed several new events where the infamous Nymaim malware has been able to use new code based targets for phishing, rather than its original drive-by-download approach. This particular strain of malicious software has been in circulation since 2013, and has managed to stay ahead of threat researchers consistently with various upgrades that give it a leg up on those studying it. With this advantage, attacks have been seen to rise with use of the malware, with over 63 percent more incidents observed over the last year.

UK commits £1.9B to Cyber Security, Many Firms Contracted

“Recent threats from international actor’s prompts concern”

Just over £1.9B has been committed to increasing British cyber security measures after threats against the United States have been made in recent months. Giving new advantages to both defensive and offensive strategies, the new cyber defense plan will contract with both public and private firms to ensure top of the line systems within the next few years.

10Fold- Security Never Sleeps- 112

Chinese firm admits hacked products were behind Friday’s Internet Abnormalities

“Hangzhou Xiongmai Technology vulnerabilities led to attack”

Electronic component manufacturer based in China Hangzhou Xiongmai Technologies has conceded that hackers used its technologies to conduct a massive cyberattack on several substantial United States headquartered internet sites. Mostly known for its production on DVR’s and cameras connected to the internet, weak default passwords of users is noted as a major contributing factor to their vulnerabilities. Security researchers have claimed that the notorious malware Mirai has been infiltrating and using them as a jump off point for Friday’s DDoS attack.

DDoS Attack Shows Vulnerable Underbelly Cloud Technologies

“Can a DDoS attack break the internet?”

Friday saw a massive DDoS attack, which commentators have said led to the internet ‘breaking’ for several hours over the course of the early day. Vital corporate applications, business functions and inability to use big name sites, causing public outrage and firm loss. Dyn going offline brought the shutdown of the DNS server, the component that allows users to find sites without directly inputting the IP address.

Beware of Fraudulent BSOD Scammers’ Malware

“Microsoft notifies public of fake installer for Security Essentials”

Tech support scammers have added a new weapon in the cybercriminal bag of tools, now utilizing fake ‘Severe Warning’ notifications and blue screens of death in Windows devices. Hicurdismos, the nickname given to this new malware, disables Task Manager and hides the cursor to deceive the user and suggests the user to call a bogus call center and hoaxes users to give up sensitive information the scammer will exploit for profit.

$7,500 IoT Cannon Sold, Capable of Bringing Down The Web Again

“Worse DDoS attacks expected in the future”

The attacks we got a taste of Friday was bad, but experts are saying these disruptions will get worse in intensity and probably more frequent. This is due to hackers selling access to hacked IoT devices which give their customers the ability to launch cyber events comparable or potentially bigger than what the world had witnessed. Early October also saw the advertisement of a botnet cybercriminals had put up for sale on an underground market forum, a trend that before recently had been quite uncommon. To see a malware program for sale of that caliber has researchers predicting a growth in its usage and security concerns in the future.