Tag Archives: DDoS

Security Never Sleeps- U.S. Security, IoT Vaccines?

U.S. Government Cybersecurity Ranks 16th Out of 18 Industry Sectors

“Very small improvement over last year”

The U.S. government’s cybersecurity standing (both state and federal) is ranked 16th of 18 industry sectors in a new report published by SecurityScorecard, a firm that seeks to help business manage third- and fourth-party risk. This is a very small improvement on the nations position last year, which was 18th out of 18. This still presents a disappointing  and dangerous scenario of public sector readiness to defend systems against cybercrime and cyber espionage. The report was generated by collecting and analyzing subject data through its own data engine, ThreatMarket — which uses 10 categories such as web applications, network security, and DNS health.

Is Your Mobile Carrier Your Weakest Link?

“Mobile security more important than ever”

Now that more online services than ever now offer two-step authentication, i.e., requiring customers to complete a login using their phone or other mobile device after supplying a username and password, many services relying on your mobile devices for that second factor, there has never been more riding on the security of your mobile account. Click the link for a few tips to ensure your mobile device (or, more specifically, your mobile carrier) isn’t the most vulnerable link in your security chain.

This Mirai malware vaccine could protect insecure IoT devices

“Poorly protected IoT devices are the source of many problems”

The hazard of unsophisticated and poorly secured Internet of Things devices came to the front last year with the Mirai DDoS attack that involved nearly a million bots. Many of these devices remain a threat. Researchers have now posed an original solution to the problem: Use the vulnerability of these devices to inject a ‘white worm’ that secures the devices. It is an epidemiological approach that creates immunity with a vaccine by exposing the immune system to a weakened form of the disease.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 168

Kmart Payment Systems Infected With Malware

“Sears subsidiary in trouble”

Popular department store Kmart has had their payment systems infiltrated by cybercriminals last Wednesday, who were able to remotely install malware into the company processes. No information has been provided as to which stores have been affected or for what duration the hackers had access to the firm’s systems, but with over 700 locations it is estimated by security blogger Brian Krebbs that not all stores were affected.

Google Arms Gmail Security with Machine Learning

“Workplace patches imminent”

Phishing, data loss, and other threats were countered by four new security updates released recently by Google. The patches were intended for workplace threats that commonly affect larger firms.

Most Security Pros Expect to Suffer Cyberattacks via Unsecured IoT

“Wireless printers to thermostats cause concerns”

New reports suggest that the majority of security professionals believe they personally will be victimized by DDoS among other attacks due to ineptly secured IoT devices. The Ponemon Institute expect vulnerabilities in increasingly common devices to be exploited by cyber attackers.

OneLogin suffers breach—customer data said to be exposed, decrypted

“Customer data confirmed to be compromised”

OneLogin has now confirmed that the SSO and ID management company has suffered a serious breach. While their public statement is rather vague, an e-mail to its users details that “customer data was compromised, including the ability to decrypt encrypted data.”

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 158

Mysterious Hajime Botnet Grows to 300,000 IoT Devices: Kaspersky

“About 300,000 devices already captured”

Kaspersky Labs security researchers has revealed that a new botnet malware emerging in October of last year, Hajime, has been busy ensnaring thousands of IoT devices. This new strain came on the scene around the same time we saw the Mirai attacks and targets devices in the same way without using them for DDoS processes.

Chipotle Investigating Payment Card Breach

“Unauthorized activity recently detected on network”

Popular restaraunt chain Chipotle Mexican Grill informed its recent customers on Tuesday that the company’s payment archives from its over 2,000 locations may have been breached. With an investigation ongoing, the information being made to the public is still limited.

Game guide malware ‘targeted more than 500,000 users’

“Popular mobile games affected”

App based game guides that include some of the most popular programs have been used to attack over half a million Android users. Google Play harbors the applications responsible for the malware, with researchers at Checkpoint reporting that the apps project unwanted ads and other issues to users.

Web Attacks Decline, Ransomware Attacks Surge

“More efficient and lucrative attacks developed”

New ransomware attacks on end users have been detailed by Symantec’s annual Internet Security Threat Report. The report shows the effects of cyberattacks on intended victims as well as the growing trend in ransomware attacks, up 36% last year.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 152

Malware Allows Remote Administration of ATMs

“Software allows for ejection of cash”

Kaspersky Labs has recently revealed malware code that is capable of remotely gaining administration functions of ATM’s. This was discovered after a Russian bank was targeted by cybercriminals, who used the malware to access several ATM’s. The code was not deleted after the theft, however, leaving pieces for researchers to analyze and ascertain how the code was developed.

New RAT Uses Sites for Command and Control

“Well trafficked sites largely affected”

Talos researchers are now saying that popular and legitimate websites are now being used by ‘ROKRAT’ for data exfiltration. Distributed via email, ROKRAT uses a HWP document to target victims in Korea. The phishing attacks feign legitimacy by faking a reputable senders email, such as the contact email of the Korea Global Forum in several instances.

How an IoT DDoS warning system helps predict cyberattacks

“Current defensive measures limited”

DDoS attacks are devestating for victims by preventing any traffic for their website, however require comparatively little resources for malicious actors. Preventive measures are currently in use by many sites, but are not always sufficient in protecting small or medium level firms and other organizations.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 147

“Huge security hole in many products”
The second largest world producer of IoT devices, Dahua, has released a software update that has gaping security deficiencies in several of popular products including DVR’s and cameras. These internet connected gadgets are vulnerable to login bypasses and remote access to various systems. Additionally, code is available online that would allow exploitation of massive numbers of these types of ‘smart’ devices online by one user, creating DDoS attack concerns among security researchers.
“General technology concerns ease”
The stockpiling of zero-day vulnerabilities by various intelligence agencies to use in offensive capabilities for cyber battle is not quite as dangerous as once predicted, says a new RAND study. Tactical benefits accrued from the collection of the data result in greater outcomes from public disclosure.
 
“Malicious software not part of official ROM”
Check Point Software Technologies posted a blog last Friday detailing the installation of malware of several android devices sold to two firms. The malware was added somewhere along the supply chain, but was not included by the official ROM made by the manufacturer. Many of the phones affected with a ROM using system privileges, meaning that a complete re-installation of all software programs to remedy the problem.
Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 120

412 Million FriendFinder Accounts Hacked

“World’s largest Sex and Swinger network users exposed to cybercriminals”

Last month hackers were able to successfully infiltrate AdultFriendFinder, Cams.com, and several other FriendFinder Networks sites, but the user information has yet to be released to the general public. The attack came from a local inclusion exploit, allowing the hackers to gain access to all of the sites without proper authentication.

VMware Workstation Code Execution Flaw Found by Hackers

“Patches security vulnerabilities across several versions”

A critical out-of-bounds memory access flaw, labeled as CVE-2016-7461, has been patched by VMware as of Sunday. The vulnerability allowed for guests to give arbitrary command over host servers that run Fusion or Workstation.

New DoS Technique Adds to Growing Concerns of Cyber Attacks

“New DDoS attack technique capable of using one laptop to bring down high-bandwidth firewalls”

A new cyberattack method, referred to as BlackNurse, is capable of sending ICMP packets in levels that overload major systems far easier than what has been previously observed. Far more CPU resources is required than normal to address the requests these packets request, creating substantial malfunctions and ping floods.

Tesco Allegedly Warned Before Historic Breach

“Cyber security firms claim firm knew attack was coming”

Dark web hackers were apparently observed boasting online about the ease in which they could steal from the bank. Many security firms had issued warnings to Tesco, reporting that these hackers referred to the bank as a ‘cash milking cow.’ Despite the bragging, there is no concrete evidence that the user is connected to the breach earlier this month, but the lack of preparation stemming from the bank has caused many concerns about the credibility of its security systems.

 

 

 

10Fold- Security Never Sleeps- 117

Liberian Hacking Attempts Cut Internet Access

“October 21st attackers seem responsible”

On November 3rd, continuous attacks from hijacked IoT devices were able to successfully bring down internet access to thousands of people. Some of the attacks were among the biggest ever seen, and targeted huge web companies such as Spotify, Twitter, and Reddit.

New Study Shows Flaw with Smart Bulbs

“New IoT light bulbs vulnerable to hacks”

A recent report titled “IoT Goes Nuclear” has outlined problems seen in new Philips Hue smart light bulbs and similar devices that use ZigBee transmissions. Researchers from the Weizmann Institute of Science and Dalhousie University were successful in hacking and remotely using them from a separate location. Vulnerabilities like these have led to massive DDoS attacks, such as the October 21st web attack that brought many high value sites to their knees for several hours.

Cisco Warns on Security Hole in Management Tool for Connected Homes

“The flaw could have given admin access to unauthorized user”

Cisco has now patched a significant vulnerability in its Prime Home system, a tool that allows a user to manage their smart devices. Before the patch was released, the firm issued an alert that the GUI interface was facing a security flaw that could potentially allow remote users to access functions they otherwise would not be able to access.

Heisenberg Cloud’ Spots Finds Database Services, Misconfigurations

“Undertaken to assess the threat to cloud infrastructure”

A Rapid7 research project has been undertaken to expose the vulnerabilities and misconfigurations in public internet spaces. The Rapid7 ‘Heisenberg Cloud’ combines scan data from scan data from the Heisenberg and Project Sonar.

 

 

 

 

10Fold- Security Never Sleeps- 114

A PREDATOR to Fight DNS Domain Abuse

“Intended to block malicious domain registration”

Princeton University, Google and several other institutions have been able to develop a program that will allow the detection and stop of bad actors that look to register domain names for malicious purposes. Details of the new Proactive Recognition and Elimination of Domain Abuse at Time of Registration was presented at the ACM conference last week.

“Booter” Services Going Extinct?

“Research shows potential measures that could prevent mass attacks”

Web-based contracted cyber criminals, whose services are known as “booter” or “stresser” attacks, may soon be prevented from engaging in further nefarious activities soon. German researchers have studied patterns that come about when malicious actors mass-scan the internet in attempts to find website weaknesses, or DDoS attacks.

Many Joomla Sites Hacked via Recently Patched Flaws

“Flaws could be exploited to upload a backdoor of vulnerable websites”

Fewer than 24 hours that a new patch was made available to fix serious flaws in Joomla websites, researchers had already witnessed several events in which bad actors were able to overtake privilege escalations and create access points allowing for remote execution of commands. The two most critical concerns which are now patched, CVE-2016-8869 and CVE-2016-8870, could allow for serious backdoor authorization if a hacker is well versed in their trade.

Controversial Chinese Cybersecurity Law Looks Likely to Pass

“Foreign governments and business groups eager to protest”

The Chinese Parliament has now readied its third draft of a widely criticized new law that will officially codify the sanctions it has placed over the internet within its own borders. The bill will be presented for a vote on the seventh of this month, and is met with vast opposition from many sectors of society which all claim that its inherent vagueness would allow discrimination against firms abroad on an arbitrary basis.

 

 

10Fold- Security Never Sleeps- 112

Chinese firm admits hacked products were behind Friday’s Internet Abnormalities

“Hangzhou Xiongmai Technology vulnerabilities led to attack”

Electronic component manufacturer based in China Hangzhou Xiongmai Technologies has conceded that hackers used its technologies to conduct a massive cyberattack on several substantial United States headquartered internet sites. Mostly known for its production on DVR’s and cameras connected to the internet, weak default passwords of users is noted as a major contributing factor to their vulnerabilities. Security researchers have claimed that the notorious malware Mirai has been infiltrating and using them as a jump off point for Friday’s DDoS attack.

DDoS Attack Shows Vulnerable Underbelly Cloud Technologies

“Can a DDoS attack break the internet?”

Friday saw a massive DDoS attack, which commentators have said led to the internet ‘breaking’ for several hours over the course of the early day. Vital corporate applications, business functions and inability to use big name sites, causing public outrage and firm loss. Dyn going offline brought the shutdown of the DNS server, the component that allows users to find sites without directly inputting the IP address.

Beware of Fraudulent BSOD Scammers’ Malware

“Microsoft notifies public of fake installer for Security Essentials”

Tech support scammers have added a new weapon in the cybercriminal bag of tools, now utilizing fake ‘Severe Warning’ notifications and blue screens of death in Windows devices. Hicurdismos, the nickname given to this new malware, disables Task Manager and hides the cursor to deceive the user and suggests the user to call a bogus call center and hoaxes users to give up sensitive information the scammer will exploit for profit.

$7,500 IoT Cannon Sold, Capable of Bringing Down The Web Again

“Worse DDoS attacks expected in the future”

The attacks we got a taste of Friday was bad, but experts are saying these disruptions will get worse in intensity and probably more frequent. This is due to hackers selling access to hacked IoT devices which give their customers the ability to launch cyber events comparable or potentially bigger than what the world had witnessed. Early October also saw the advertisement of a botnet cybercriminals had put up for sale on an underground market forum, a trend that before recently had been quite uncommon. To see a malware program for sale of that caliber has researchers predicting a growth in its usage and security concerns in the future.