Tag Archives: FireEye

10Fold Security Never Sleeps- Fancy Bear, IoT Security


“Russian espionage campaign used WiFi networks to spy on guests”

High profile customers have been targeted by Russia’s ‘Fancy Bear’malware, now with upgraded NSA hacking tool EternalBlue leaked out to the public on the internet. According to FireEye, the attacks are are hitting victims through minimal security hotel WiFi routers. The security firm has also stated that they suspect the group is working with Russian Intelligence agency GRU.

8 Critical IoT Security Technologies

“Necessary as prevalence grows”

Gartner has recently reported a prediction of nearly 20.4 billion connected IoT devices in just the next three years. That’s a rate of about 5.5 million new ‘Things’ per day! These metrics suggest that standard security practices will be insufficient in the very near future to counter the cyber threats that face IoT devices.

Report: SMBs Better Prepared For IoT Security Threats Than Large Enterprises

“SMB prioritize cyber threats more effectively”

IoT security firm Pwine Express has found that SMB’s are far more equipped to handle and identify threats to their workplace networks than larger competitive businesses. About 41% of IT security pro’s at large firms did not know what types of attacks had actually occurred on their devices last year, compared to 25% at SMB-based companies.

Hackers Say Humans Most Responsible for Security Breaches

“Hackers asked about methods and practices”

About 250 hackers at Black Hat 2017 were polled on the processes they use in hacking systems. Thycotic surveyed many of these individuals, finding that 51% identify as ‘white hats,’ 34% as ‘grey hats,’ and 15% as ‘black hats.’ Defenders can use this data to understand better how to safeguard their own systems.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 154

Dridex gang uses unpatched Microsoft Word exploit to target millions

“Attacks beginning in January”

The group associated with the Dridex trojan software has begun using an unpatched Microsoft Word vulnerability that allows it to potentially affect millions of users. The capability of harm was revealed Friday by McAfee antivirus researchers, and security researchers firm FireEye have confirmed more instances of issues over the past several weeks as well.

US dismantles Kelihos botnet after Russian hacker’s arrest

“Unrelated to potential tampering in U.S. election”

The recent arrest of a Russian cybercriminal in Spain has led to the destruction of a large scale botnet. Kelihos, a botnet that is directly responsible for the remote control and ‘enslavement’ of hundreds of thousands of IoT devices, has been used to distribute malware globally in the past. On Monday the U.S. Justice Department released a statement claiming it had taken actions to officially dismantle the project.

Hackers Steal Customer Card Data From GameStop

“Popular gaming retailer apparently breached”

GameStop, a popular retailer among the gaming community, allegedly has been compromised with the possibility of customer payment card information stolen. Included are the name, address, and verification numbers of credit cards.

Cisco Finds Many Flaws in Moxa Industrial Aps

“More than a dozen issues identified”

Talos Intelligence, a Cisco research group, has finished a two-week observation of a wireless AP from Moxa, concluding that many vulnerabilities are apparent from their tests. Over a dozen were officially verified, including remote exploitation that would effectively give a cybercriminal full access to operating functions of a device. Moxa has apatched all but on of these vulnerabilities, the details of which will be disclosed after it has been dealt with.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 148

“Financially motivated actors as dangerous as nation states”
The 2017 M-Trends report published Tuesday by Mandiant addresses growing concerns of private threat actors. The data, based on investigations of incidents by Mandiant, establishes that non-governmental cyber hackers have become incredibly more complex in their activities over the last several years.
“Embarrassing security breach for Canada”
While the recent hack of the Canadian government did not result in the loss of sensitive data, it gave a massive blow to Canadian cybersecurity. After an unknown entity hacked the statistics of the state tax collection agency (CRASC).
“Efforts to stop Mirai have amounted to a game of ‘whack-a-mole'”
Differing opinions on efforts to stop the Mirai botnet, a notorious program that affects thousands of IoT devices, have shown recently as the malware has made its debut last September. Many of the massive DDoS attacks seen recently have been due to Mirai, as it is able to commandeer and use common household devices like DVR’s and internet cameras.
Enjoy your read? Check out our other content here.