Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
More than two months after authorities shut down a massive Internet traffic hijacking scheme, the malicious software that powered the criminal network is still running on computers at half of the Fortune 500 companies, and on PCs at nearly 50 percent of all federal government agencies, new research shows," reports Brian Krebs. more
In a 52 page security report released by Cisco, the company has confirmed what has been consistently been observed through out this year: "the Internet-based attacks are becoming increasingly sophisticated and specialized as profit-driven criminals continue to hone their approach to stealing data from businesses, employees and consumers." The 2008 edition of the report has specified the year's top security threats and offers recommendations for protecting networks against attacks that are propagating more rapidly, becoming increasingly difficult to detect, and exploiting technological and human vulnerabilities. more
The source code for the IoT botnet 'Mirai' has been released," warns security expert Brian Krebs whose own website was targeted with the same botnet resulting in the historically large DDoS attack last month. more
Two factor authentication that uses an uncopyable physical device (such as a cellphone or a security token) as a second factor mitigates most of these threats very effectively. Weaker two factor authentication using digital certificates is a little easier to misuse (as the user can share the certificate with others, or have it copied without them noticing) but still a lot better than a password. Security problems solved, then? more
Much of the discussion regarding mobile security revolves around the growing "pandemic" of mobile malware. It's not uncommon to see headlines reporting the discovery of large numbers of new malware samples. However, as Google recently pointed out, with quite a bit of data to support them, there's little discussion of real world impact of these discoveries. This raises a number of relevant questions. Is the average user likely to be infected? Where does this malware come from? These are questions that deserve analysis and thoughtful responses. more
The recent heavy news coverage of WannaCry has overshadowed the latest WikiLeaks release of critical CIA malware documentation: user manuals for two hacking tools named AfterMidnight and Assassin. more
SANS has announced NetWars CyberCity, a small-scale city located close by the New Jersey Turnpike complete with a bank, hospital, water tower, train system, electric power grid, and a coffee shop. NetWars CyberCity was developed to teach cyber warriors from the U.S. Military how online actions can have kinetic effects. more
Michael Cooney reporting in NetworkWorld: "Security researchers this week will detail a prototype system they say can better detect so-called Domain Name Generation- (DGA) based botnets such as Conficker and Kraken without the usual labor- and time-intensive reverse-engineering required to find and defeat such malware. The detection system, called Pleiades, monitors traffic below the local DNS server and analyzes streams of unsuccessful DNS resolutions..." more
A paper released today by ICANN provides a chronology of events related to the containment of the Conficker worm. The report, "Conficker Summary and Review," is authored by ICANN's Dave Piscitello, Senior Security Technologist on behalf of the organization's security team. more
Based on the total number of transactions, Zscaler reports botnets as the biggest security risk on the Internet for the enterprises. "Once a host gets infected, the botnet usually spreads quickly within an enterprise. It also generates a significant amount of traffic to the command and control server, to download additional malware or perform other actions." more
Security analysis suggest troubling and escalating trends in the development of malware that exploits vulnerabilities on mobile devices. "From turning mobile devices into bots, to infiltration of mobile applications, driven by the use of personal devices in the workplace, cybercriminals are taking full advantage of this market," reports M86 Security Labs in its just released Threat Predictions Report. more
Wout de Natris: "In this decision OPTA revokes the registration of Diginotar as a so called Trusted Third Party. Diginotar issued certified certificates for digital signatures. The security breach by Iranian hackers over the summer, which Diginotar did not report to the authorities, lead to severe credibility issues for all Diginotar certificates issued before. This included Dutch government websites, but also led to severe breaches of privacy for Iranian end users, in multiple countries. As a result of OPTA's decision all certificates issued by Diginotar have to be revoked, while at the same she is forbidden to issue new ones. more
Cybercriminals are continuing to exploit human nature and relying on familiar attack patterns such as phishing, and increase their reliance on ransomware, where data is encrypted and a ransom is demanded, according to Verizon 2016 Data Breach Investigations Report released today. more
Since January 2016, discreet campaigns involving malware called Trojan.Odinaff have targeted a number of financial organizations worldwide, warned Symantec Security Response team on Tuesday. more
Web applications, on average, experience twenty seven attacks per hour, or roughly one attack every two minutes, according to the newly released Imperva Web Application Attack Report. Report also notes that when websites came under automated attack they received up to 25,000 attacks in one hour, or 7 attacks every second. more
A World-Renowned Source for Internet Developments. Serving Since 2002.