ISP alerted biz to UPnP flaw in 2013. Years later, same flaw kept cropping up Exclusive Huawei bungled its response to warnings from an ISP’s code review team about a security vulnerability common across its home routers – patching only two models rather than all of its products that used the same flawed firmware.…
Continue Reading:
Huawei’s half-arsed router patching left kit open to botnets: Chinese giant was warned years ago – then bungled it
The FBI’s shutdown of the 15 largest distributed denial-of-service (DDoS) for hire vendors (booters) reduced the overall number of attacks worldwide by nearly 11 percent compared to the same period last year. Along with the fewer total attacks, the average size decreased by 85 percent as did the maximum attack size by 24 percent, indicating the FBI crackdown was effective in reducing the global impact of DDoS attacks. However, booter websites are poised to make … More ? The post Average DDoS attack sizes decrease 85% due to FBI’s shutdown of DDoS-for-hire websites appeared first on Help Net Security .
Read more here:
Average DDoS attack sizes decrease 85% due to FBI’s shutdown of DDoS-for-hire websites
Powerful capabilities of modern browser APIs could be misused by attackers to take control of a site visitor’s browser, add it to their botnet, and use it for a variety of malicious actions, researchers from the Foundation for Research and Technology – Hellas and Stony Brook University are warning. To prove their point, they’ve created MarioNet, a prototype framework that allows them to do just that. The hijacked resources could be used for unwanted and … More ? The post Modern browser APIs can be abused for hijacking device resources appeared first on Help Net Security .
Continued here:
Modern browser APIs can be abused for hijacking device resources
A successful cyberattack is undoubtedly one of the most disruptive events an organization can experience. Whether it’s phishing, DDoS, ransomware or SQL injection, the incident often results in major service failures and potentially massive revenue loss, as well as damage to brand reputation and customer trust. As CISO, you are charged not just with overseeing the response and mitigation processes post-breach but also with assembling all relevant information in a post-incident report to the board. … More ? The post CISO’s guide to an effective post-incident board report appeared first on Help Net Security .
View article:
CISO’s guide to an effective post-incident board report
As anyone in the network security world will tell you, it is an extremely intense and stressful job to protect the corporate network from ever-evolving security threats. For a security team, a 99 percent success rate is still a complete failure. That one time a hacker, piece of malware, or DDoS attack brings down your organization’s network (or network availability) is all that matters. It’s even more frustrating when you consider that the proverbial ‘bad … More ? The post How accepting that your network will get hacked will help you develop a plan to recover faster appeared first on Help Net Security .
See the original post:
How accepting that your network will get hacked will help you develop a plan to recover faster
Here’s an overview of some of last week’s most interesting news and articles: Bug in widespread Wi-Fi chipset firmware can lead to zero-click code execution A vulnerability in the firmware of a Wi-Fi chipset that is widely used in laptops, streaming, gaming and a variety of “smart” devices can be exploited to compromise them without user interaction. Researchers analyze DDoS attacks as coordinated gang activities In a new report, NSFOCUS introduced the IP Chain-Gang concept, … More ? The post Week in review: Man in the Cloud attacks, Google GDPR fine, business resilience appeared first on Help Net Security .
Read More:
Week in review: Man in the Cloud attacks, Google GDPR fine, business resilience
In a new report, NSFOCUS introduced the IP Chain-Gang concept, in which each chain-gang is controlled by a single threat actor or a group of related threat actors and exhibit similar behavior among the various attacks conducted by the same gang. IP Gang attack-type classification against attack volume size Researchers analyzed attack types, volume, size of events, gang activities, and attack rates. By studying the historical behavior of the 80 gangs identified in the report, … More ? The post Researchers analyze DDoS attacks as coordinated gang activities appeared first on Help Net Security .
View the original here:
Researchers analyze DDoS attacks as coordinated gang activities
Healthcare networks pummeled amid drama over teen girl’s custody Five months after he was found guilty of orchestrating a distributed denial-of-service attack against US healthcare providers, the self-styled Anonymous hacker Martin Gottesfeld has been sentenced to 121 months in prison.…
Continue reading here:
No plain sailing for Anon hacktivist picked up by Disney cruise ship: 10 years in the cooler for hospital DDoS caper
Attackers looking to add IoT devices to their botnets are increasingly adding vulnerability exploitation to their attack arsenal, Netscout researchers warn. Instead on just relying on a list of common or default passwords or brute-forcing attacks, they are taking advantage of the fact that IoT devices are rarely updated and manufacturers take a lot of time to push out fixes for known flaws. Currently under exploitation In November 2018, the company detected many exploitation attempts … More ? The post Attackers increasingly exploiting vulnerabilities to enlarge their IoT botnets appeared first on Help Net Security .
See the article here:
Attackers increasingly exploiting vulnerabilities to enlarge their IoT botnets
Check Point has published its latest Global Threat Index for November 2018. The index reveals that the Emotet botnet has entered the Index’s top 10 ranking after researchers saw it spread through several campaigns, including a Thanksgiving-themed campaign. This involved sending malspam emails in the guise of Thanksgiving cards, containing email subjects such as happy “Thanksgiving day wishes”, “Thanksgiving wishes” and “the Thanksgiving day congratulation!” These emails contained malicious attachments, often with file names related … More ? The post November 2018: Most wanted malware exposed appeared first on Help Net Security .
Follow this link:
November 2018: Most wanted malware exposed