Tag Archives: don’t miss

Extortion demands grow as cybercriminals target new online industries

There was a 154 percent increase in the number of attacks between 2019 and 2020, with growth in ransom-related DDoS (RDDoS) attacks and a rise in use of existing attack vectors, including web applications, a Neustar report reveals. The report also provides key details around the amount, size, duration and intensity of DDoS attacks throughout 2020 to keep cybersecurity professionals informed. DDoS extortion demands on the rise Primarily, the report highlights a rise in ransom-related … More ? The post Extortion demands grow as cybercriminals target new online industries appeared first on Help Net Security .

More:
Extortion demands grow as cybercriminals target new online industries

Cyber insurance claims on the rise

External attacks on companies result in the most expensive cyber insurance losses, but it is employee mistakes and technical problems that are the most frequent generator of claims by number, according to a report from Allianz Global Corporate & Specialty (AGCS). The study analyzes 1,736 cyber-related insurance claims worth EUR 660mn (US$ 770mn) involving AGCS and other insurers from 2015 to 2020. “Losses from incidents such as distributed denial of service (DDoS) attacks or phishing … More ? The post Cyber insurance claims on the rise appeared first on Help Net Security .

Read More:
Cyber insurance claims on the rise

Critical flaw in SonicWall’s firewalls patched, update quickly! (CVE-2020-5135)

Earlier this week SonicWall patched 11 vulnerabilities affecting its Network Security Appliance (NSA). Among those is CVE-2020-5135, a critical stack-based buffer overflow vulnerability in the appliances’ VPN Portal that could be exploited to cause denial of service and possibly remote code execution. About CVE-2020-5135 The SonicWall NSAs are next-generation firewall appliances, with a sandbox, an intrusion prevention system, SSL/TLS decryption and inspection capabilities, network-based malware protection, and VPN capabilities. CVE-2020-5135 was discovered by Nikita Abramov … More ? The post Critical flaw in SonicWall’s firewalls patched, update quickly! (CVE-2020-5135) appeared first on Help Net Security .

Originally posted here:
Critical flaw in SonicWall’s firewalls patched, update quickly! (CVE-2020-5135)

Microsoft and partners cut off key Trickbot botnet infrastructure

Two weeks after someone (allegedly the US Cyber Command) temporarily interrupted the operation of the infamous Trickbot botnet, a coalition of tech companies headed by Microsoft has struck a serious blow against its operators. “We disrupted Trickbot through a court order we obtained as well as technical action we executed in partnership with telecommunications providers around the world. We have now cut off key infrastructure so those operating Trickbot will no longer be able to … More ? The post Microsoft and partners cut off key Trickbot botnet infrastructure appeared first on Help Net Security .

Continue Reading:
Microsoft and partners cut off key Trickbot botnet infrastructure

Product showcase: AppTrana

DDoS Attacks, bots, targeted attacks based on application vulnerabilities, have created a new wave of security challenges. Attackers are constantly targeting internet-connected endpoints and specifically web servers to steal data, crash sites, and hold the business for ransom. A web application is a lucrative target for the attackers as they are critical for most businesses. One of the key risk mitigation steps for defending the business from web application attacks is to have a Web … More ? The post Product showcase: AppTrana appeared first on Help Net Security .

Read the original:
Product showcase: AppTrana

Updated cryptojacking worm steals AWS credentials

A malicious cryptocurrency miner and DDoS worm that has been targeting Docker systems for months now also steals Amazon Web Services (AWS) credentials. What’s more, TeamTNT – the attackers wielding it – have also begun targeting Kubernetes clusters and Jenkins servers. The original threat TeamTNT’s “calling card” appears when the worm first runs on the target installation: First spotted by MalwareHunterTeam and Trend Micro researchers in May 2020, the original worm would: Scan for open … More ? The post Updated cryptojacking worm steals AWS credentials appeared first on Help Net Security .

Read the original post:
Updated cryptojacking worm steals AWS credentials

How do cybercriminals secure cybercrime?

Trend Micro unveiled new insights analyzing the market for underground hosting services and detailing how and where cybercriminals rent the infrastructure that hosts their business. Over the past five years, increased use and abuse of compromised assets has formed a whole new market. There are varied types of underground hosting and associated services used by cybercriminals to operate their businesses, including bulletproof hosting, VPNs, anonymizers, and DDoS protection. Such services could variously be used to … More ? The post How do cybercriminals secure cybercrime? appeared first on Help Net Security .

More:
How do cybercriminals secure cybercrime?

New wave of attacks aiming to rope home routers into IoT botnets

A Trend Micro research is warning consumers of a major new wave of attacks attempting to compromise their home routers for use in IoT botnets. The report urges users to take action to stop their devices from enabling this criminal activity. The importance of home routers for IoT botnets There has been a recent spike in attacks targeting and leveraging routers, particularly around Q4 2019. This research indicates increased abuse of these devices will continue … More ? The post New wave of attacks aiming to rope home routers into IoT botnets appeared first on Help Net Security .

Read the original:
New wave of attacks aiming to rope home routers into IoT botnets

What’s trending on the underground market?

Trust has eroded among criminal interactions, causing a switch to e-commerce platforms and communication using Discord, which both increase user anonymization, Trend Micro reveals. Popular underground goods and services The report reveals that determined efforts by law enforcement appear to be having an impact on the cybercrime underground. Several forums have been taken down by global police entities, and remaining forums experience persistent DDoS attacks and log-in problems impacting their usefulness. Loss of trust led … More ? The post What’s trending on the underground market? appeared first on Help Net Security .

Read More:
What’s trending on the underground market?

Client-side web security

To address attacks such as XSS, Magecart and other card skimming exploits found in modern eCommerce environments, the use of client-side web security methods is beginning to emerge as a particularly useful practice. Obviously, enterprise teams should integrate client-side protections with desired server-side countermeasures to ensure a full risk management profile (e.g., the client-side is a poor selection point to stop denial of service). Several standards-based client-side security approaches have begun to mature that are … More ? The post Client-side web security appeared first on Help Net Security .

Read More:
Client-side web security