Tag Archives: function-maybe

Monitoring scanning activities that could lead to IoT compromises

IoT devices are ideal targets for attackers looking to build DDoS botnets because they have limited or non-existent security features. Some IoT devices utilize hard-coded default passwords. Many devices have unnecessary services running that can be exploited, and others have unprotected management interfaces. Most important for DDoS attackers, IoT devices offer high-speed connections that are always on, which allows for a large, predictable amount of attack traffic volume per compromised device. Monitoring login attempts Looking … More ?

See original article:
Monitoring scanning activities that could lead to IoT compromises

The emergence of new global cybercriminal attack patterns

The findings of a new Malwarebytes report illustrate a significant shift in cybercriminal attack and malware methodology from previous years. Ransomware, ad fraud and botnets, the subject of so much unjustified hype over previous years, surged to measurable prominence in 2016 and evolved immensely. Cybercriminals migrated to these methodologies en masse, impacting nearly anyone and everyone. To better understand just how drastically the threat landscape evolved in 2016, researchers examined data taken from Windows and … More ?

How the application landscape is impacting IT organizations

Accelerating cloud adoption is creating increased demand for security application services including WAF, DNSSEC, and DDoS protection, according to F5 Networks. As an increase in application services often requires additional resources, respondents also indicated a shift toward DevOps methodologies to gain operational efficiencies through automation and programmability. This need for scalability replaces speed to market as the prime driver of DevOps adoption. “This past year, not a week went by without some hack or vulnerability … More ?

Original post:
How the application landscape is impacting IT organizations

DDoS attacks via WordPress now come with encryption

Kaspersky Lab experts have noted an emerging trend – a growth in the number of attacks using encryption. Such attacks are highly effective due to the difficulty in identifying them amongst the overall flow of clean requests. Recently, the company encountered yet more evidence of this trend – an attack exploiting vulnerabilities in WordPress via an encrypted channel. WordPress Pingback attacks have been in use since 2014. They fall under the amplification class of attacks, … More ?

Read the original:
DDoS attacks via WordPress now come with encryption

80 Sony IP camera models come with backdoors

80 different models of Sony IPELA Engine IP Cameras have multiple backdoors that can be misused by attackers to take control of the device, disrupt its functionality, add it to a botnet, and more. Researchers from SEC Consult discovered two application-level backdoor accounts (“primana” and “debug”) with hardcoded passwords, the hashes of which are included in the devices’ firmware. The hashes can be cracked, and through these accounts, attackers can access specific, undocumented CGI functionalities. … More ?

Continue Reading:
80 Sony IP camera models come with backdoors

Protecting smart hospitals: A few recommendations

The European Union Agency for Network and Information Security (ENISA) has released a new report to help IT and security officers of healthcare organizations implement IoT devices securely and protect smart hospitals from a variety of threats. We all know that attacks against hospitals are increasing, but according to security experts, ransomware and DDoS attacks are just the start. The report, compiled with the help of infosec officers from several European hospitals and consultants and … More ?

Read the article:
Protecting smart hospitals: A few recommendations

DDoS protection quiz-based training course

The DDoS Protection Bootcamp is the first online portal to provide in-depth technical training in the field of DDoS protection. This comprehensive quiz-based training course, available at both the Basic and Advanced levels, is comprised of eight sections on topics ranging from DDoS attack types to business risks and mitigation techniques. The course is both challenging and fun—packed with technical descriptions as well as real-world simulations to help you build skills. Each section is followed … More ?

More here:
DDoS protection quiz-based training course

Linux/IRCTelnet creates new, powerful IoT DDoS botnet

Linux/IRCTelnet (new Aidra), a new piece of Linux malware targeting IoT devices and turning them into DDoS-capable bots, has been spotted and analyzed by one of the researchers who share their discoveries on the MalwareMustDie! blog. Linux/IRCTelnet is an interesting mix of capabilities associated with older malware. The base of Linux/IRCTelnet is the source code of the Aidra bot, used years ago by an anonymous researcher to build a botnet (or, as he called it, … More ?

View article:
Linux/IRCTelnet creates new, powerful IoT DDoS botnet

Can we extinguish the Mirai threat?

The recent massive DDoS attack against DNS provider Dyn has jolted (some of) the general public and legislators, and has opened their eyes to the danger of insecure IoT devices. It is clear by now that it will take joint action by all stakeholders – users, manufacturers, the security industry, ISPs, law enforcement and legislators – to put an end to this particular problem, but it will take quite some time. Theoretical stopgap solutions In … More ?

View post:
Can we extinguish the Mirai threat?

Building the IoT monster

When Mary Shelley wrote Frankenstein, she imagined the misguided doctor assembling his creature from dead body parts, who instead of elevating science, created something dark and terrible. A modern day Mary might well imagine the monster being assembled, not from arms and legs, from nanny-cams, door locks, and DVRs. It would be hard to miss the events of the past few weeks. In September, security reporter Brian Krebs was hit by a massive DDoS attack. … More ?

See the original article here:
Building the IoT monster