Tag Archives: news

Hacking for fun and profit: How one researcher is making IoT device makers take security seriously

We should all be so lucky to enjoy our work as much as Ken Munro does. Generally attracted by research that “looks fun” and particularly interested in probing the security of technologies that have yet to be comprehensively investigated by security researchers, for the past few years Munro has been poking and probing consumer Internet of Things devices, and doing things such as denial of service attacks on Wi-Fi-enabled kettles, or showing that you can … More ? The post Hacking for fun and profit: How one researcher is making IoT device makers take security seriously appeared first on Help Net Security .

Week in review: New Cybersecurity Framework, Android patching issues, RSA Conference 2018

Here’s an overview of some of last week’s most interesting news and articles: RSA Conference 2018 coverage Check out what you missed at the infosec event of the year. Real-time detection of consumer IoT devices participating in DDoS attacks Could we detect compromised consumer IoT devices participating in a DDoS attack in real-time and do someting about it? A group of researchers Princeton University have presented some encouraging results showing that the first part of … More ? The post Week in review: New Cybersecurity Framework, Android patching issues, RSA Conference 2018 appeared first on Help Net Security .

View article:
Week in review: New Cybersecurity Framework, Android patching issues, RSA Conference 2018

Real-time detection of consumer IoT devices participating in DDoS attacks

Could we detect compromised consumer IoT devices participating in a DDoS attack in real-time and do someting about it? A group of researchers Princeton University have presented some encouraging results showing that the first part of that equation can be relatively easily solved. As IoT traffic is often distinct from that of other Internet connected devices and as machine learning has proved promising for identifying malicious Internet traffic, they decided to use these facts to … More ? The post Real-time detection of consumer IoT devices participating in DDoS attacks appeared first on Help Net Security .

Read the original:
Real-time detection of consumer IoT devices participating in DDoS attacks

Do you have what it takes to withstand modern DDoS attacks?

As the latest record DDoS attack hit GitHub and threatened to overwhelm its edge network, the popular Git-repository hosting service quickly switched to routing the attack traffic to their DDoS mitigation service. In the end, GitHub ended up completely unavailable for five minutes and intermittently unavailable for four. But while the effect of the attack could have been worse, GitHub’s engineering team aims to do better next time they are hit. Robert Hamilton, Director of … More ? The post Do you have what it takes to withstand modern DDoS attacks? appeared first on Help Net Security .

View article:
Do you have what it takes to withstand modern DDoS attacks?

Malware leverages web injects to empty users’ cryptocurrency accounts

Criminals trying to get their hands on victims’ cryptocurrency stashes are trying out various approaches. The latest one includes equipping malware with Man-in-the-Browser capabilities so they can hijack online accounts and perform fraudulent transactions on the fly. Injecting malicious scripts into target sites Since the beginning of the year, SecurityScorecard researchers have observed two botnets – powered by the Zeus Panda and Ramnit malware families – that are after Coinbase.com accounts and Blockchain.info wallets. The … More ? The post Malware leverages web injects to empty users’ cryptocurrency accounts appeared first on Help Net Security .

Original post:
Malware leverages web injects to empty users’ cryptocurrency accounts

Surge in memcached-based reflected DDoS attacks is due to misconfigured servers

Massive memcached-based reflection DDoS attacks with an unprecedented amplification factor have been ongoing for the last few days, by taking advantage of memcached servers exposed to the Internet. What is memcached? Memcached is a distributed memory caching system and is used to speed up dynamic database-driven websites and Internet-facing services by caching data and objects in RAM. It is often deployed in data center, cloud, and IaaS networks. According to both Rapid7 and SANS ISC, … More ?

Read this article:
Surge in memcached-based reflected DDoS attacks is due to misconfigured servers

Widespread API use heightens cybersecurity risks

A new Imperva survey showed a heightened concern for cybersecurity risk related to API use. Specifically, 63 percent of respondents are most worried about DDoS threats, bot attacks, and authentication enforcement for APIs. APIs power the interactive digital experiences users love and are fundamental to an organization’s digital transformation. However, they also provide a window into an application that presents a heightened cybersecurity risk. The survey shows that 69 percent of organizations are exposing APIs … More ?

What has the Necurs botnet been up to?

The Necurs botnet has been slowly growing since late 2012 and still tops the list of largest spam botnets in the world. Since then, the botnet has occasionally stopped or temporarily minimized the sending out of spam but has returned in full force. How big is the Necurs botnet? It’s difficult to say precisely, but the latest information provided by the Cisco Talos team can give a general idea. The researchers analyzed 32 distinct spam … More ?

See more here:
What has the Necurs botnet been up to?

Q3 2017 Global DDoS Threat Landscape Report released

The newly released Q3 2017 Global DDoS Threat Landscape Report from Imperva Incapsula features insights on attacks and mitigation. These are some of the key findings: Bitcoin was one of the most targeted industries High packet rate attacks grew more common A third of network layer attacks were highly persistent Botnet activity out of India and Turkey continued to climb.

Read the article:
Q3 2017 Global DDoS Threat Landscape Report released

2017 Forrester Wave: DDoS Mitigation Solutions report

In their 36-criteria evaluation of DDoS mitigation providers, Forrester identified 11 of the most significant ones — Akamai Technologies, Arbor Networks, Cloudflare, F5 Networks, Fortinet, Huawei Technologies, Imperva, Neustar, Nexusguard, Radware, and Verisign — and researched, analyzed, and scored them. The Forrester Wave: DDoS Mitigation Solutions, Q4 2017 report features information designed to help you: Gain critical insights into the growing DDoS mitigation solution market Identify the ideal DDoS mitigation solution for your company’s needs … More ?

Read the original:
2017 Forrester Wave: DDoS Mitigation Solutions report