Tag Archives: newsletter

How the application landscape is impacting IT organizations

Accelerating cloud adoption is creating increased demand for security application services including WAF, DNSSEC, and DDoS protection, according to F5 Networks. As an increase in application services often requires additional resources, respondents also indicated a shift toward DevOps methodologies to gain operational efficiencies through automation and programmability. This need for scalability replaces speed to market as the prime driver of DevOps adoption. “This past year, not a week went by without some hack or vulnerability … More ?

Original post:
How the application landscape is impacting IT organizations

DDoS attacks via WordPress now come with encryption

Kaspersky Lab experts have noted an emerging trend – a growth in the number of attacks using encryption. Such attacks are highly effective due to the difficulty in identifying them amongst the overall flow of clean requests. Recently, the company encountered yet more evidence of this trend – an attack exploiting vulnerabilities in WordPress via an encrypted channel. WordPress Pingback attacks have been in use since 2014. They fall under the amplification class of attacks, … More ?

Read the original:
DDoS attacks via WordPress now come with encryption

80 Sony IP camera models come with backdoors

80 different models of Sony IPELA Engine IP Cameras have multiple backdoors that can be misused by attackers to take control of the device, disrupt its functionality, add it to a botnet, and more. Researchers from SEC Consult discovered two application-level backdoor accounts (“primana” and “debug”) with hardcoded passwords, the hashes of which are included in the devices’ firmware. The hashes can be cracked, and through these accounts, attackers can access specific, undocumented CGI functionalities. … More ?

Continue Reading:
80 Sony IP camera models come with backdoors

Protecting smart hospitals: A few recommendations

The European Union Agency for Network and Information Security (ENISA) has released a new report to help IT and security officers of healthcare organizations implement IoT devices securely and protect smart hospitals from a variety of threats. We all know that attacks against hospitals are increasing, but according to security experts, ransomware and DDoS attacks are just the start. The report, compiled with the help of infosec officers from several European hospitals and consultants and … More ?

Read the article:
Protecting smart hospitals: A few recommendations

Six key principles for efficient cyber investigations

Many organizations today are not equipped to defend against traditional cyberattacks, as demonstrated by the ever-increasing numbers of successful breaches reported daily – the Privacy Rights Clearinghouse’s latest number is 900,875,242 records breached in 5,165 attacks over the past decade – and that’s U.S. only. Even the largest companies appear to be less equipped to deal with more sophisticated cyberattacks, like the latest IoT-based Mirai DDoS attack or the attacks detected months or years after … More ?

Original post:
Six key principles for efficient cyber investigations

DDoS protection quiz-based training course

The DDoS Protection Bootcamp is the first online portal to provide in-depth technical training in the field of DDoS protection. This comprehensive quiz-based training course, available at both the Basic and Advanced levels, is comprised of eight sections on topics ranging from DDoS attack types to business risks and mitigation techniques. The course is both challenging and fun—packed with technical descriptions as well as real-world simulations to help you build skills. Each section is followed … More ?

More here:
DDoS protection quiz-based training course

Linux/IRCTelnet creates new, powerful IoT DDoS botnet

Linux/IRCTelnet (new Aidra), a new piece of Linux malware targeting IoT devices and turning them into DDoS-capable bots, has been spotted and analyzed by one of the researchers who share their discoveries on the MalwareMustDie! blog. Linux/IRCTelnet is an interesting mix of capabilities associated with older malware. The base of Linux/IRCTelnet is the source code of the Aidra bot, used years ago by an anonymous researcher to build a botnet (or, as he called it, … More ?

View article:
Linux/IRCTelnet creates new, powerful IoT DDoS botnet

Can we extinguish the Mirai threat?

The recent massive DDoS attack against DNS provider Dyn has jolted (some of) the general public and legislators, and has opened their eyes to the danger of insecure IoT devices. It is clear by now that it will take joint action by all stakeholders – users, manufacturers, the security industry, ISPs, law enforcement and legislators – to put an end to this particular problem, but it will take quite some time. Theoretical stopgap solutions In … More ?

View post:
Can we extinguish the Mirai threat?

Major US DNS provider hit with DDoS, part of the Internet becomes unreachable

US-based DNS provider Dyn has suffered a massive DDoS attack earlier today, and it resulted in many websites being completely or intermittently inaccessible for a few hours. According to status reports published by the company, the target of the attack was the company’s Managed DNS infrastructure, and impacted Managed DNS customers located on the East Coast of the US. Among the websites that experienced issues as a result of the attack are Reddit, GitHub, Spotify, … More ?

Excerpt from:
Major US DNS provider hit with DDoS, part of the Internet becomes unreachable

Leaked: Source code for Mirai IoT DDoS botnet

IoT-powered DDoS attacks are on the rise, and the situation is poised to become even worse now that the source code for the Mirai malware has been made public. Reporter Brian Krebs, whose website has recently been bombarded with a huge DDoS attack by botnets created with the Mirai and Bashlite malware, spotted a post on hacking community Hackforums by a user named “Anna-senpai” offering the code. “When I first go in DDoS industry, I … More ?

Follow this link:
Leaked: Source code for Mirai IoT DDoS botnet