Tag Archives: start

185,000+ vulnerable Wi-Fi cameras just waiting to be hijacked

A generic wireless camera manufactured by a Chinese company and sold around the world under different names and brands can be easily hijacked and/or roped into a botnet. The flaw that allows this to happen is found in a custom version of GoAhead, a lightweight embedded web server that has been fitted into the devices. This and other vulnerabilities have been found by security researcher Pierre Kim, who tested one of the branded cameras – … More ?

Read this article:
185,000+ vulnerable Wi-Fi cameras just waiting to be hijacked

DDoS attacks increasingly form blended attacks of more vulnerabilities

DDoS attacks increasingly formed blended attacks of four or more vulnerabilities over the course of the fourth quarter of 2016, with an intent to overload targeted monitoring, detection and logging systems, according to Nexusguard. Hybrid attacks were a common attack pattern against financial and government institutions. DDoS botnet activity: Top attacking countries The supersized Mirai attack from Q3 set the stage for Q4 challenges, resulting in a ripple of botnets from connected devices and the … More ?

View article:
DDoS attacks increasingly form blended attacks of more vulnerabilities

Review: DNS Security

About the authors Allan Liska is a Consulting Systems Engineer at FireEye, and Geoffrey Stowe is an Engineering Lead at Palantir Technologies. Inside DNS Security: Defending the Domain Name System DNS security is a topic that rarely comes up, and when it does, it’s usually after an attack or breach disruptive enough to merit a mention in the news. Last year’s DDoS attack against US-based DNS provider Dyn was one of those, but it isn’t … More ?

Originally posted here:
Review: DNS Security

DDoS attacks via WordPress now come with encryption

Kaspersky Lab experts have noted an emerging trend – a growth in the number of attacks using encryption. Such attacks are highly effective due to the difficulty in identifying them amongst the overall flow of clean requests. Recently, the company encountered yet more evidence of this trend – an attack exploiting vulnerabilities in WordPress via an encrypted channel. WordPress Pingback attacks have been in use since 2014. They fall under the amplification class of attacks, … More ?

Read the original:
DDoS attacks via WordPress now come with encryption

Law enforcement operation targets users of DDoS tools

From 5 to 9 December 2016, Europol and law enforcement authorities from Australia, Belgium, France, Hungary, Lithuania, the Netherlands, Norway, Portugal, Romania, Spain, Sweden, the United Kingdom and the United States carried out a coordinated action targeting users of DDoS tools, leading to 34 arrests and 101 suspects interviewed and cautioned. Europol’s European Cybercrime Centre (EC3) supported the countries in their efforts to identify suspects in the EU and beyond, mainly young adults under the … More ?

See the article here:
Law enforcement operation targets users of DDoS tools

Protecting smart hospitals: A few recommendations

The European Union Agency for Network and Information Security (ENISA) has released a new report to help IT and security officers of healthcare organizations implement IoT devices securely and protect smart hospitals from a variety of threats. We all know that attacks against hospitals are increasing, but according to security experts, ransomware and DDoS attacks are just the start. The report, compiled with the help of infosec officers from several European hospitals and consultants and … More ?

Read the article:
Protecting smart hospitals: A few recommendations

Six key principles for efficient cyber investigations

Many organizations today are not equipped to defend against traditional cyberattacks, as demonstrated by the ever-increasing numbers of successful breaches reported daily – the Privacy Rights Clearinghouse’s latest number is 900,875,242 records breached in 5,165 attacks over the past decade – and that’s U.S. only. Even the largest companies appear to be less equipped to deal with more sophisticated cyberattacks, like the latest IoT-based Mirai DDoS attack or the attacks detected months or years after … More ?

Original post:
Six key principles for efficient cyber investigations

DDoS protection quiz-based training course

The DDoS Protection Bootcamp is the first online portal to provide in-depth technical training in the field of DDoS protection. This comprehensive quiz-based training course, available at both the Basic and Advanced levels, is comprised of eight sections on topics ranging from DDoS attack types to business risks and mitigation techniques. The course is both challenging and fun—packed with technical descriptions as well as real-world simulations to help you build skills. Each section is followed … More ?

More here:
DDoS protection quiz-based training course

Analyzing the latest wave of mega attacks

A new report, using data gathered from the Akamai Intelligent Platform, provides analysis of the current cloud security and threat landscape, including insight into two record?setting DDoS attacks caused by the Mirai botnet. Nineteen DDoS attacks exceeded 100 Gbps, with six exceeding 200 Gbps DDoS attacks The two largest DDoS attacks this quarter, both leveraging the Mirai botnet, were the biggest observed by Akamai to-date – recorded at 623 Gbps and 555 Gbps. Compared to … More ?

See the article here:
Analyzing the latest wave of mega attacks

How hackers will exploit the Internet of Things in 2017

The Internet of Things (IoT) is now a major force in the weaponization of DDoS. In 2016, IoT botnets have fueled a number of attacks, including the largest-ever DDoS attack, and that role will only grow in the coming years. The tools to carry out these attacks are freely available to the public, and the IoT is expected to be 20 billion devices strong by 2020, so expect more frequent and disruptive attacks from a … More ?

Read the article:
How hackers will exploit the Internet of Things in 2017