A new botnet has been discovered that is targeting IoT devices and Grand Theft Auto according to security researchers at Radware. Tony Hart, Chief Architect of Engineering at Corero commented below. Tony Hart, Chief Architect of Engineering at Corero: “This new JenX Botnet is a standard variant of the Mirai/Satori virus with one major difference and that is that it does not self-propagate and is able to recruit new Botnet members through central services. This botnet is designed to specifically target gaming providers and is leveraging two known vulnerabilities. Hackers are offering this botnet as DDoS service with a guaranteed…
ISBuzz Team
Security researchers are seeing an ever-increasing number of malware samples that are experimenting with the Meltdown and Spectre vulnerabilities. According to experts at AV-TEST, Fortinet, and Minerva Labs, several individuals are experimenting with publicly released proof-of-concept (PoC) code for the Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5715, CVE-2017-5753) vulnerabilities. Chris Doman, Security Researcher at AlienVault commented below. Chris Doman, Security Researcher at AlienVault: “So far, we’ve seen about 150 samples hit our signatures for Spectre and Meltdown on VirusTotal. The exact number depends on whether you consider near identical exploits duplicates or not. At the moment, they all seem to be just PoCs…
It appears cryptocurrency startup BeeToken, which promised to disrupt the home sharing industry by putting its service on the blockchain, has been hacked. The attackers are actively targeting its initial coin offering (ICO) with phishing attacks and have already duped gullible investors for over $1 million worth of Ethereum. Ilia Kolochenko, CEO at High-Tech Bridge commented below. Ilia Kolochenko, CEO at High-Tech Bridge: “We will likely see a surge of old attacks reincarnated and leveraged to steal digital coins or tokens. Many blockchain startups and their customers/investors recklessly disregard cyber risks surrounding them. “Some of them are so flagrant, that…
A new, easy to use tool known as AutoSploit is now on the market through a release on Github that can be used for mass hacking. It leverages Python code to automatically search for vulnerable devices connected to the Internet and then uses Metasploit’s collection of exploits to take over computers and IoT devices. IT security experts commented below. Bob Noel, Director of Strategic Relationships and Marketing at Plixer: “AutoSploit doesn’t introduce anything new in terms of malicious code or attack vectors. What it does present is an opportunity for those who are less technically adept to use this tool…
News broke yesterday that over 526,000 Windows computers —mainly Windows servers— have been infected with Monero mining software by a group that operates the biggest such botnet known to date. This group’s operations have been known to security researchers since last year, and various companies have published reports on its activity. Because the botnet is so massive and widespread, most previous reports covered only a fraction of the group’s entire operation. Nadav Avital, Security Researcher at Imperva commented below. Nadav Avital, Security Researcher at Imperva: “Crypto-mining malware is becoming attacker’s popular mode of operation, regardless of their targets. Crypto-mining attacks are directed at any machine that…
If you’re considering writing a book now, you have more publishing alternatives than at any other time in history. Among the many options, you can go the traditional route and submit your manuscript to an agent who will work to get you a book deal with a publishing house, or you can do everything on your own. This latter choice has advantages and disadvantages worth exploring, so let’s take a look at the pros and cons of self-publishing an ebook. What Exactly is Self Publishing? Self-publishing is the act of conducting all of the aspects of producing and marketing an…
News broke yesterday of the result of an Agari survey which suggest BEC scams (also known as CEO scams) are on the rise, and responsible for almost $5.3 billion in exposed losses between 2013 and 2016. Almost every company surveyed (96%) were targeted with BEC emails in the second half of 2017. Tim Helming, Director of Product Management at DomainTools commented below. Tim Helming, Director of Product Management at DomainTools: “Cybersecurity professionals will be unsurprised by the volume of BEC/CEO scams recorded by this survey, but it serves as a welcome reminder to make sure that regardless of whether an email appears to be internal or…
According to the AT&T Global State of Cybersecurity report, 35% of organizations report that IoT devices were the primary source of data breaches in the past 12 months and 68% of them expect IoT threats to increase in the coming year. While 90% of organizations have conducted enterprise-wide cyber risk assessments in the past year, just 50% have conducted risk assessments specific to IoT threats. Stephanie Weagle, VP at Corero Network Security commented below. Stephanie Weagle, VP at Corero Network Security: “The AT&T Global State of Cybersecurity report, indicating that only 50 percent of organizations had conducted risk assessments specific to IoT threats,…
Recent research uncovering the “DCShadow” cyberattack on Active Directory (AD) environments prompted Jonathan Sander, Chief Technology Officer at STEALTHbits Technologies commented below. Jonathan Sander, Chief Technology Officer at STEALTHbits Technologies: “The DCShadow attack is exactly the type of scenario that should be of great concern to everyone and not written off as hype – because “DCShadow” is not a vulnerability, it is an ingenious way to inject illegitimate data into an AD infrastructure. There is no patch that can be issued, no configuration setting to change. The way you defend against this attack is by having a clean, understood, properly configured, closely monitored, and tightly controlled Active…
Earlier this week, it was announced that the number of cyber-attacks against financial services companies reported to the Financial Conduct Authority (FCA) has risen by more than 80% in the last year. Responding to this news, Justin Coker, VP EMEA at Skybox highlights why this has happened, and how financial organisations can improve their cyber resilience. Justin Coker, VP EMEA at Skybox: “Financial services have invested heavily in cybersecurity but, as the FCA figures suggest, that’s not deterring attacks or successful breaches. Furthermore, with the FCA calling for financial organisations to have a better understanding of their key assets and be constantly…
