DDoS Malware Targets AVTech CGI Vulnerability
A newly discovered Linux malware family is targeting products from surveillance technology company AVTech via a CGI vulnerability that was disclosed in October 2016, Trend Micro researchers warn. Detected as ELF_IMEIJ.A, the malware is the latest in a long list of Trojans targeting Linux ARM devices (such as Mirai, Umbreon rootkit, LuaBot, BashLite, and more)….
FBI Chief Calls for United Fight Against Cybercrime
Describing cyber threats as “too fast, too big and too widespread for any of us to address them alone,” FBI director James Comey has called on a united fight against them urging for strong private and public sector partnerships. He was speaking at the inaugural Boston Conference on Cyber Security hosted by the FBI and…
Samas Ransomware Uses Active Directory to Infect Entire Networks
The actors behind Samas, a ransomware family that emerged about a year ago, are using Active Directory to perform reconnaissance and then infect entire networks, Javelin Networks says. First detailed in March last year, Samas was observed employing publicly-available penetration testing tools for delivery, and its operators were said to have made $450,000 in ransom…
Most Federal Government Websites Lack Basic Security
HTTPS and DNSSEC not used across the board on agency websites despite federal requirements to do so. The majority of federal agency websites fail to meet basic standards for security as well as for speed and mobile-friendliness.
Profiling 10 types of hackers
Hackers, like the attacks they perpetrate, come in many forms, with motivations that range from monetary to political to ethical. Understanding the different types of hackers that exist and what motivates them can help you to identify the attackers you are most susceptible to and properly defend yourself and your organization against cyberattacks. Travis Farral,…
185,000+ vulnerable Wi-Fi cameras just waiting to be hijacked
A generic wireless camera manufactured by a Chinese company and sold around the world under different names and brands can be easily hijacked and/or roped into a botnet. The flaw that allows this to happen is found in a custom version of GoAhead, a lightweight embedded web server that has been fitted into the devices.
Leaked docs suggest NSA and CIA behind Equation cyberespionage group
Purported CIA documents leaked Tuesday appear to confirm that the U.S. National Security Agency and one of CIA’s own divisions were responsible for the malware tools and operations attributed to a group that security researchers have dubbed the Equation. The Equation’s cyberespionage activities were documented in February 2015 by researchers from antivirus vendor Kaspersky Lab….
Fighting Cyber Security F.U.D. and Hype
Dr. Ian Levy is technical director at the UK’s National Cyber Security Center (NCSC), which is part of GCHQ. It is fair to say that the NCSC will play a major part in defining and delivering the UK government’s cyber security policy over the next few years. In October 2016, Ian Levy reportedly made an…
In a Cybersecurity Vendor War, the End User Loses
When vulnerability information is disclosed without a patch available, users are the ones really being punished. Rarely do you see corporations clash over vulnerability disclosures. It’s almost an unwritten rule that a business wouldn’t participate in improper vulnerability disclosures, but Google has decided to go head-to-head with Microsoft in the release of information after 90…
What’s the security posture of the Fortune 1000?
BitSight analyzed the security posture of some of the world’s largest organizations, and identified the most common system compromises. For comparison, Fortune 1000 companies were studied alongside a random sample of 2,500 companies with a similar industry breakdown and with at least 2,500 employees.