Tag Archives: news

Stealthy DDoS attacks distract from more destructive security threats

The greatest DDoS risk for organisations is the barrage of short, low volume attacks which mask more serious network intrusions. Despite several headline-dominating, high-volume DDoS attacks over the past year, the vast majority (98%) of the DDoS attack attempts against Corero customers during Q1 2017 were less than 10 Gbps per second in volume. In addition, almost three quarters (71%) of the attacks mitigated by Corero lasted 10 minutes or less. Due to their small … More ?

Link:
Stealthy DDoS attacks distract from more destructive security threats

8 RCE, DoS holes in Microsoft Malware Protection Engine plugged

After the discovery and the fixing of a “crazy bad” remote code execution flaw in the Microsoft Malware Protection Engine earlier this month, now comes another MMPE security update that plugs eight flaws that could lead to either remote code execution or to denial of service. Given that the Microsoft Malware Protection Engine powers a number of Microsoft antimalware software, DoS vulnerabilities should be considered serious, since a successfully exploited vulnerability could prevent the MMPE … More ?

Continue Reading:
8 RCE, DoS holes in Microsoft Malware Protection Engine plugged

There’s now a WannaCry decryptor tool for most Windows versions

As the criminals behind the WannaCry ransomware are trying to make it work again, security researchers have created tools for decrypting files encrypted by it. DDoS attacks against the killswitch domains Since researcher Marcus Hutchins (aka MalwareTech) registered a (previously non-existent) killswitch domain for the malware and stopped its onslaught, the domain has been under attack by Mirai-powered botnets. Today’s Sinkhole DDoS Attack pic.twitter.com/wxT2YUrdOF — MalwareTech (@MalwareTechBlog) May 18, 2017 That particular domain has been … More ?

See more here:
There’s now a WannaCry decryptor tool for most Windows versions

Bondnet botnet goes after vulnerable Windows servers

A botnet consisting of some 2,000 compromised servers has been mining cryptocurrency for its master for several months now, “earning” him around $1,000 per day. GuardiCore researchers first spotted it in December 2016, and have been mapping it out and following its evolution since then. The’ve dubbed it Bondnet, after the handle its herder uses online (“Bond007.01”). Compromised Windows servers serve different functions Bondnet’s main reason of being is the mining of cryptocurrencies: primarily Monero, … More ?

See more here:
Bondnet botnet goes after vulnerable Windows servers

Malware Hunter: Find C&C servers for botnets

Recorded Future and Shodan released Malware Hunter, a specialized crawler for security researchers that explores the Internet to find computers acting as remote access trojan (RAT) command and control centers. What Malware Hunter does Malware Hunter unearths computers hosting RAT controller software that remotely controls malware-infected computers and instructs them to execute malicious activities such as recording audio, video, and keystrokes on a victim’s machine. Using command and control servers, attackers can launch widescale attacks … More ?

Read more here:
Malware Hunter: Find C&C servers for botnets

How to securely deploy medical devices within a healthcare facility

The risks insecure medical devices pose to patient safety are no longer just theoretical, and compromised electronic health records may haunt patients forever. A surgical robot, pacemaker, or other life critical device being rendered non-functional would give a whole new, and wholly undesirable, meaning to denial of service. Malware like MEDJACK has been used to infect medical devices and use them as staging grounds to attack medical records systems. IoT ransomware is on the rise … More ?

Continue reading here:
How to securely deploy medical devices within a healthcare facility

Locky ransomware makes a comeback, courtesy of Necurs botnet

The Necurs botnet has, once again, begun pushing Locky ransomware on unsuspecting victims. The botnet, which flip-flops from sending penny stock pump-and-dump emails to booby-trapped files that lead to malware (usually Locky or Dridex), has been spotted slinging thousand upon thousand of emails in the last three or four days. “Talos has seen in excess of 35K emails in the last several hours associated with this newest wave of Locky,” Cisco Talos researchers noted on … More ?

Continued here:
Locky ransomware makes a comeback, courtesy of Necurs botnet

Alleged Kelihos botmaster indicted

36-year-old Pyotr Levashov was charged on Friday in the US with one count of causing intentional damage to a protected computer, one count of conspiracy, one count of accessing protected computers in furtherance of fraud, one count of wire fraud, one count of threatening to damage a protected computer, two counts of fraud in connection with email and one count of aggravated identity theft. Levashov stands accused of controlling and operating the Kelihos botnet to, … More ?

Read the article:
Alleged Kelihos botmaster indicted

CLDAP reflection attacks generate up to 24 Gbps of traffic

Akamai researchers Jose Arteaga and Wilber Majia have identified a new Connection-less Lightweight Directory Access Protocol (CLDAP) reflection and amplification method. CLDAP query packet Akamai’s Security Intelligence Response Team (SIRT) has observed this attack vector producing DDoS attacks consistently exceeding 1 Gbps, comparable to DNS reflection attacks. CLDAP Unlike other reflection-based vectors, where compromised hosts may number in the millions, the observed CLDAP amplification factor has been able to produce significant attack bandwidth with significantly … More ?

More:
CLDAP reflection attacks generate up to 24 Gbps of traffic