Tag Archives: security

It’s 2017, and UPnP is helping black-hats run banking malware

Pinkslipbot malware copies Conflicker for C&C channel Another banking malware variant has been spotted in the wild, and it’s using UPnP to pop home routers to expose unsuspecting home users, recruited as part of the botnet.…

Read the article:
It’s 2017, and UPnP is helping black-hats run banking malware

Don’t all rush out at once, but there are a million devices ripe to be the next big botnet

As bad as Mirai was, it could have been much worse A wormable vulnerability involving an estimated one million digital video recorders (DVR) is at risk of creating a Mirai-style botnet, security researchers warn.…

More:
Don’t all rush out at once, but there are a million devices ripe to be the next big botnet

Where does the cyber security buck stop?

Late last year, Bruce Schneier testified before the U.S. House Energy and Commerce committee asking them to consider imposing security regulations on the Internet of Things (IoT). Schneier argued that neither IoT buyers nor sellers care about a device’s security. Sellers are interested in quickly releasing inexpensive products to market, while buyers only care about getting cool gadgets for cheap. This unhealthy and unsecure IoT market results in incidents like the Mirai botnet, in which … More ?

More here:
Where does the cyber security buck stop?

8 RCE, DoS holes in Microsoft Malware Protection Engine plugged

After the discovery and the fixing of a “crazy bad” remote code execution flaw in the Microsoft Malware Protection Engine earlier this month, now comes another MMPE security update that plugs eight flaws that could lead to either remote code execution or to denial of service. Given that the Microsoft Malware Protection Engine powers a number of Microsoft antimalware software, DoS vulnerabilities should be considered serious, since a successfully exploited vulnerability could prevent the MMPE … More ?

Continue Reading:
8 RCE, DoS holes in Microsoft Malware Protection Engine plugged

FCC blames DDoS for weekend web lockout

Not down to people trying to file comments on issues rhyming with wetsuit balloty, it insists Vid   Problems faced by consumers hoping to submit comments to the Federal Communications Commission over the weekend were caused by a denial of service attack, the US government agency admits.…

More:
FCC blames DDoS for weekend web lockout

Malware Hunter: Find C&C servers for botnets

Recorded Future and Shodan released Malware Hunter, a specialized crawler for security researchers that explores the Internet to find computers acting as remote access trojan (RAT) command and control centers. What Malware Hunter does Malware Hunter unearths computers hosting RAT controller software that remotely controls malware-infected computers and instructs them to execute malicious activities such as recording audio, video, and keystrokes on a victim’s machine. Using command and control servers, attackers can launch widescale attacks … More ?

Read more here:
Malware Hunter: Find C&C servers for botnets

How to securely deploy medical devices within a healthcare facility

The risks insecure medical devices pose to patient safety are no longer just theoretical, and compromised electronic health records may haunt patients forever. A surgical robot, pacemaker, or other life critical device being rendered non-functional would give a whole new, and wholly undesirable, meaning to denial of service. Malware like MEDJACK has been used to infect medical devices and use them as staging grounds to attack medical records systems. IoT ransomware is on the rise … More ?

Continue reading here:
How to securely deploy medical devices within a healthcare facility

Mysterious Hajime botnet has pwned 300,000 IoT devices

The Dark Knight of malware’s purpose remains unknown Hajime – the “vigilante” IoT worm that blocks rival botnets – has built up a compromised network of 300,000 malware-compromised devices, according to new figures from Kaspersky Lab.…

Read More:
Mysterious Hajime botnet has pwned 300,000 IoT devices