main

Security

How are IoT Skills different than IT Skills?

April 27, 2017 — by Carl Herberger0

it-vs-iot-skills-960x640.jpg

I believe by now, most people have come to know the perfect harmony, a revolution, taking place whereby automation and interconnectivity is intersecting newly developed or innovated devices which can be controlled and communicated remotely. This revolution is called the Internet of Things (IoT) and is transforming once-stodgy manufacturers into massive technology giants, old electric companies into the world’s largest interconnected network of lights, meters and transformer stations, and have the possibility to permeate nearly every aspect of our lives, including the ability to transform our love lives and the prospect of our health and quality of living.

Attack Types & VectorsSecurity

Hajime – Sophisticated, Flexible, Thoughtfully Designed and Future-Proof

April 26, 2017 — by Pascal Geenens0

hajime-botnet-960x540.jpg

A glimpse into the future of IoT Botnets

On Oct 16th, Sam Edwards and Ioannis Profetis from Rapidity Networks published a report on a new malware they discovered and named “Hajime.” The report came in the aftermath of the release of the Mirai source code and Mirai’s attacks on Krebs and OVH. Before Hajime was able to make headlines, Mirai was attributed to the attacks that took down Dyn on Oct 21st and lead to a large array of Fortune 500 companies such as Amazon, Netflix, Twitter, CNN, and Spotify being unreachable most of that day. Hajime evaded the attention but kept growing steadily and breeding in silence.

Attack Types & VectorsSecurity

OpIsrael 2017

April 25, 2017 — by Daniel Smith0

opisrael-skyline-960x640.jpg

Ideology, politics and religious differences are at the core of operation OpIsrael. OpIsrael is launched by Anonymous with the stated goal of “erasing Israel from the internet” in protest against the Israeli governments’ conduct in the Israeli- Palestinian conflict. This is a yearly operation and was created in 2012. It starts every year on April 7th and ends on April 20th. This operation sees participants from Anonymous, AnonGhost, Red Cult, Anonymous Lebanon, Mauritania Attackers, Cyber Team Tox, M0oDyPL, MCA DDoS Team and LaResistance Hacking Team along with other independent attackers.

Attack Types & VectorsSecurity

BrickerBot.3: The Janit0r is back, with a vengeance

April 21, 2017 — by Pascal Geenens1

brickerbot-4-featured-1-960x540.jpg

In early April, we identified a new botnet designed to comprise IoT devices and corrupt their storage. Over a four-day period, our honeypots recorded 1,895 PDoS attempts performed from several locations around the world. Its sole purpose was to compromise IoT devices and corrupt their storage. Besides this intense, short-lived bot (BrickerBot.1), our honeypots recorded attempts from a second, very similar bot (BrickerBot.2) which started PDoS attempts on the same date – both bots were discovered less than one hour apart –with lower intensity but more thorough and its location(s) concealed by TOR egress nodes.

Security

Why There Is No API Security

April 19, 2017 — by David Monahan0

api-security-960x589.jpg

Whether we see them or not, application programming interfaces (APIs) are a crucial part of business today. They are used in virtually every aspect of IT and DevOps. APIs facilitate and even drive B2B and B2C partnerships, ecommerce acceleration, systems and application automation, and solution integrations. Without them, business and IT shops would not be able to deliver services anywhere near as fast and efficiently as they do today. However, this speed comes at a cost. User security is often a trade-off between security and usability and there seems to be a similar trade-off with leveraging APIs.

Security

A fifth of millennials would rather the U.S. government see what’s on their phone than their significant other

April 18, 2017 — by Radware0

harris-poll-govt-privacy-960x640.jpg

Breaches of personal data have big consequences. Ask any user of Ashley Madison. Ask executives at Sony. Ask Hillary Clinton’s campaign. And, as we learned from the recent Wikileaks dump, all those private messages you’re sending may not be so private.

So, if you had to choose, who would you rather have view what is on your phone? The government? Or your significant other?

Attack Types & VectorsSecurity

Why ISP DDoS Services Typically Fail

April 12, 2017 — by David Monahan0

isp-ddos-protection-960x528.jpg

Over the last couple of years, I wrote about DDoS attacks several times—with good reason. They are increasing in size and intensity. Each year more homes are connected to the Internet; consumers and businesses increase their access connection bandwidth; and more devices are online at each connection. With all these connected devices, many of which have little to no protection, the field is ripe for threat actors to harvest DDoS attack hosts, a.k.a. bots.

Security

HTTPS Interception – How To Use It Without Concern

April 11, 2017 — by Lior Rozen0

https-interception-960x720.jpg

Network privacy is making its way more and more into the news these days. As much as we are eager to share and get responses to our personal moments on social media, we are even more eager to protect our private data. The privacy concern has become even stronger ever since we discovered as part of the Snowden revelations that the U.S. government (as well as others) is actually inspecting all internet communication.