Company News


Ransomware Plaguing Higher Education

eCampus News

A recent report found that Higher Education Institutions have now become the number one target for ransomware and other malware attacks. The report revealed that that one in 10 education organizations have found that ransomware has infected their networks.


City Banks Plan to Hoard Bitcoins to Help Them Pay Cyber Ransoms

The Guardian

Several of London’s largest banks are looking to stockpile bitcoins in order to pay off cyber criminals who threaten to bring down their critical IT systems. The virtual currency, which is highly prized by criminal networks because it cannot be traced, is being acquired by blue chip companies in order to pay ransoms, according to a leading IT expert.


6 Ways Developers Can Build in Better Password Security


Passwords remain by far the most commonly used method to authenticate users to applications and systems, despite long-standing efforts by technology industry leaders to find more secure alternatives. The growing number of attacks involving the theft or compromise of credentials over the past few years has focused more attention on ways to bolster the security of password-based authentication mechanisms, including multifactor authentication mechanisms, the proliferation of password management services such as Dashlane and LastPass, and the growing use of technologies such as strong encryption keys.


NSA Contractor Arrest Highlights Risk from Insider Threats


It was revealed last week that the FBI had secretly arrested a former NSA contractor in August. The New York Times reported that an investigation is ongoing to determine whether the individual stole and/or disclosed highly classified code for an application the NSA uses to hack the networks of foreign governments. The situation seems eerily similar to the Edward Snowden leak, and has drawn renewed attention to insider threats and the risks posed by authorized users granted access to sensitive information in corporate networks.


Let's Get Serious About IoT Security


No one doubts anymore that internet of things (IoT) devices pose a huge security threat, as a recent massive IoT-fueled DDoS attack made clear. But what many enterprises have yet to wake up to is that major structural changes are needed, involving IT and C-level executives above IT. IoT is a new and different kind of threat that can’t be effectively battled in an old-fashioned way.


Yahoo Do You Think You Are? Email Forwarding Disabled Making it Hard for Users to Leave

International Business Times

Yahoo users currently have good reasons for wanting to leave its email service, with reports that the company allowed America's intelligence services to spy on users' messages coming fresh off the heels of a colossal breach that saw the accounts of at least 500 million customers stolen. Yet Yahoo appears to be holding on tight to those attempting to jump ship, and is now preventing customers from forwarding e-mail to new addresses.


Powerful New Cyberweapon Can Take Down Portions of Internet

Epoch Times

A new tool, which is now among the most powerful known cyberweapons, was posted on the internet on Oct. 1 for anyone to use. Cybersecurity experts are now warning that in the coming months, we could see cyberattacks on new scales of power and prevalence.


Internet of Things Comes Back to Bite Us as Hackers Spread Botnet Code


Consumers around the world could see their home Internet speeds slow in the coming weeks due to a recent release of software that allows hackers to use Internet-connected devices to attack websites. The source code for Mirai, a tool that creates what are known as botnets, has been released on the so-called dark web, sites that require specific software or authorization to access and that operate as a sort of online underground for hackers. The release was announced Friday on Hackforums, a hacker discussion board. Two security experts contact by USA TODAY looked at the source code and confirmed it was this botnet tool.


Mirai IoT DDoS Botnet Source Code Reveals Specific Targeting Of Valve Source Engine Games On Steam

Hot Hardware

The source code for the Mirai IoT DDoS botnet is now out in the open. Mirai is the botnet that was able to flood KrebsOnSecurity with 620 gigabits per second of traffic using a horde of zombine IoT devices. The attack was so devastating that Akamai cancelled its pro bono hosting arrangement with Brian Krebs. However, with Mirai source code now out for anyone to take advantage of, we may be seeing even more wide-scale DDoS attacks taking place in the future.


Code in the wild to infect millions of IoT devices for crippling DDoS attacks


Mirai is the name of the malware that turns insecure IoT gadgets into a botnet. Security journalist Brian Krebs, who found the leaked source code on Hackforums, said Mirai “spreads to vulnerable devices by continuously scanning the internet for IoT systems protected by factory default or hard-coded usernames and passwords.” Krebs, as you likely know, has been a victim of an IoT botnet that launched a record-breaking DDoS attack against his site.


IoT DDoS Attack Code Released

Dark Reading

The perpetrator of a massive distributed denial-of-service (DDoS) attack on the KrebsOnSecurity website last month has publicly released the code used in the assault in a move that security analysts fear could make it much easier for others to launch similar salvos.


Why a Hacker Dumped Code Behind Colossal Website-Trampling Botnet


Now you can build your own mega botnet.

A hacker going by the name “Anna-senpai” released the source code that controlled an army of zombified Internet of Things devices that recently barraged KrebsOnSecurity, a website operated by Brian Krebs, an independent security researcher and blogger. An attacker had used the code to launch a massive distributed denial of service attack against the site’s computer servers, reaching a staggering maximum of 620 gigabits per second (Gbps) in bogus Internet traffic during the pummeling.


NO Cyber Protection for Financial Institutions

Telecom Reseller

Back in April of this year, the Swift international money transfer network which connects 11,000 global banks in over 200 countries, was used to steal $81 million from the central bank of Bangladesh. It appears that for some hackers, banks are a better target for stealing larger amounts of money rather than the individual consumers.


A Massive Wave of Cybercrime Coming


Get ready for biggest year yet in cybercrime. We have learned over the last few years that hackers have honed their penetration skills to the point that any targeted company can easily become a victim. Most business owners have accepted that being connected to the Internet means that they can and probably will be compromised regardless of the defensive measures taken. It is more than just a game of probability. Every company in every country that is connected to the Internet will definitely get compromised but, how, when and what will be taken is the big question. Today, it seems that most business owners are willing to take the chance and they probably have to in order to stay competitive.


The Companies You Trust are Stealing From You


With the recent formal notice to Microsoft by France’s National Data Protection Commission (CNIL), it is apparent that Microsoft is taking too many liberties with user data.

Mike Patterson, founder and CEO security analytics firm Plixer, noticed that even after disabling everything he could find to stop this data transfer, some form of metadata is still sent to Microsoft every 5 minutes.

Further research found that:

  • The content was encrypted in a way that made it impossible to determine what was being sent. This extra effort to encrypt indicates that Microsoft not only didn’t want non-authorized users of the machine from accessing the data—they also didn’t want the end-user knowing what was being sent.
  • There is a group policy feature called Allow Telemetry, which is a setting that determines how many telemetry details are sent back to Microsoft.
  • The only way to disable this entirely, unfortunately, is to purchase an Enterprise version of Windows 10.

In addition to Microsoft Windows 10, Patterson’s research also found that electronics company Plantronics and antivirus firm McAfee are doing this, too:

  1. Plantronics were sending encrypted data over HTTP port 80 every minute
  2. McAfee would send data using a DNS look-up that in many companies bypasses security mechanisms.

Tune into this webinar to get a look at how the research was conducted, exactly what information these companies take from you and why the practice of DIGing (Dubious Information Gathering) is bigger than cybercrime.


Cisco Battles Shadow Broker Exploits


Cisco has swung into action to combat a hacker group's exploitation of vulnerabilities in its firmware. The group, known as the "Shadow Brokers," released online malware and other exploits it claimed to have stolen from the Equation Group, which is believed to have ties to the United States National Security Agency.


State Officials Warn Congress: Don't Damage Public Confidence in Election Systems

SC Magazine

An association of state officials has published an open letter that seeks to strengthen public confidence in the electoral process, in light of research that has raised questions about the security of voting machines.


Email is a Terrible Technology but Its Users are the Bigger Problem

International Business Times

Email is a communication standard that is almost 50 years old. It is the number one vector that cybercriminals use to hack into our computers and it is a hugely outdated and unwieldy tool for modern communication.


Education Sector Bullied by Ransomware and Can Barely Defend Itself

SC Magazine

As ransomware activity has continued to increase across every industry over the last year, BitSight researchers found the education sector has been bullied by the highest rates of attack while having the least protected systems among the sectors researchers observed.


Shadow Brokers' Cisco Vulnerability Exploited in the Wild

Tech Target

Cisco released a security advisory for another vulnerability exposed by the Shadow Brokers' cyberweapons dump, which is currently being used to exploit affected systems.

Page 1 of 17