A recent report found that Higher Education Institutions have now become the number one target for ransomware and other malware attacks. The report revealed that that one in 10 education organizations have found that ransomware has infected their networks.
Several of London’s largest banks are looking to stockpile bitcoins in order to pay off cyber criminals who threaten to bring down their critical IT systems. The virtual currency, which is highly prized by criminal networks because it cannot be traced, is being acquired by blue chip companies in order to pay ransoms, according to a leading IT expert.
Passwords remain by far the most commonly used method to authenticate users to applications and systems, despite long-standing efforts by technology industry leaders to find more secure alternatives. The growing number of attacks involving the theft or compromise of credentials over the past few years has focused more attention on ways to bolster the security of password-based authentication mechanisms, including multifactor authentication mechanisms, the proliferation of password management services such as Dashlane and LastPass, and the growing use of technologies such as strong encryption keys.
It was revealed last week that the FBI had secretly arrested a former NSA contractor in August. The New York Times reported that an investigation is ongoing to determine whether the individual stole and/or disclosed highly classified code for an application the NSA uses to hack the networks of foreign governments. The situation seems eerily similar to the Edward Snowden leak, and has drawn renewed attention to insider threats and the risks posed by authorized users granted access to sensitive information in corporate networks.
No one doubts anymore that internet of things (IoT) devices pose a huge security threat, as a recent massive IoT-fueled DDoS attack made clear. But what many enterprises have yet to wake up to is that major structural changes are needed, involving IT and C-level executives above IT. IoT is a new and different kind of threat that can’t be effectively battled in an old-fashioned way.
Yahoo users currently have good reasons for wanting to leave its email service, with reports that the company allowed America's intelligence services to spy on users' messages coming fresh off the heels of a colossal breach that saw the accounts of at least 500 million customers stolen. Yet Yahoo appears to be holding on tight to those attempting to jump ship, and is now preventing customers from forwarding e-mail to new addresses.
A new tool, which is now among the most powerful known cyberweapons, was posted on the internet on Oct. 1 for anyone to use. Cybersecurity experts are now warning that in the coming months, we could see cyberattacks on new scales of power and prevalence.
Consumers around the world could see their home Internet speeds slow in the coming weeks due to a recent release of software that allows hackers to use Internet-connected devices to attack websites. The source code for Mirai, a tool that creates what are known as botnets, has been released on the so-called dark web, sites that require specific software or authorization to access and that operate as a sort of online underground for hackers. The release was announced Friday on Hackforums, a hacker discussion board. Two security experts contact by USA TODAY looked at the source code and confirmed it was this botnet tool.
The source code for the Mirai IoT DDoS botnet is now out in the open. Mirai is the botnet that was able to flood KrebsOnSecurity with 620 gigabits per second of traffic using a horde of zombine IoT devices. The attack was so devastating that Akamai cancelled its pro bono hosting arrangement with Brian Krebs. However, with Mirai source code now out for anyone to take advantage of, we may be seeing even more wide-scale DDoS attacks taking place in the future.
Mirai is the name of the malware that turns insecure IoT gadgets into a botnet. Security journalist Brian Krebs, who found the leaked source code on Hackforums, said Mirai “spreads to vulnerable devices by continuously scanning the internet for IoT systems protected by factory default or hard-coded usernames and passwords.” Krebs, as you likely know, has been a victim of an IoT botnet that launched a record-breaking DDoS attack against his site.
The perpetrator of a massive distributed denial-of-service (DDoS) attack on the KrebsOnSecurity website last month has publicly released the code used in the assault in a move that security analysts fear could make it much easier for others to launch similar salvos.
Now you can build your own mega botnet.
A hacker going by the name “Anna-senpai” released the source code that controlled an army of zombified Internet of Things devices that recently barraged KrebsOnSecurity, a website operated by Brian Krebs, an independent security researcher and blogger. An attacker had used the code to launch a massive distributed denial of service attack against the site’s computer servers, reaching a staggering maximum of 620 gigabits per second (Gbps) in bogus Internet traffic during the pummeling.
Back in April of this year, the Swift international money transfer network which connects 11,000 global banks in over 200 countries, was used to steal $81 million from the central bank of Bangladesh. It appears that for some hackers, banks are a better target for stealing larger amounts of money rather than the individual consumers.
Get ready for biggest year yet in cybercrime. We have learned over the last few years that hackers have honed their penetration skills to the point that any targeted company can easily become a victim. Most business owners have accepted that being connected to the Internet means that they can and probably will be compromised regardless of the defensive measures taken. It is more than just a game of probability. Every company in every country that is connected to the Internet will definitely get compromised but, how, when and what will be taken is the big question. Today, it seems that most business owners are willing to take the chance and they probably have to in order to stay competitive.
With the recent formal notice to Microsoft by France’s National Data Protection Commission (CNIL), it is apparent that Microsoft is taking too many liberties with user data.
Mike Patterson, founder and CEO security analytics firm Plixer, noticed that even after disabling everything he could find to stop this data transfer, some form of metadata is still sent to Microsoft every 5 minutes.
Further research found that:
In addition to Microsoft Windows 10, Patterson’s research also found that electronics company Plantronics and antivirus firm McAfee are doing this, too:
Tune into this webinar to get a look at how the research was conducted, exactly what information these companies take from you and why the practice of DIGing (Dubious Information Gathering) is bigger than cybercrime.
Cisco has swung into action to combat a hacker group's exploitation of vulnerabilities in its firmware. The group, known as the "Shadow Brokers," released online malware and other exploits it claimed to have stolen from the Equation Group, which is believed to have ties to the United States National Security Agency.
An association of state officials has published an open letter that seeks to strengthen public confidence in the electoral process, in light of research that has raised questions about the security of voting machines.
Email is a communication standard that is almost 50 years old. It is the number one vector that cybercriminals use to hack into our computers and it is a hugely outdated and unwieldy tool for modern communication.
As ransomware activity has continued to increase across every industry over the last year, BitSight researchers found the education sector has been bullied by the highest rates of attack while having the least protected systems among the sectors researchers observed.
Cisco released a security advisory for another vulnerability exposed by the Shadow Brokers' cyberweapons dump, which is currently being used to exploit affected systems.