Tag: Cybercrime
A DNS amplification attack floods the victim’s server with a tsunami of fake requests. DNS Hijacking Who owns what domain name and what DNS servers are designated to answer queries are managed by Domain Registrars8. These are commercial services, such as GoDaddy, eNom, and Network Solutions Inc., where there are registered accounts storing this information.…
Read MoreFigure 1: CVE-2017-5638 campaign The exploit triggers the vulnerability via the Content-Type header value, which the attacker customized with shell commands to be executed if the server is vulnerable. In the first days of this campaign, shell commands were observed to infect the machine with the “PowerBot” malware, which is written in PERL, and uses…
Read MoreOne of the weakest links in our cyber defenses is the human factor. The (ISC)2 Cybersecurity Trends Report for 2017 stated that cybersecurity professionals are most concerned about phishing attacks.1 But phishing is just one of many social engineered attacks mediated by technology. Now we are seeing an upswing in virtual kidnapping scams. How the Scam Works…
Read MoreMarcher targets focused on European, Australian, and Latin American banks, along with PayPal, eBay, Facebook, WhatsApp, Viber, Gmail, and Yahoo—all in the month of March. Source link lol
Read MoreThe LulzSec attack of Sony Pictures is an illustrative example. Sony Pictures was running several prize giveaways as part of a marketing campaign. LulzSec used a basic SQL injection1 to breach the SonyPictures.com database and grabbed the usernames, passwords, and personal profiles of over one million registered users. They then dumped the data to Pastebin.…
Read MoreWin I am righting something four a blog, I make shore that I am using the write homophones. Eye cannot tell you enough how embarrassing it is win I use the wrong word. For grammarians—who are really grammar pedants with a penchant for pointing out other folks’ grammatical faux pas—homographic mistakes are the ones most…
Read MoreNew information sheds light on Sabu’s activities following the revelation of his identity. Source link lol
Read MoreThis article was revised 5/15/17 at 9:12 a.m. (PDT) with updated recommendations. Over a dozen years ago, malware pioneer Dr. Peter Tippett coined the expression “virus disaster,” which describes the point at which more than 25 machines are infected on a single network as the “tipping point” for complete shutdown of a network.1 The new…
Read MoreFigure 2: Authentication success! While Intel didn’t come out and tell everyone exactly what the problem was, the guys at Tenable figured it out within minutes,2 and even show how simple it would be to exploit via Burp Suite. They’ve updated Nessus3 to scan for it, and everyone is broadly recommending that we all disable ports…
Read MoreI was chatting recently with a coworker who had just returned from a DevOpsy-focused conference. She mentioned she had met a woman whose entire role was focused on finding “lost” cloud instances (that is, virtual servers running in a public or private cloud network). Her entire job is just to find those instances and get…
Read More