Tag: Threats
There’s a lot of speculation in cryptocurrency right now. People are mining coins all over the place, and even though it’s getting harder and harder to make money mining coins, interest is still high. All it costs is money for the power bill. So, of course, clever people are figuring out how to use other people’s power…
Read MoreApplications are the lifeblood of our enterprises. Not many organizations can survive in a pencil and paper world. They are all dependent on IT with applications doing the heavy lifting of arranging, tracking, processing, communicating, and calculating daily business. But applications are no longer singular programs running on one computer, they are huge collections of…
Read MoreF5 researchers recently noticed a new campaign exploiting a vulnerability in Microsoft Internet Information Services (IIS) 6.0 servers (CVE–2017–7269) in order to mine Electroneum crypto-currency. Last year, ESET security researchers reported that the same IIS vulnerability was abused to mine Monero, and install malware to launch targeted attacks against organizations by the notorious “Lazarus” group.…
Read MorePrivacy today isn’t just about staying away from prying eyes. The very act of communicating across the Internet with open, non-confidential protocols invites exposure to multiple threat types. Source link lol
Read MoreIt’s a sad state of Internet affairs when the US government must publish a US-CERT Alert about Russia targeting US entities through negligent network infrastructure misconfigurations.1 In Alert TA18-106A, US-CERT discloses that since 2015, the US government, in partnership with the UK, has been receiving data from numerous sources that “large numbers” of enterprise-class and…
Read MoreThe rise of poorly secured Internet of Things (IoT) devices has made it possible for attackers to gain access to targets of interest. Nation-states, spies, mercenaries, and others don’t need to dress up as repairmen to plant bugs in rooms anymore; they can just hack into a room that has vulnerable IoT devices. In May,…
Read MoreFigure 16: QA Injection alert, “Page Injected!” Conclusion Panda’s expansion beyond traditional banking targets is following the trend we noticed during the 2017 holiday season.5 This is the first campaign we have seen targeting cryptocurrency sites, but it’s a move that makes sense, given the popularity of cryptocurrency. This act of simultaneous campaigns targeting several…
Read MoreExecutive Summary Like coral reefs teeming with a variety of life, web applications are “colony creatures.” They consist of a multitude of independent components, running in separate environments with different operational requirements and supporting infrastructure (both in the cloud and on premises) glued together across networks. In this report, we examine that series of interacting…
Read MoreMost don’t, according to BuiltWith, a site that tracks the technologies websites use. Based on its latest data, a paltry .2% of sites on the Internet include CSP headers. Digging further, 8.4% of the Quantcast Top 10,000 have used CSP headers. Which sounds better until you do the math. That’s only 840 sites. By…
Read MorePotential Attacks and Impact We stumbled upon the issues with cellular IoT devices during our “Hunt for IoT” research of devices that were infected by Mirai. Attackers know how to exploit these systems and are actively monitoring them. Sierra Wireless, one of the largest manufacturers of cellular IoT devices, issued a public statement describing how…
Read More