Tag: Threats
Win I am righting something four a blog, I make shore that I am using the write homophones. Eye cannot tell you enough how embarrassing it is win I use the wrong word. For grammarians—who are really grammar pedants with a penchant for pointing out other folks’ grammatical faux pas—homographic mistakes are the ones most…
Read MoreNew information sheds light on Sabu’s activities following the revelation of his identity. Source link lol
Read MoreHow in the world do Death Star-sized botnets come about? Attackers don’t possess such immense power on their own; they must commandeer it. That means they’re perpetually on the hunt for vulnerable IoT devices that they can compromise. F5 Labs and our data partner, Loryka1, have been monitoring this hunt for over a year…
Read MoreThis article was revised 5/15/17 at 9:12 a.m. (PDT) with updated recommendations. Over a dozen years ago, malware pioneer Dr. Peter Tippett coined the expression “virus disaster,” which describes the point at which more than 25 machines are infected on a single network as the “tipping point” for complete shutdown of a network.1 The new…
Read MoreFigure 2: Authentication success! While Intel didn’t come out and tell everyone exactly what the problem was, the guys at Tenable figured it out within minutes,2 and even show how simple it would be to exploit via Burp Suite. They’ve updated Nessus3 to scan for it, and everyone is broadly recommending that we all disable ports…
Read MoreI was chatting recently with a coworker who had just returned from a DevOpsy-focused conference. She mentioned she had met a woman whose entire role was focused on finding “lost” cloud instances (that is, virtual servers running in a public or private cloud network). Her entire job is just to find those instances and get…
Read MoreNeed-to-Know Facts CVE-2017-74942 has a CVSS Score of 7.5 (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)3. This vulnerability is the Linux version of WannaCry, appropriately named SambaCry. A malicious Samba client that has write access to a Samba share could use this flaw to execute arbitrary code typically as root. The flaw allows a malicious client to upload a shared library to…
Read More2016 has been called “the year of stolen credentials,” and with good reason. Between the massive breaches at Yahoo, LinkedIn, MySpace, Tumblr,1 Twitter,2 and Dropbox,3 just to name a few, it’s estimated that over 2 billion records were stolen. Although attackers steal all kinds of data, a vast majority of what’s stolen are user credentials,…
Read MoreAll businesses watch their bottom line. That’s unsurprising. Those that provide technology to consumers (whether IoT device manufacturers or your local ISP that provides your home router) are particularly careful about balancing product support with ease of use. That can lead to what the inventors no doubt believe is an ingenious method of determining passwords…
Read MoreThe financial trojan TrickBot has been updating its campaigns and targets since F5 malware researchers started following it in September 2016. This is expected behavior because attackers need to continually update their targets and methods to evade detection. Previously, TrickBot, the successor to Dyre, targeted financial institutions in Europe, Australia, New Zealand, and Canada. TrickBot’s May 2017…
Read More