β U.S. Government Goes After North Koreaβs Joanap Botnet β
π Read
via "Threatpost | The first stop for security news".
The Department of Justice is looking to dismantle the Joanap botnet, which has been built and controlled by North Korea-linked hackers since 2009.π Read
via "Threatpost | The first stop for security news".
Threat Post
U.S. Government Goes After North Koreaβs Joanap Botnet
The Department of Justice is looking to dismantle the Joanap botnet, which has been built and controlled by North Korea-linked hackers since 2009.
β Airbus Data Takes Flight: Billions of Credentials Dumped on Dark Web β
π Read
via "Threatpost | The first stop for security news".
A cyberattack lifts employee data at the French aerospace giant as news hits of "Collections 2-5" being passed around the underground.π Read
via "Threatpost | The first stop for security news".
Threat Post
Airbus Data Takes Flight; and Billions of Credentials Dumped on Dark Web
A cyberattack lifts employee data at the French aerospace giant as news hits of "Collections 2-5" being passed around the underground.
β 2019 Already Marred By Slew of Data Breach Incidents β
π Read
via "Threatpost | The first stop for security news".
So far, 2019 shows no signs of a decline in data incidents.π Read
via "Threatpost | The first stop for security news".
Threat Post
2019 Already Marred By Slew of Data Breach Incidents
So far, 2019 shows no signs of a decline in data incidents.
π΄ Airbus Employee Info Exposed in Data Breach π΄
π Read
via "Dark Reading: ".
Few details as yet on a cyberattack that hit Airbus' commercial aircraft business.π Read
via "Dark Reading: ".
Darkreading
Airbus Employee Info Exposed in Data Breach
Few details as yet on a cyberattack that hit Airbus' commercial aircraft business.
π΄ Dell, CrowdStrike, Secureworks Join Forces to Secure Endpoints π΄
π Read
via "Dark Reading: ".
Dell SafeGuard and Response is geared toward businesses, governments, and schools that may lack resources they need to detect and remediate sophisticated threats.π Read
via "Dark Reading: ".
Darkreading
Dell, CrowdStrike, Secureworks Join Forces to Secure Endpoints
Dell SafeGuard and Response is geared toward businesses, governments, and schools that may lack resources they need to detect and remediate sophisticated threats.
π΄ 8 Cybersecurity Myths Debunked π΄
π Read
via "Dark Reading: ".
The last thing any business needs is a swarm of myths and misunderstandings seeding common and frequent errors organizations of all sizes make in safeguarding data and infrastructure.π Read
via "Dark Reading: ".
Darkreading
8 Cybersecurity Myths Debunked
The last thing any business needs is a swarm of myths and misunderstandings seeding common and frequent errors organizations of all sizes make in safeguarding data and infrastructure.
β Prepare to Defend Your Network Against Swarm-as-a-Service β
π Read
via "Threatpost | The first stop for security news".
Swarm technology may be a game changer for the bad guys if organizations donβt change their tactics.π Read
via "Threatpost | The first stop for security news".
Threat Post
Prepare to Defend Your Network Against Swarm-as-a-Service
Swarm technology may be a game changer for the bad guys if organizations donβt change their tactics.
π How to stay safe from Super Bowl-related cybersecurity risks π
π Read
via "Security on TechRepublic".
βFrom counterfeit tickets to live streaming deals--Super Bowl 53 can generate a slew of cybersecurity risks. Learn how to protect yourself.π Read
via "Security on TechRepublic".
TechRepublic
How to stay safe from Super Bowl-related cybersecurity risks
βFrom counterfeit tickets to live streaming deals, Super Bowl 53 can generate a slew of cybersecurity risks. Learn how to protect yourself.
β TheMoon Rises Again, With a Botnet-as-a-Service Threat β
π Read
via "Threatpost | The first stop for security news".
A new module allows it to be rented to other malicious actors -- and it's likely other new capabilities are coming down the pike.π Read
via "Threatpost | The first stop for security news".
Threat Post
TheMoon Rises Again, With a Botnet-as-a-Service Threat
A new module allows it to be rented to other malicious actors β and it's likely other new capabilities are coming down the pike.
β Facebook Boots Hundreds of Iran-Linked Accounts For Spreading Misinformation β
π Read
via "Threatpost | The first stop for security news".
Facebook is continuing to crack down on misinformation, political meddling, and "coordinated inauthentic behavior" on its platform.π Read
via "Threatpost | The first stop for security news".
Threat Post
Facebook Boots Hundreds of Iran-Linked Accounts For Spreading Misinformation
Facebook is continuing to crack down on misinformation, political meddling, and "coordinated inauthentic behavior" on its platform.
π΄ Cisco Router Vulnerability Gives Window into Researchers' World π΄
π Read
via "Dark Reading: ".
The research around a recent vulnerability shows how researchers follow leads and find unexpected results.π Read
via "Dark Reading: ".
Darkreading
Cisco Router Vulnerability Gives Window into Researchers' World
The research around a recent vulnerability shows how researchers follow leads and find unexpected results.
β Google says sorry for pulling a Facebook with monitoring program β
π Read
via "Naked Security".
It was using the same Apple enterprise back door as Facebook to get its market research done, but it owned up and backed off.π Read
via "Naked Security".
Naked Security
Google says sorry for pulling a Facebook with monitoring program
It was using the same Apple enterprise back door as Facebook to get its market research done, but it owned up and backed off.
β Microsoft Azure data deleted because of DNS outage β
π Read
via "Naked Security".
Users of Microsoftβs Azure system lost database records as part of a mass outage on Tuesday. A combination of DNS problems and automated scripts were to blame, said reports.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Hacker talks to baby through Nest security cam, jacks up thermostat β
π Read
via "Naked Security".
Yet another family unnerved by yet another voice coming from a nursery webcam serves as yet another argument against password reuse.π Read
via "Naked Security".
Naked Security
Hacker talks to baby through Nest security cam, jacks up thermostat
Yet another family unnerved by yet another voice coming from a nursery webcam serves as yet another argument against password reuse.
ATENTIONβΌ New - CVE-2017-18361
π Read
via "National Vulnerability Database".
In Pylons Colander through 1.6, the URL validator allows an attacker to potentially cause an infinite loop thereby causing a denial of service via an unclosed parenthesis.π Read
via "National Vulnerability Database".
β Credential dump contains another 2.2 billion pwned accounts β
π Read
via "Naked Security".
How many user credentials have fallen into the hands of criminals during a decade of data breaches? Billions, according to two recent discoveries.π Read
via "Naked Security".
Naked Security
Credential dump contains another 2.2 billion pwned accounts
How many user credentials have fallen into the hands of criminals during a decade of data breaches? Billions, according to two recent discoveries.
π Spectre and Meltdown explained: A comprehensive guide for professionals π
π Read
via "Security on TechRepublic".
Staying up to date on Spectre and Meltdown can be challenging. This guide includes in-depth explanations about these uniquely dangerous security vulnerabilities and the best mitigation solutions.π Read
via "Security on TechRepublic".
TechRepublic
Spectre and Meltdown explained: A comprehensive guide for professionals
Staying up to date on Spectre and Meltdown can be challenging. This guide includes in-depth explanations about these uniquely dangerous security vulnerabilities and the best mitigation solutions.
π΄ Study the Cutting Edge of Cybersecurity at Black Hat Asia π΄
π Read
via "Dark Reading: ".
Whether you want an in-depth look at one of the biggest data breaches in recent memory or some advanced data forensics training, Black Hat Asia is the place to be.π Read
via "Dark Reading: ".
Dark Reading
Study the Cutting Edge of Cybersecurity at Black Hat Asia
Whether you want an in-depth look at one of the biggest data breaches in recent memory or some advanced data forensics training, Black Hat Asia is the place to be.
β Linux user? Check those patches! Public exploit published for systemd security holesβ¦ β
π Read
via "Naked Security".
A pair of bugs in a very widely used Linux system tool called systemd have just been "weaponised" - check you're patched!π Read
via "Naked Security".
Naked Security
Linux user? Check those patches! Public exploit published for systemd security holesβ¦
A pair of bugs in a very widely used Linux system tool called systemd have just been βweaponisedβ β check youβre patched!
<b>⌨ 250 Webstresser Users to Face Legal Action ⌨</b>
<code>More than 250 customers of a popular and powerful online attack-for-hire service that was dismantled by authorities in 2018 are expected to face legal action for the damage they caused, according to Europol, the European Unionβs law enforcement agency.</code><code>In April 2018, investigators in the U.S., U.K. and the Netherlands took down attack-for-hire service WebStresser[.]org and arrested its alleged administrators. Prior to the takedown, the service had more than 151,000 registered users and was responsible for launching some four million attacks over three years. Now, those same authorities are targeting people who paid the service to conduct attacks.</code><code>Media</code><code>Webstresser.org (formerly Webstresser.co), as it appeared in 2017.</code><code>In the United Kingdom, police have seized more than 60 personal electronic devices from a number of Webstresser users, and some 250 customers of the service will soon face legal action, Europol said in a statement released this week.</code><code>βSize does not matter β all levels of users are under the radar of law enforcement, be it a gamer booting out the competition out of a game, or a high-level hacker carrying out DDoS attacks against commercial targets for financial gain,β Europol officials warned.</code><code>The focus on Webstresserβs customers is the latest phase of βOperation Power Off,β which targeted one of the most active services for launching point-and-click distributed denial-of-service (DDoS) attacks. WebStresser was one of many so-called βbooterβ or βstresserβ services β virtual hired muscle that even completely unskilled users can rent to knock nearly any website or Internet user offline.</code><code>Operation Power Off is part of a broader law enforcement effort to disrupt the burgeoning booter service industry and to weaken demand for such services. In December, authorities in the United States filed criminal charges against three men accused of running booter services, and orchestrated a coordinated takedown of 15 different booter sites.</code><code>Media</code><code>This seizure notice appeared on the homepage of more than a dozen popular βbooterβ or βstresserβ DDoS-for-hire Web sites in December 2018.</code><code></code><code>The takedowns come as courts in the United States and Europe are beginning to hand down serious punishment for booter service operators, their customers, and for those convicted of launching large-scale DDoS attacks. Last month, a 34-year-old Connecticut man received a 10-year prison sentence for carrying out DDoS attacks a number of hospitals in 2014. Also last month, a 30-year-old in the United Kingdom was sentenced to 32 months in jail for using an army of hacked devices to crash large portions of Liberiaβs Internet access in 2016.</code><code>In December 2018, the ringleader of an online crime group that launched DDoS attacks against Web sites β including several against KrebsOnSecurity β was sentenced to three years in a U.K. prison. And in 2017, a 20-year-old from Britain was sentenced to two years in jail for renting out Titanium Stresser, a booter service that earned him $300,000 over several years it was in operation.</code><code>Many in the hacker community have criticized authorities for targeting booter service administrators and users and for not pursuing what they perceive as more serious cybercriminals, noting that the vast majority of both groups are young men under the age of 21 and are using booter services to settle petty disputes over online games.</code><code>But not all countries involved in Operation Power Off are taking such a punitive approach. In the Netherlands, the police and the prosecutorβs office have deployed new legal intervention called βHack_Right,β a diversion program intended for first-time cyber offenders. Europol says at least one user of Webstresser has already received this alternative sanction.</code><code>βSkillsβ¦
<code>More than 250 customers of a popular and powerful online attack-for-hire service that was dismantled by authorities in 2018 are expected to face legal action for the damage they caused, according to Europol, the European Unionβs law enforcement agency.</code><code>In April 2018, investigators in the U.S., U.K. and the Netherlands took down attack-for-hire service WebStresser[.]org and arrested its alleged administrators. Prior to the takedown, the service had more than 151,000 registered users and was responsible for launching some four million attacks over three years. Now, those same authorities are targeting people who paid the service to conduct attacks.</code><code>Media</code><code>Webstresser.org (formerly Webstresser.co), as it appeared in 2017.</code><code>In the United Kingdom, police have seized more than 60 personal electronic devices from a number of Webstresser users, and some 250 customers of the service will soon face legal action, Europol said in a statement released this week.</code><code>βSize does not matter β all levels of users are under the radar of law enforcement, be it a gamer booting out the competition out of a game, or a high-level hacker carrying out DDoS attacks against commercial targets for financial gain,β Europol officials warned.</code><code>The focus on Webstresserβs customers is the latest phase of βOperation Power Off,β which targeted one of the most active services for launching point-and-click distributed denial-of-service (DDoS) attacks. WebStresser was one of many so-called βbooterβ or βstresserβ services β virtual hired muscle that even completely unskilled users can rent to knock nearly any website or Internet user offline.</code><code>Operation Power Off is part of a broader law enforcement effort to disrupt the burgeoning booter service industry and to weaken demand for such services. In December, authorities in the United States filed criminal charges against three men accused of running booter services, and orchestrated a coordinated takedown of 15 different booter sites.</code><code>Media</code><code>This seizure notice appeared on the homepage of more than a dozen popular βbooterβ or βstresserβ DDoS-for-hire Web sites in December 2018.</code><code></code><code>The takedowns come as courts in the United States and Europe are beginning to hand down serious punishment for booter service operators, their customers, and for those convicted of launching large-scale DDoS attacks. Last month, a 34-year-old Connecticut man received a 10-year prison sentence for carrying out DDoS attacks a number of hospitals in 2014. Also last month, a 30-year-old in the United Kingdom was sentenced to 32 months in jail for using an army of hacked devices to crash large portions of Liberiaβs Internet access in 2016.</code><code>In December 2018, the ringleader of an online crime group that launched DDoS attacks against Web sites β including several against KrebsOnSecurity β was sentenced to three years in a U.K. prison. And in 2017, a 20-year-old from Britain was sentenced to two years in jail for renting out Titanium Stresser, a booter service that earned him $300,000 over several years it was in operation.</code><code>Many in the hacker community have criticized authorities for targeting booter service administrators and users and for not pursuing what they perceive as more serious cybercriminals, noting that the vast majority of both groups are young men under the age of 21 and are using booter services to settle petty disputes over online games.</code><code>But not all countries involved in Operation Power Off are taking such a punitive approach. In the Netherlands, the police and the prosecutorβs office have deployed new legal intervention called βHack_Right,β a diversion program intended for first-time cyber offenders. Europol says at least one user of Webstresser has already received this alternative sanction.</code><code>βSkillsβ¦
π΄ KISS, Cyber & the Humble but Nourishing Chickpea π΄
π Read
via "Dark Reading: ".
The combination of simple, straightforward, and methodical ingredients are the keys to developing a balanced and well-rounded security program.π Read
via "Dark Reading: ".
Dark Reading
KISS, Cyber & the Humble but Nourishing Chickpea
The combination of simple, straightforward, and methodical ingredients are the keys to developing a balanced and well-rounded security program.