City officials confirm that Atlanta is dealing with a cyberattack that has locked down some internal systems and is holding them hostage using ransomware.
Archives - March 2018
Latest ESET research strongly suggests that Glupteba is no longer tied to the infamous Operation Windigo.
The study found that the more time users spent on pirate sites the higher the likelihood that some type of malware would compromise their computers.
The lottery's operator has found that attackers probably used an automated method known as 'credential stuffing' to access up to 150 customer accounts.
Malware in the official Google store never stops appearing. For cybercriminals, sneaking their malicious applications into the marketplace of genuine apps is a huge victory.
The report also sheds light on how not to go about attracting new hires. Vague and inaccurate job descriptions along with job postings that include insufficient qualifications were found to top the list of turnoffs for many jobseekers
Diverse background can contribute to your organization's security. Here are some tips to get more diversity in security perspectives.
The latest episode of this series marks the halfway point in the third season and, in addition to some amazing camerawork there are several examples of actions related to IT security that crop up throughout the episode.
ESET researchers dicovered that Trojanized applications used to steal bitcoin were hosted inadvertently by the popular website download.cnet.com.
The attack itself unfolded within the span of two minutes on March 7. Hackers made a flurry of automated transactions that involved the digital currencies Viacoin (VIA) and Bitcoin (BTC).
To smuggle the backdoor onto a targeted machine, the group uses a two-stage attack whereby a dropper package first gains a foothold on the system and sets the stage for the backdoor itself. This process involves some trickery commonly associated with targeted operations of this kind.
Since being founded in 2003, the Italian spyware vendor Hacking Team gained notoriety for selling surveillance tools to governments and their agencies across the world. The capabilities of its flagship product, the Remote Control System (RCS), include extracting files from a targeted device, intercepting emails and instant messaging, as well as remotely activating a device’s webcam and microphone.
The problem was particularly acute among provider organizations, as opposed to payer organizations (21% vs. 12%). Also, and perhaps counterintuitively, staff with more frequent cybersecurity training were more inclined to such practices.
DDoS mitigation service Arbor Networks has announced that an undisclosed US company has suffered an attack fueled by internet-facing Memcached servers that clocked in at 1.7 terabits per second (Tbps), beating the previous record of 1.35 Tbps.
While Denial of Service attacks amplified by the use of networks of bot-compromised PCs were becoming a notable problem by the turn of the century, DDoS extortion threats have accelerated in parallel (if less dramatically) with the rise in ransomware in the past few years.
Tools for mining cryptocurrencies also fall into this category, as in many cases the websites cannot warn users since they have been compromised themselves, hence even the administrators may not be aware that they are contributing to mining for the benefit of an attacker.
More than three dozen cybercrime and digital forensics experts from 23 countries have investigated a simulated attack on a bank that had been carried out through an IoT device.
At its peak, inbound traffic reached a staggering 1.35 terabits per second (Tbps), outflanking the previously record-setting assault of 1 Tbps at French web hosting provider OVH in September 2016.
The experts urge policy-makers to work closely with technical researchers, computer scientists and the cybersecurity community to investigate, understand and prepare for possible malicious uses of AI.
The big challenge with IoT devices is that they are all different: Each manufacturer has its own firmware, uses different protocols, and designs its own architecture. So, the first step before carrying out any analysis is to understand the architecture, find out what components are involved, and how they interact and communicate among themselves.