by CIRT Team
A Gigantic IoT Botnet Has Grown in the Shadows in the Past Month [source: bleepingcomputer]
Since mid-September, a new IoT botnet has grown to massive proportions. Codenamed IoT_reaper (Reaper for this article), researchers estimate its current size at nearly two million infected devices. According to researchers, the botnet is mainly made up of IP-based security cameras, network video recorders (NVRs), and digital video recorders (DVRs). Based on Mirai, but not a Mirai offspring Researchers from Chinese security firm Qihoo 360...
Read More
by CIRT Team
A Look at Locky Ransomware’s Recent Spam Activities [source: trendmicro]
Ransomware has been one of the most prevalent, prolific, and pervasive threats in the 2017 threat landscape, with financial losses among enterprises and end users now likely to have reached billions of dollars. Locky ransomware, in particular, has come a long way since first emerging in early 2016. Despite the number of times it apparently spent in hiatus, Locky remains a relevant and credible threat given its impact on end users and especially...
Read More
by CIRT Team
88 Percent of Java Apps Susceptible to Widespread Attacks [source: itsecurityguru]
Veracode, Inc., a leader in securing the world’s software, and acquired by CA Technologies (NASDAQ:CA), today announced findings from the 2017 State of Software Security Report, a comprehensive review of application security testing data from scans conducted by CA Veracode’s base of more than 1,400 customers. Among other industry trends such as vulnerability fix rates and percent of applications with vulnerabilities, the report exposes the pervasive risk...
Read More
by CIRT Team
ARP Spoofing Used to Insert Malicious Adverts [source: alienvault]
Recently we came across a new variant of the malware ServStart. ServStart is primarily used by attackers located in China, in a mix of targeted and opportunistic attacks. The attackers are hosting the ServStart malware on a file server that is open for anyone to view. A report from 2014 for an attack involving CVE-2014-6332 describes how an attacker might use zxarps well: “This malware performs ARP spoofing...
Read More
by CIRT Team
Google to enforce HTTPS on TLDs it controls [source : helpnetsecurity]
In its sustained quest to bring encryption to all existing Web sites, Google has announced that it will start enforcing HTTPS for the 45 Top-Level Domains it operates. How will it do that? You may or may not know that, since 2015, Google has been offering domain name registration services, and it operates domains such as .google, .how, and .dev (among others). And now, Google will start adding...
Read More
by CIRT Team
Report Reveals the Most Popular and Top Blacklisted Mobile Apps on Enterprise [bleepingcomputer]
WhatsApp has the honor of being the most popular app on iOS enterprise devices, but also the most blacklisted app on enterprise networks. This is one of the findings of the Appthority Enterprise Mobile Security Pulse Report for Q3 2017; a report put together by scanning millions of devices running the company’s mobile security solutions. The gathered data allowed Appthority insight into the most popular apps...
Read More
by CIRT Team
6,000 Indian Enterprises’ Data Offered for Sale on DarkNet [source : tripwire]
An unidentified hacker is attempting to sell information pertaining to more than 6,000 Indian enterprises on a DarkNet forum. Researchers at Seqrite, the enterprise security brand of IT security firm Quick Heal, found an advertisement for the data on DarkNet. As of this writing, whoever is behind the posting is currently offering the information, which includes corporate usernames, passwords, and billing documents, for sale at 15 Bitcoins...
Read More
by CIRT Team
Amazon’s Whole Foods Investigating Payment Card Breach [source: securityweek]
Whole Foods Market, the supermarket chain acquired recently by Amazon for $13.7 billion, informed customers this week that it has launched an investigation after learning that some of its point-of-sale (PoS) systems may have been hacked. The company has provided only few details as the investigation is ongoing. However, it said the incident appears to impact taprooms and full table-service restaurants located within some of...
Read More
by CIRT Team
Some MacOS Users Aren’t Getting the Firmware Security Patches [source : motherboard.vice]
Do you know if your Mac’s low-level firmware is up to date with the latest patches? You might not be able to, researchers say. Apple’s security updates for macOS sometime include patches for serious vulnerabilities in the firmware that runs beneath the operating system. So you might think you’re safe if you keep your OS version up to date, but that’s not always the case....
Read More
by CIRT Team
PayPal Phishing – Homographic Email Body [source: pwncode]
There’s an ongoing PayPal Phishing Campaign in the wild which sends HTML attachments that spoof PayPal Forms and request users for sensitive information. This campaign was particularly interesting because the email body was encoded with Unicode characters which look similar to corresponding ASCII Characters. Homographic attacks are usually performed to craft URLs which look like legitimate URLs by substituting some of the ASCII characters with...
Read More
