Since mid-September, a new IoT botnet has grown to massive proportions. Codenamed IoT_reaper (Reaper for this article), researchers estimate its current size at nearly two million infected devices. According to researchers, the botnet is mainly made up of IP-based security cameras, network video recorders (NVRs), and digital video recorders (DVRs). Based on Mirai, but not a Mirai offspring Researchers from Chinese security firm Qihoo 360...
Read More
Ransomware has been one of the most prevalent, prolific, and pervasive threats in the 2017 threat landscape, with financial losses among enterprises and end users now likely to have reached billions of dollars. Locky ransomware, in particular, has come a long way since first emerging in early 2016. Despite the number of times it apparently spent in hiatus, Locky remains a relevant and credible threat given its impact on end users and especially...
Read More
Veracode, Inc., a leader in securing the world’s software, and acquired by CA Technologies (NASDAQ:CA), today announced findings from the 2017 State of Software Security Report, a comprehensive review of application security testing data from scans conducted by CA Veracode’s base of more than 1,400 customers. Among other industry trends such as vulnerability fix rates and percent of applications with vulnerabilities, the report exposes the pervasive risk...
Read More
Recently we came across a new variant of the malware ServStart. ServStart is primarily used by attackers located in China, in a mix of targeted and opportunistic attacks. The attackers are hosting the ServStart malware on a file server that is open for anyone to view. A report from 2014 for an attack involving CVE-2014-6332 describes how an attacker might use zxarps well: “This malware performs ARP spoofing...
Read More
In its sustained quest to bring encryption to all existing Web sites, Google has announced that it will start enforcing HTTPS for the 45 Top-Level Domains it operates. How will it do that? You may or may not know that, since 2015, Google has been offering domain name registration services, and it operates domains such as .google, .how, and .dev (among others). And now, Google will start adding...
Read More
