Your Netgear router may expose your password if you don't update its firmware
February 02, 2017
The security of internet infrastructure devices like routers and wireless access points, along with all kinds of devices that connect through them, has been of particular concern lately. Recent distributed denial of service (DDoS) attacks have originated in Internet of Things (IoT) devices, for example, and a slowdown in such issues doesn’t seem imminent.
Easy-to-exploit authentication bypass flaw puts Netgear routers at risk
January 31, 2017
For the past half year Netgear has been working on fixing a serious and easy-to-exploit vulnerability in many of its routers. And it's still not done. The vulnerability was discovered by Simon Kenin, a security researcher at Trustwave, and stems from a faulty password recovery implementation in the firmware of many Netgear routers. It is a variation of an older vulnerability that has been publicly known since 2014, but this new version is actually easier to exploit.
Dozens of Netgear products vulnerable to authentication bypass flaws
January 30, 2017
Simon Kenin, a security researcher at Trustwave, was – by his own admission – being lazy the day he discovered an authentication vulnerability in his Netgear router. Instead of getting up out of bed to address a connection problem, he started fuzzing the web interface and discovered a serious issue. Kenin had hit upon unauth.cgi, code that was previously tied to two different exploits in 2014 for unauthenticated password disclosure flaws.
Businesses hobbled by deficiencies in security resourcing as IoT-driven DDoS volumes surge
January 25, 2017
Distributed denial of service (DDoS) attacks are increasingly being used to distract businesses and insecure Internet of Things (IoT) devices became the favoured mechanism for launching the attacks during 2016, according to a new analysis of the past year’s DDoS attack trends.
Compliance Failures Breaches Top ‘Fireable’ IT Issues: Survey
January 25, 2017
The Trump administration’s proposed clampdown on foreign-worker visas is expected to boost demand for tech professionals at home, as The Wall Street Journal reported this week.
Trustwave: Russian Cybercrime Group Targets Hospitality Industry
January 24, 2017
According to Trustwave, a well-known Russian cybercrime group called Carbanak has been targeting the hospitality and retail industry in Europe and North America. The group is said to be specifically targeting internal corporate secrets and payment card data.
Addressing the IT Security Skills Gap
January 23, 2017
Today's cyber-threats present challenges for even the most tech-savvy IT executives in the most tech-savvy organizations. It's not news that the volume and velocity of threats continue to grow. At the center of the problem? Recruiting and retaining the security talent necessary to mitigate and minimize cyber-risks.
Carbanak gang using Google services for command and control
January 20, 2017
The infamous Carbanak gang may have been using Google cloud services as command and control infrastructure for malware embedded in malicious Office documents.
Trustwave Report Shows Enterprises Can't Hire Enough Security Staff
January 20, 2017
While security challenges often seem limitless, the resources that organizations have on hand to combat them are not. Security firm Trustwave issued a new report on Jan. 18 looking at the state of IT resources and staffing challenges titled, ""Money, Minds and the Masses.""
Beeeellion-dollar' mastercrooks in hotel restaurant blitzkrieg
January 19, 2017
The Carbanak cyber criminal gang is abusing Google’s infrastructure as a conduit for botnet control. The gang became notorious when it was blamed for the theft of one billion dollars from more than 100 banks across 30 countries back in 2015. Fast-forward two years and Carbanak is now infecting users via a script that will send and receive commands to and from Google Apps and Google Forms services.
Canadian enterprise among victims of macro-based malware attacks
January 19, 2017
A major Canadian corporation is among those in the hospitality industry in several countries whose financial activities have been compromised by a Microsoft Word-based macro attack that appears to be orchestrated by criminal groups working together, according to a security vendor. Read more: http://www.itworldcanada.com/article/canadian-enterprise-among-victims-of-macro-based-malware-attack/390012#ixzz4XGPqmvAg or visit http://www.itworldcanada.com for more Canadian IT News
The Changing Face of Carbanak
January 19, 2017
Months of ramped up Carbanak activity that includes a new host of targets and new command and control strategy has reinvigorated attention on a criminal outfit that may have at one time stolen up to $1 billion from banks worldwide.
How to get fired in 2017: Have a security breach
January 18, 2017
There are many reasons why IT professionals can be fired, but six out of the top nine are related to security, said a survey released this morning. For example, having a tech investment that leads to a security breach was considered a fireable offense by 39 percent of organizations, according to Osterman Research, which conducted the survey.
Carbanak gang using Google for malware command and control
January 18, 2017
The Carbanak cybergang has been spotted using Google for its malware command-and-control channel. Forcepoint Security Labs researchers said the group is hiding in plain site by is using Google as an independent command and control channel since Google is likely to be more successful than using newly created domains or domains with no reputation.
Transaction laundering attracts more scrutiny as fraudsters dodge PCI
January 09, 2017
Fraudsters, aware of the scope of the Payment Card Industry data security standards, increasingly deploy fraud methods that fall outside of PCI safety.
Money Launderers Meet Their Match
January 09, 2017
As Deep Throat said to Woodward and Bernstein, “follow the money,” and you will see who is doing what, when, how and maybe even why. In the old days, that was walking on foot to the laundromats that were literally and figuratively serving as fronts to launder money obtained from illicit activities. In a digital world, it’s not that easy. “Laundromats” can take any digital form, and following the money is a web of digital phony storefronts — and more — that engage in transaction laundering activities.