In a project that found more than 80 million unique IP addresses responding to Universal Plug and Play (UPnP) discovery requests, researchers at Rapid7 were shocked to find that somewhere between 40 and 50 million of those are vulnerable to at least one of three known attacks.
Browsing Category: SMB Security
A family of remote access Trojans (RATs) known as FAKEM has been evading detection for more than three years by camouflaging themselves as legitimate network traffic.
By David Mortman
After a long 2.5 years Gene Kim, Kevin Behr, George Spafford, the authors of the awesome Visible Ops series, have just launched their latest book, The Phoenix Project. I was fortunate enough to get to read some early drafts, so I am extra excited that it is finally shipping. When Gene first mentioned the book to me, I was rather surprised that it was a novel. I was a bit skeptical of the choice of genre but dove in anyway, and I am so glad I did.
In an analysis of Virut botnet samples, Symantec researchers observed the malware downloading Waledac variants, suggesting that the gangs responsible for each botnet may be cooperating with one another through some sort of affiliate program, or, at the very least, that the two threats coexist and function on single infected machines.
Working with forensics experts from the FBI, Ernst & Young’s Fraud Investigation and Dispute Services Practice developed a piece of linguistic, fraud-monitoring software that identified language commonly used among employees engaged in corporate malfeasance. The accounting giant plans to offer their newly developed fraud-detection capacity as a service to their clients.
California and U.S. authorities are investigating whether Kaiser Permanente violated some 300,000 patients’ privacy when dealing with a Mom and Pop document storage company that kept medical records in a shared warehouse and stored sensitive data on home computers.
In an alert issued by the Office of the Comptroller of the Currency (OCC), Deputy Comptroller for Operational Risk Carolyn G. DuChene warned financial and other critical institutions about the wave of ongoing distributed denial of service (DDoS) attacks targeting their networks. DuChene is urging the banks in particular to share data about the attacks with one another and reiterated the OCC’s expectation that banks have risk management plans designed to mitigate such attacks in place ahead of time.
Phishers are using a typosquatted domain name designed to mimic the URL of a popular e-commerce destination in order to lure their victims to a malicious Website that prompts its visitors to download a malicious add-on that will guide users to phishing sites, even when they type legitimate URLs into their browser’s address bar.
UPDATE – America’s largest book retailer, Barnes & Noble, announced this morning it has detected evidence of tampering in 63 PIN-pad devices used in as many stores by criminals trying to steal payment card information. Barnes & Noble claims to have disconnected all the affected devices from service on Sept. 14. The retailer did not disclose how many customers may have been affected by the tampered devices.
An online service that sells fairly cheap access to compromised corporate machines creates a pay-to-play scenario for criminals seeking access to the networks of high-profile organizations, according to a Krebs on Security report.