Articles for May 2018

Internet security: Slaying the botnet beast and the DDoS dragon | ZDNet

Botnets and DDoS attacks continue to grow in scale. Tackling them is no easy task, says a US government report.

Improving device security, better coordination between infrastructure companies, and smarter procurement by businesses are all part of tackling the botnet menace, according to a US government report.

The snappily titled Enhancing the Resilience of the Internet and Communications Ecosystem Against Botnets and Other Automated, Distributed Threats report is the result of an executive order signed by President Donald Trump last May aimed at strengthening the cyber security of federal networks and critical infrastructure.

Botnets and the distributed denial of service (DDoS) attacks they deliver are a growing menace.

Source: Internet security: Slaying the botnet beast and the DDoS dragon | ZDNet

​Security alert: Watch out for password-stealing malware says FBI | ZDNet

North Korean malware can steal data and spread across networks.

US authorities have provided more details of two pieces of malware which, they said, are used by North Korean hackers to infiltrate computer systems and steal passwords and other data.

The Department of Homeland Security and the FBI said that North Korean hackers have been using both Joanap, a remote access tool (RAT), and Brambul, a Server Message Blockworm, since at least 2009 to target companies working in the media, aerospace, financial, and critical infrastructure sectors.

Source: ​Security alert: Watch out for password-stealing malware says FBI | ZDNet

FBI seizes control of a massive botnet that infected over 500,000 routers

vpnfilter-botnet-malware

Yesterday we reported about a piece of highly sophisticated IoT botnet malware that infected over 500,000 devices in 54 countries and likely been designed by Russia-baked state-sponsored group in a possible effort to cause havoc in Ukraine, according to an early report published by Cisco’s Talos cyber intelligence unit on Wednesday.

Dubbed VPNFilter by the Talos researchers, the malware is a multi-stage, modular platform that targets small and home offices (SOHO) routers and storage devices from Linksys, MikroTik, NETGEAR, and TP-Link, as well as network-access storage (NAS) devices.

Source: FBI seizes control of a massive botnet that infected over 500,000 routers

Z-Wave Downgrade Attack Left Over 100 Million IoT Devices Open to Hackers

The issue resides in the implementation of Z-Wave protocol—a wireless, radio frequency (RF) based communications technology that is primarily being used by home automation devices to communicate with each other.

Z-Wave protocol has been designed to offer an easy process to set up pairing and remotely control appliances—such as lighting control, security systems, thermostats, windows, locks, swimming pools and garage door openers—over a distance of up to 100 meters (330 feet).

Source: Z-Wave Downgrade Attack Left Over 100 Million IoT Devices Open to Hackers

 

Hackers are exploiting a new zero-day flaw in GPON routers


Security researchers from Qihoo 360 Netlab have warned of at least one botnet operator exploiting a new zero-day vulnerability in the Gigabit-capable Passive Optical Network (GPON) routers, manufactured by South Korea-based DASAN Zhone Solutions.

Source: Hackers are exploiting a new zero-day flaw in GPON routers

RedHat admins, patch now – don’t let your servers get pwned!

RedHat Linux, together with its stablemates Fedora and CentOS, just patched a serious security bug.

This bug doesn’t need a fancy nickname, because it ended up (entirely by chance, of course) with a very memorable bug number: CVE-2018-1111.

Bug OneOneOneOne affects DHCP, short for dynamic host configuration protocol, a network-based system that helps you automate the process of getting computers to play nicely together online.

DHCP solves the problem of how to use the network itself to get a network number (in popular parlance, an IP address) in order to start using the network.

Source: RedHat admins, patch now – don’t let your servers get pwned!