Articles for May 2018

Botnets and DDoS attacks continue to grow in scale. Tackling them is no easy task, says a US government report.

Improving device security, better coordination between infrastructure companies, and smarter procurement by businesses are all part of tackling the botnet menace, according to a US government report.

The snappily titled Enhancing the Resilience of the Internet and Communications Ecosystem Against Botnets and Other Automated, Distributed Threats report is the result of an executive order signed by President Donald Trump last May aimed at strengthening the cyber security of federal networks and critical infrastructure.

Botnets and the distributed denial of service (DDoS) attacks they deliver are a growing menace.

Source: Internet security: Slaying the botnet beast and the DDoS dragon | ZDNet

North Korean malware can steal data and spread across networks.

US authorities have provided more details of two pieces of malware which, they said, are used by North Korean hackers to infiltrate computer systems and steal passwords and other data.

The Department of Homeland Security and the FBI said that North Korean hackers have been using both Joanap, a remote access tool (RAT), and Brambul, a Server Message Blockworm, since at least 2009 to target companies working in the media, aerospace, financial, and critical infrastructure sectors.

Source: ​Security alert: Watch out for password-stealing malware says FBI | ZDNet

Shortly after Cisco’s released its early report on a large-scale hacking campaign that infected over half a million routers and network storage devices worldwide, the United States government announced the takedown of a key internet domain used for the attack.

Yesterday we reported about a piece of highly sophisticated IoT botnet malware that infected over 500,000 devices in 54 countries and likely been designed by Russia-baked state-sponsored group in a possible effort to cause havoc in Ukraine, according to an early report published by Cisco’s Talos cyber intelligence unit on Wednesday.

Dubbed VPNFilter by the Talos researchers, the malware is a multi-stage, modular platform that targets small and home offices (SOHO) routers and storage devices from Linksys, MikroTik, NETGEAR, and TP-Link, as well as network-access storage (NAS) devices.

Source: FBI seizes control of a massive botnet that infected over 500,000 routers

Researchers have found that even after having an advanced encryption scheme in place, more than 100 million Internet-of-Things (IoT) devices from thousands of vendors are vulnerable to a downgrade attack that could allow attackers to gain unauthorized access to your devices.

The issue resides in the implementation of Z-Wave protocol—a wireless, radio frequency (RF) based communications technology that is primarily being used by home automation devices to communicate with each other.

Z-Wave protocol has been designed to offer an easy process to set up pairing and remotely control appliances—such as lighting control, security systems, thermostats, windows, locks, swimming pools and garage door openers—over a distance of up to 100 meters (330 feet).

Source: Z-Wave Downgrade Attack Left Over 100 Million IoT Devices Open to Hackers

Still not good enough for me…

Windows Defender trails third-party antivirus in tests, but Microsoft says you should still use it over other products.

Source: Microsoft: Here’s why Windows Defender AV isn’t ranked higher in new antivirus tests | ZDNet

Even after being aware of various active cyber attacks against the GPON Wi-Fi routers, if you haven’t yet taken them off the Internet, then be careful—because a new botnet has joined the GPON party, which is exploiting an undisclosed zero-day vulnerability in the wild.

Security researchers from Qihoo 360 Netlab have warned of at least one botnet operator exploiting a new zero-day vulnerability in the Gigabit-capable Passive Optical Network (GPON) routers, manufactured by South Korea-based DASAN Zhone Solutions.

Source: Hackers are exploiting a new zero-day flaw in GPON routers

Surprise, surprise… the FBI can’t count.

Encrypted cell phones were a major obstacle to criminal investigation. The FBI now admits the problem was much smaller than they’d originally reported.

Source: ​FBI inflated encrypted device figures, misleading public | ZDNet

From the carriers to LocationSmart to 3Cinteractive to Securus: there appears to be a chain pockmarked with lack of authentication and data lost to hackers.

Source: Real-time cellphone location data leaked for all major US carriers

It’s people-pleasing, but it’s probably just symbolic.

Source: Senate votes to restore net neutrality… but don’t get your hopes up

RedHat Linux, together with its stablemates Fedora and CentOS, just patched a serious security bug.

This bug doesn’t need a fancy nickname, because it ended up (entirely by chance, of course) with a very memorable bug number: CVE-2018-1111.

Bug OneOneOneOne affects DHCP, short for dynamic host configuration protocol, a network-based system that helps you automate the process of getting computers to play nicely together online.

DHCP solves the problem of how to use the network itself to get a network number (in popular parlance, an IP address) in order to start using the network.

Source: RedHat admins, patch now – don’t let your servers get pwned!