Software

Report details mass digital surveillance, attacks on ASEAN linked to Vietnamese APT group

The security firm Volexity reported on Monday that it uncovered a massive campaign of digital surveillance and web-based attacks directed at ASEAN and other civil society groups in Vietnam, Cambodia and other countries, including ASEAN, the Association of Southeast Asian Nations. Volexity researchers discovered malicious code lurking on main website for ASEAN and more than 80 other websites, many belonging to small media, human rights and civil society organizations, as well as individuals who had been critical of the Vietnamese government. The malicious code allowed the hacking group, dubbed OceanLotus, to track, profile and target visitors to the websites, Volexity said. The scope of the campaign was one of the largest the researchers have ever come across, rivaling the so-called “Waterbug” campaign of phishing and watering hole attacks that was described by the security firm Symantec in 2016. Links to Vietnam OceanLotus is believed to be an Advanced Persistent Threat (or […]

Continue Reading

Survey finds Device Makers Security Priorities Often Misplaced

Low-hanging Internet of Things security fruit may be left unpicked, as connected device makers fret about the predation of sophisticated hackers, but balk at simple security fixes, a Security Ledger and LogMeIn survey finds. You can download the full report here in PDF format.

Continue Reading

Plumbing the KRACK Vulnerability and Fast Flux Botnets: the AirBnB of the Cybercrime World

In this 67th episode of The Security Ledger Podcast, we talk with Bob Rudis of the firm Rapid7 about KRACK, a security hole that affects most wi-fi hotspots. Also: Or Katz of Akamai talks about that company’s work analyzing fast-flux botnets, which have become like AirBnB for cyber criminals looking for a place to host malicious networks. Finally: Tim Jarrett of Veracode tells us how a single security hole in an open source library found its way into millions of applications. 

Continue Reading

ROCA Crypto Flaw could have big Impact on Internet of Things

With no simple way to patch affected systems, the security vulnerability in Trusted Platform Module (TPM) chipsets made by the firm Infineon may be with us for years to come, security experts warn.

Continue Reading

Update: Flaw in widely used Wi-Fi Standard could allow snooping

Hundreds of millions of wireless devices may be affected by a flaw in WPA-2, a widely used standard for securing wireless Internet connections.  (Updated to add commentary by Bob Rudis of Rapid 7.)

Continue Reading
1 19 20 21 22 23 123