Search Results for "DDoS"

Code Spaces Probably A ‘Target of Opportunity’

The spectacular collapse this week of Code Spaces, a cloud-based code repository, may have been the result of a an unspectacular “opportunistic” hack, rather than a targeted operation, according to one cloud security expert. The sudden demise of the online application repository has sent shock waves through the tech industry, laying bare what some say are lax practices among many cloud-based application and infrastructure providers. But the attack itself was almost certainly the result of a larger, indiscriminate cyber criminal campaign, said Jeff Schilling, the Chief Security Officer of Firehost, a Texas-based secure cloud provider. “This is something we pretty frequently: companies get held ransom with a DDoS attack, and if that doesn’t work, (the attackers) will resort to doing other things,” Schilling told The Security Ledger. But Code Spaces almost certainly wasn’t the only company the extortionists worked on, Schilling said. Instead, the company was likely caught up in a wide net […]

Continue Reading

Gameover Not The End: Zeus Malware Still Threatens Fortune 500

Prolexic, a division of Akamai, issued an advisory to Fortune 500 firms on Monday about what it calls “a high-risk threat of continued breaches from the Zeus framework.” The company’s Security Engineering & Response Team (PLXsert) said on Monday that it has observed new payloads from the Zeus crimeware kit in the wild, and that networks of Fortune 500 companies are a prime target. Cyber crime groups are using Zeus to steal login credentials and gain access to web-based enterprise applications, as well as online banking accounts, Akamai warned. “The Zeus framework is a powerhouse crimeware kit that enterprises need to know about to better defend against it,” said Stuart Scholly, senior vice president and general manager, Security Business Unit, Akamai, in a statement. “It’s hard to detect, easy to use, and flexible – and it’s being used to breach enterprises across multiple industries.” A variant of Zeus, Gameover, was the subject […]

Continue Reading

Akamai: New DoS Tool Leads To Resurgence of SNMP Attacks

The security firm Akamai issued an advisory to customers on Thursday warning that a new software tool for managing distributed denial of service (DDoS) attacks was leading to a resurgence in large-scale attacks that use Simple Network Management Protocol (SNMP) traffic to overwhelm web sites.   The Threat Advisory (reg wall) was issued by Akamai’s Prolexic Security Engineering and Response Team (or PLXsert). According to the advisory, Akamai began noticing a resurgence in DDoS attacks using SNMP on April 11. The company said that firms in industry verticals including consumer goods, gaming, online hosting and Software-as-a-Service and non-profits had all been targeted.   [Read more Security Ledger coverage of DDoS attacks here.] The company has identified new- and updated tools in the cyber underground, including one dubbed SNMP Reflector – that are enabling the attacks. Simple Network Management Protocol (SNMP) is a protocol that is used for managing devices on a network including […]

Continue Reading

History Suggests Heartbleed Will Continue To Beat

The SANS Internet Storm Center dialed down the panic on Monday, resetting the Infocon to “Green” and citing the increased awareness of the critical OpenSSL vulnerability known as Heartbleed as the reason.   Still, the drumbeat of news about a serious vulnerability in the OpenSSL encryption software continued this week. Among the large-font headlines: tens of  millions of Android mobile devices running version 4.1 of that mobile operating system (or “Jelly Bean”) use a vulnerable version of the OpenSSL software. Also: more infrastructure and web application players announced patches to address the Heartbleed vulnerability. They include virtualization software vendor VMWare, as well as cloud-based file sharing service Box. If history is any guide: at some point in the next week or two, the drumbeat will soften and, eventually, go silent or nearly so. But that hardly means the Heartbleed problem has gone away. In fact, if Heartbleed follows the same […]

Continue Reading

Vint Cerf: CS Changes Needed To Address IoT Security, Privacy

The Internet of Things has tremendous potential but also poses a tremendous risk if the underlying security of Internet of Things devices is not taken into account, according to Vint Cerf, Google’s Internet Evangelist. Cerf, speaking in a public Google Hangout on Wednesday, said that he’s tremendously excited about the possibilities of an Internet of billions of connected objects, but said that securing the data stored on those devices and exchanged between them represents a challenge to the field of computer science – and one that the nation’s universities need to start addressing. “I’m very excited,” Cerf said, in response to a question from host Leo Laporte. He cited the Philips HUE lightbulb as an example of a cool IoT application. “So you’re going to be able to manage quite a wide range of appliances at home , at work and in your car. Eventually, that will include things you’re […]

Continue Reading
1 14 15 16 17 18