Post Tagged with: "password"

Was Malware Behind A Billion Dollar Heist?

February 15, 2015 17:490 comments
A report by Kaspersky Lab says that a cybercriminal group may have made off with close to $1 billion with malicious software-based attacks on more than 100 banks in 30 countries.

In-brief: The New York Times reports on a massive online heist involving more than 100 banks worldwide and losses of between $300 million and $1 billion, according to the security firm Kaspersky Lab.  Like this:Like Loading…

Read more ›

At Summit, in search of Leadership on Cyber Security

February 13, 2015 10:530 comments
The President will address an audience of Silicon Valley executives Friday at a Summit focused on improving cyber security.

In-brief: President Obama will address technology leaders at a Summit at Stanford University on Friday. But technology industry leaders say that much hinges on Washington’s ability to pass needed legal reforms.  Like this:Like Loading…

Read more ›

Threats in 2014: Bears and Pandas and Malware – Oh My!

February 11, 2015 13:090 comments
Threats in 2014: Bears and Pandas and Malware – Oh My!

  In-brief: a report from the firm CrowdStrike finds sophisticated nation-backed hacking groups were very active in 2014, with attacks on governments, pro-democracy advocates as well as banks and retailers. Like this:Like Loading…

Read more ›

Cat and Mouse: Web Attacks Increasingly Sidestep WAF Protections

December 31, 2014 10:203 comments
Cat and Mouse: Web Attacks Increasingly Sidestep WAF Protections

Recently, the Akamai Threat Research Team unveiled a unique distributed brute force attack campaign targeting nearly five hundred WordPress applications. What’s interesting about this campaign? It clearly demonstrates how Web attackers are becoming more sophisticated, attempting to evade security controls – specifically Web Application Firewalls (WAFs) and rate control protections. A Short Primer to Brute-Force Attacks Brute force Web attackers attempt to gain privileged access to a Web application by sending a very large set of login attempts, within a short period of time. Using volumetric single source of attack is easily mitigated by blacklisting. Today’s brute force attacks are typically characterized by volumetric attacks coming from distributed IPs. In this way, if the attacker’s source IP is detected, they can still continue with the attack campaign by switching a source IP. As part of this cat-and-mouse evolution, WAFs are enhanced with several rate control measures that detect and block […]

Read more ›

Wireless Infusion Pump is Test Case for Securing Medical Devices

December 29, 2014 11:210 comments
A NIST document provides a test case for securing connected medical devices, starting with wireless infusion pumps.

A National Institute of Standards and Technology (NIST) reference document is providing some of the clearest guidance from the U.S. government for securing connected medical devices, but may be setting too low a bar for securing wireless communications, according to a security expert. NIST, working with the University of Minnesota’s Technological Leadership Institute, released a draft Use Case document  (PDF) on December 18 to help health care providers “secure their medical devices on an enterprise networks.” However, in the area of communications security, the document suggests the use of WEP (Wired Equivalent Privacy), a legacy wireless security technology that can easily be cracked. NIST released the draft security use case document and is seeking feedback from the public. The drug infusion pump case study is described as the “first of a series” of similar use cases that will focus on medical device security, NIST wrote. The draft document presents a technical description of the security challenges […]

Read more ›
%d bloggers like this: