7 free cyber threat maps showing attack intensity and frequency

Cyber threat maps are one of the most visually engaging tools in the arsenal of cybersecurity professionals. These real-time visualizations provide a global perspective on digital threats, showcasing the intensity and frequency of attacks as they happe… Continue reading 7 free cyber threat maps showing attack intensity and frequency

OneSpan appoints Matthew Moynahan as President and CEO

OneSpan announced that the Company’s Board of Directors has appointed Matthew Moynahan as President and Chief Executive Officer effective November 29, 2021. Mr. Moynahan most recently served as CEO at Forcepoint, a subsidiary of Raytheon Technolo… Continue reading OneSpan appoints Matthew Moynahan as President and CEO

Suspected North Korean hackers target universities using Chrome extension

While North Korean hackers are known for stealing money to finance Kim Jong Un’s authoritarian regime, Pyongyang may also be engaging in a cyber-espionage campaign targeting universities, new research shows. The hacking operation, which began in May, if not earlier, uses malicious Google Chrome extensions to gain a foothold into a victim’s computer, according to ASERT, the threat intelligence group of Netscout’s Arbor Networks. Once the hackers compromised a target network, they used “off-the-shelf tools,” like remote desktop protocol, to retain access to the network, according to ASERT.  The goal of the operation, dubbed “Stolen Pencil,” appears to be maintaining persistent access; researchers found no evidence of data theft. “A large number of the victims, across multiple universities, had expertise in biomedical engineering, possibly suggesting a motivation for the attackers’ targeting,” states the research, which was published Wednesday. The malicious extensions have been removed from the Google Play Store, ASERT says. Although […]

The post Suspected North Korean hackers target universities using Chrome extension appeared first on Cyberscoop.

Continue reading Suspected North Korean hackers target universities using Chrome extension

Intensifying DDoS attacks: ​Choosing your defensive strategy

One of the biggest misconception regarding DDoS attacks is that they are a once-in-a-lifetime event for organizations, says Josh Shaul, VP of Web Security at Akamai. “Over the last six months, our State of the Internet Report found that companies… Continue reading Intensifying DDoS attacks: ​Choosing your defensive strategy

Russian hackers found the ‘ultimate’ hacking tool buried in the supply chain of laptops

When Vitaly Kamluk, a security researcher with Kaspersky Lab, discovered a mysterious program named “Computrace” deeply burrowed into his colleagues’ computers, he expected to find an elite hacking group at the other end — something the Moscow-based cybersecurity firm is keenly familiar with. Instead, Kamluk had uncovered a flawed but legitimate tracking software program developed by a Canadian company, named Absolute Software, which had been apparently installed at the manufacturer level. Computrace — now known as LoJack For Laptops via a licensing agreement with the famous vehicle-tracking company — has been publicly documented as having security problems, based on multiple reports, which worried Kamluk because he knew someone could leverage the underlying program in an attack to gain remote access. “It was very alarming to find unauthorized instances of Computrace,” Kamluk told CyberScoop. “There was no explanation how those new private computers had Computrace activated … We contacted Absolute technical support and provided hardware serial numbers, as […]

The post Russian hackers found the ‘ultimate’ hacking tool buried in the supply chain of laptops appeared first on Cyberscoop.

Continue reading Russian hackers found the ‘ultimate’ hacking tool buried in the supply chain of laptops

Code for massive ‘Memcrashed’ DDoS attack made public

You, too, can now attempt a record-setting denial-of-service attack, as the tools used to launch the attacks were publicly  posted to GitHub this week. Proof-of-concept code by Twitter user @037 combined with a list of 17,000 IP addresses of vulnerable Memcached servers allows anyone to send forged UDP packets to Memcached servers obtained from the Shodan.io computer search engine. It’s been just over a week since the first massive Memcached-fueled denial of service attack. The authors of the new tool is being released “to bring more attention to the flaw and force others into updating their devices.” The era of terabit DDoS attacks was ushered in this month with giant denial of service attacks last week set records with 1.35-terabit-per-second and 1.7 -terabit-per-second attacks. They used unsecured Memcached servers to launch the attacks, one of which targeted GitHub itself. The latter attack targeted an unnamed U.S. service provider, according to Arbor Networks. A second tool was released on […]

The post Code for massive ‘Memcrashed’ DDoS attack made public appeared first on Cyberscoop.

Continue reading Code for massive ‘Memcrashed’ DDoS attack made public

Arbor Networks reports record-breaking 1.7Tbps DDoS attack

The record for the largest recorded denial of service attack appears to have been broken less than a week after it was set. Arbor Networks reported on Monday in a blog post that a 1.7 -terabit-per-second attack took place targeting the customer of a U.S. based internet service provider. Arbor Networks did not specify the victim beyond that description, but said that the ISP had proper defenses in place and that no outages were reported. “It’s a testament to the defense capabilities that this Service Provider had in place to defend against an attack of this nature that no outages were reported because of this,” the company wrote. The attack used the same technique that was used in the 1.35Tbps attack on GitHub on Feb. 28, Arbor Networks said. In both cases, attackers used memcached servers to amplify the requests they were sending to their targets. Arbor Networks says more large attacks using the memcached tactic […]

The post Arbor Networks reports record-breaking 1.7Tbps DDoS attack appeared first on Cyberscoop.

Continue reading Arbor Networks reports record-breaking 1.7Tbps DDoS attack

In Wake of ‘Biggest-Ever’ DDoS Attack, Experts Say Brace For More

This week’s DDoS attack against GitHub is a harbinger of attacks to come that will use the highly effective memcached amplification technique, say experts. Continue reading In Wake of ‘Biggest-Ever’ DDoS Attack, Experts Say Brace For More

In Wake of ‘Biggest-Ever’ DDoS Attack, Experts Say Brace For More

This week’s DDoS attack against GitHub is a harbinger of attacks to come that will use the highly effective memcached amplification technique, say experts. Continue reading In Wake of ‘Biggest-Ever’ DDoS Attack, Experts Say Brace For More

Surge in memcached-based reflected DDoS attacks is due to misconfigured servers

Massive memcached-based reflection DDoS attacks with an unprecedented amplification factor have been ongoing for the last few days, by taking advantage of memcached servers exposed to the Internet. What is memcached? Memcached is a distributed memory c… Continue reading Surge in memcached-based reflected DDoS attacks is due to misconfigured servers