Security experts from Fortinet have discovered that the Hide ‘N Seek botnet is now targeting vulnerabilities in home automation systems.
The Hide ‘N Seekbotnetwas first spotted on January 10th when it was targeting home routers and IP cameras.
It was first spotted on January 10th by malware researchers from Bitdefender then it disappeared for a few days, and appeared again a few week later infecting in less than a weeks more than 20,000 devices.
Researchers at Bitdefender found similarities between the Hide ‘N Seek botnet and the Hajime botnets, unlike Mirai, Hajime doesn’t use C&C servers, instead, it implements a peer-to-peer network.
Bitdefender experts discovered that Hide ‘N Seek botnet exploited the CVE-2016-10401 flaw, and other vulnerabilities to propagate malicious code and steal user data.
In May the botnet infected over 90,000 unique devices, recently researchers from Qihoo 360’s NetLab discovered the bot was also targeting AVTECH webcams, Cisco Linksys routers, OrientDB and CouchDB database servers.
A cyber hacker, by the pseudonym Anarchy, claims to have made a botnet within 24 hours by utilizing an old vulnerability that has reportedly compromised 18, 000 routers of Chinese telecom goliath Huawei.
As indicated by a report in Bleeping Computer, this new botnet was first recognized in this current week by security researchers from a cyber-security organization called Newsky Security.
Following the news, other security firms including Rapid7 and Qihoo 360 Netlab affirmed the presence of the new danger as they saw an immense recent uptick in Huawei device scanning.
The botnet creator contacted NewSky security analyst and researcher Ankit Anubhav who believes that Anarchy may really be a notable danger who was already distinguished as Wicked.
The activity surge was because of outputs looking for devices that are vulnerable against CVE-2017-17215, a critical security imperfection which can be misused through port 37215. These outputs to discover the vulnerable routers against the issue had begun on 18 July.
A cross-sector alliance incorporating leading UK organisations has been created in response to government plans to develop a national professional body for cybersecurity.
Collaborative Alliance aims to shape national cybersecurity standards, drive advances in education and advise the government on policy.
The founding members include BCS, The Chartered Institute for IT, Chartered Institute of Personnel & Development, the Chartered Society of Forensic Sciences, CREST, The Engineering Council, IAAC, The Institution of Analysts and Programmers , The IET, Institute of Information Security Professionals (IISP), Institute of Measurement and Control, ISACA, (ISC)2, techUK, The Security Institute, CIT, and The Worshipful Company of Information Technologists.
The latest (ISC) Global Information Security Workforce Survey predicts a global shortfall of 1.8 million cybersecurity personnel by 2022 and a shortage of 350,000 across Europe. One of the alliance’s key aims is to create a self-sustaining pipeline of talent to fill the skills gap in the UK.
A UK government-run oversight board has expressed misgivings about the security of telecoms kit from Chinese firm Huawei.
An annual report (PDF) from the Huawei Cyber Security Evaluation Centre (HCSEC) concluded that “shortcomings in Huawei’s engineering processes have exposed new risks in the UK telecommunication networks and long-term challenges in mitigation and management”.
Huawei kit is widely used on BT’s network backbone so reduced confidence in equipment from the manufacturer has profound implications unless steps are taken to restore full confidence.
HCSEC warned: “Huawei’s processes continue to fall short of industry good practice and make it difficult to provide long term assurance.”
Vulnerabilities in a range of robot vacuum cleaners allow miscreants to access the gadgets’ camera, and remote-control the gizmos.
Security researchers at Positive Technologies (PT) this week disclosed that Dongguan Diqee 360 smart vacuum cleaners contain security flaws that hackers can exploit to snoop on people through the night-vision camera and mic, and take control of the Roomba rip-off.
The first vulnerability (CVE-2018-10987) involves remote code execution. A hacker can discover the vacuum on the same wireless network by obtaining its MAC address, and then send a UDP request, which, if crafted in a specific way, results in execution of a command with superuser rights on the vacuum. A miscreant must first log onto the device, but this process is trivial because many still have the default username and password combination (admin and 888888).
Attackers need physical access to exploit the second vulnerability (CVE-2018-10988). A microSD card could be used to exploit weaknesses in the vacuum’s update mechanism
Russian hackers have won remote access to the control rooms of many US power suppliers, the Wall Street Journal reports.
The access could have let them shut down networks and cause blackouts, US officials told the newspaper.
The state-backed hackers won access even though command centre computers were not directly linked to the web.
The attacks succeeded by targeting smaller firms which supply utilities with other services.
The first of a 3 part blog by
, looking at improving security in medical devices:
Part 1 is a focus on industry standards. Parts two and three will cover the attack surface analysis and wider security mechanisms that can be used to improve security in a medical device
Safety developers are getting used to working to safety standards, but for security, finding a relevant standard can be much more challenging, and is only the start of a long and comprehensive route to creating a secure device. Note that more information is available on this topic in a whitepaper titled Increasing Security in Medical Devices.
Infosec wizards show how spies can snoop on website traffic, redirect browsers over 4G
Boffins have demonstrated how intelligence agencies and well-resourced hackers can potentially spy on people – by studying and meddling with mobile data flying over the airwaves.
The computer scientists have described in detail novel surveillance techniques that allowed them to identify people within a phone tower’s radio cell, determine which websites they visited from their handsets, and redirect them to malicious webpages by tampering with DNS lookups.
However, the team cautioned that their work so far is experimental, and difficult to perform in real-world scenarios.
The three attacks – explained on a dedicated website– all target the data link layer of LTE, aka Long-Term Evolution, aka 4G, networks.
The identification and website snooping techniques are passive, in that a spy just listens to what’s going out over the airwaves from phones, whereas the webpage redirection attack is an active operation – an agent needs to set up a malicious cell tower to tamper with transmissions. As such, the academics dubbed their DNS spoofing attack “aLTEr.” The website spying works by identifying, to a particular level of certainty, sites by their patterns of traffic over the air.
#IoT #cybersecurity must be a vital and integral part of every organization’s strategic plan.
According to a 2018 report from security company Symantec, the number of Internet of Things (IoT) attacks increased from about 6,000 in 2016 to more than 50,000 in 2017, which translates into a 600% rise in just one year. IoT devices are increasingly the attack vector of choice for cybercriminals around the world. IoT is particularly popular for ransomware attacks and illegal cryptocurrency miners.
According to Verizon’s Mobile Security Index 2018, only 14% of the responding organizations said they had implemented even the most basic cybersecurity practices, with an astonishing 32% of these IT professionals admitting that their organization sacrifices mobile security to improve business performance on a regular basis. That general lax attitude toward cybersecurity goes along way toward explaining why IoT attacks have spiked 600% in one year.
Arrow Electronics has expanded its programming facilities in the Netherlands to offer a secure provisioning service that will enable the rapid deployment of IoT edge nodes and gateways using the NXP A71CH secure element trust anchor.
For more information see:
The ability to authenticate IoT devices and establish trusted connections to the cloud is becoming increasingly important, particularly with the GDPR legislation and the responsibility it places on organisations to protect data and