A new report released today shows that distributed denial of service (DDoS) attacks have increased dramatically in the first two quarters of 2018 compared to 2017. The increase in attacks is being attributed to large scale botnets being created by attackers using insecure IoT devices.
Mirai and Gafgyt, two of the best known IoT botnets, have forked once again, but the new variants peek at the corporate sector for creating or replenishing their denial-of-service resources for distributed attacks.
Big changes on the IoT malware scene. Security researchers have spotted a version of the Mirai IoT malware that can run on a vast range of architectures, and even on Android devices.
Smart water irrigation systems deployed across a city, region, or even a country, can be hijacked by nefarious threat actors who could cause a mass water crisis by forcing these systems to consume more water than usual.
Two recently discovered vulnerabilities in the fax protocol can transform fax machines into entry points for hackers into corporate networks, two Check Point researchers revealed last week in a talk given at the DEF CON 26 security conference held in Las Vegas.
Attackers are targeting DLink DSL modem routers in Brazil and exploiting them to change the DNS settings to a DNS server under the attacker's control. This then allows them to redirect users attempting to connect to their online banks to fake banking websites that steal the user's account information.
A malware author by the name of EliteLands is currently building a botnet named "Death" by targeting unpatched AVTech devices.
Armis, the cyber-security firm that discovered the BlueBorne vulnerabilities in the Bluetooth protocol, warns that nearly half a billion of today's "smart" devices are vulnerable to a decade-old attack known as DNS rebinding.
Security researchers from Positive Technologies have released public details on two vulnerabilities affecting Dongguan Diqee 360 smart vacuum cleaners. The two vulnerabilities allow an attacker to run malicious code on a device with superuser privileges and effectively take over the vacuum.
Login passwords for tens of thousands of Dahua devices have been cached inside search results returned by ZoomEye, a search engine for discovering Internet-connected devices (also called an IoT search engine).
An infosec researcher who uses the online pseudonym of Capt. Meelo has modified an NSA hacking tool known as DoublePulsar to work on the Windows IoT operating system (formerly known as Windows Embedded).
Many brands of webcams, security cameras, pet and baby monitors, use a woefully insecure cloud-based remote control system that can allow hackers to take over devices by performing Internet scans, modifying the device ID parameter, and using a default password to gain control over the user's equipment and its video stream.
Axis Communications AB, a Swedish manufacturer of network cameras for physical security and video surveillance, has patched seven security flaws across nearly 400 security camera models.
The mystery of the recent surge in port 8000 scan activity has been solved today by security researches from Qihoo 360 Netlab, who tracked this week's mystery traffic to an old foe —the Satori IoT botnet.
Chinese firm Foscam has published firmware updates to address three vulnerabilities in multiple models of IP-based cameras. The flaws, when exploited, allow an attacker to take control of vulnerable cameras, and especially those left connected online via a public IP address.
The VPNFilter malware that infected over 500,000 routers and NAS devices across 54 countries during the past few months is much worse than previously thought.
Cyber-criminals have managed to assemble a gigantic botnet of over 40,000 infected web servers, modems, and other IoT devices, which they used for cryptocurrency mining, and for redirecting users to malicious sites.
The Z-Wave wireless communications protocol used for some IoT/smart devices is vulnerable to a downgrade attack that can allow a malicious party to intercept and tamper with traffic between smart devices.