Network Security News Weekly | April 16th, 2018 | Ingalls Information Security
Scroll To Top

Network Security News Weekly - April 16, 2018
April 16, 2018

Current cybersecurity news to keep you informed.
IT Services | Government | Financial | Healthcare | Non-Profit

Articles of interest from the past week:

Experts uncovered a proxy botnet composed of over 65,000 routers exposed via UPnP protocol
Security researchers at Akamai have discovered a proxy botnet composed of more than 65,000 routers exposed to the Internet via the Universal Plug and Play (UPnP) protocol. The report highlighted that over 23 million IPs related to Portable UPnP SDK were vulnerable to remote code execution just through a single UDP packet, over 6,900 product versions from over 1,500 vendors were vulnerable through UPnP due to the exposure of UPnP SOAP service to the internet. (By: , Security Affairs)

Bank web apps are the "most vulnerable" to getting hacked, new research says
A report found XML external entity flaws and arbitrary file reading and modification flaws in about half of all the banking and financial sites they tested. In a worst-case scenario, an attacker can remotely run code to compromise a vulnerable server -- possibly leading to serious consequences for customers who expect their banks to keep their money safe. The report also noted that 80 percent of tested sites are vulnerable to cross-site scripting (XSS) attacks, which lets an attacker run malicious code on a website or web application. (By: , Zero Day)

Organized Cybercrime Now Accounts for 50 Percent of Breaches; Ransomware Attacks Double
Email remains the prominent malware delivery vector. DDoS, phishing, ransomware and command-and-control related attacks have emerged as prominent threats, with insiders and human error continuing to contribute to a vast majority of breaches. Companies are three times more likely to be breached by social attacks than by technical vulnerabilities, while12 percent of all attacks came from nation-sates and affiliated threat actors. (By: , Bank Info Security)

Experts spotted a campaign spreading a new Agent Tesla Spyware variant
Agent Tesla is a spyware that is used to spy on the victims by collecting keystrokes, system clipboard, screenshots, and credentials from the infected system. To do this, the spyware creates different threads and timer functions in the main function. A new variant of the infamous Agent Tesla spyware was spotted by experts at Fortinet, the malware has been spreading via weaponized Microsoft Word documents. (By: , Security Affairs)

Jenkins Miner: One of the Biggest Mining Operations Ever Discovered
By sending 2 subsequent requests to the CLI interface the crypto-miner operator exploits the known CVE-2017-1000353 vulnerability in the Jenkins Java deserialization implementation. The vulnerability is due to lack of validation of the serialized object, which allows any serialized object to be accepted. Similar to the Ruby Miner, the Jenkins Miner could negatively impact the servers, causing slower load times and even issuing a Denial of Service (DoS). Depending on the strength of the attack, this could prove to be very detrimental to the machines. (By: Checkpoint Research)

Huge Malware Distribution Network Crippled
Security researchers are claiming at least a temporary victory over an enormously productive malware distribution scheme that shuffled as many as 2 million users a day from legitimate websites to malware. The networked, dubbed EITest, leveraged compromised websites to direct users to ransomware, tech support schemes and exploit kits. EITest, noticed as far back as 2011, had been dubbed the "king of traffic distribution." (By: )

Attackers exfiltrated a casino’s high-roller list through a connected fish tank
Internet of things devices are enlarging our attack surface, smart devices are increasingly targeted by hackers in the wild. Hackers recently stole a casino’s high-roller database through a thermometer in the lobby fish tank. At the time, hackers exfiltrated 10 GB of data that were sent out to a device in Finland.(By: , Security Affairs)


< BACK


Contact Us

If you are concerned about a potential breach or if you are currently experiencing a breach and require immediate assistance, contact our 24x7x365 Emergency Hotline:

Or fill out our contact form:

CONTACT US >


Our Goal

We are committed to preventing and responding to data security breaches. We have the most dedicated and qualified analysts in the cyber industry and can identify areas that you should focus on to enhance your level of security and awareness.


Sign Up For Netsec News Weekly

Ingalls Information Security