Network Security News Weekly

Current cybersecurity news to keep
you informed.

IT Services | Government | Financial |
Healthcare | Non-Profit

Network Security News Weekly

Articles of interest from the week of April 16, 2018

Experts uncovered a proxy botnet composed of over 65,000 routers exposed via UPnP protocol
Security researchers at Akamai have discovered a proxy botnet composed of more than 65,000 routers exposed to the Internet via the Universal Plug and Play (UPnP) protocol. The report highlighted that over 23 million IPs related to Portable UPnP SDK were vulnerable to remote code execution just through a single UDP packet, over 6,900 product versions from over 1,500 vendors were vulnerable through UPnP due to the exposure of UPnP SOAP service to the internet. (By: , Security Affairs)

Bank web apps are the "most vulnerable" to getting hacked, new research says
A report found XML external entity flaws and arbitrary file reading and modification flaws in about half of all the banking and financial sites they tested. In a worst-case scenario, an attacker can remotely run code to compromise a vulnerable server -- possibly leading to serious consequences for customers who expect their banks to keep their money safe. The report also noted that 80 percent of tested sites are vulnerable to cross-site scripting (XSS) attacks, which lets an attacker run malicious code on a website or web application. (By: , Zero Day)

Organized Cybercrime Now Accounts for 50 Percent of Breaches; Ransomware Attacks Double
Email remains the prominent malware delivery vector. DDoS, phishing, ransomware and command-and-control related attacks have emerged as prominent threats, with insiders and human error continuing to contribute to a vast majority of breaches. Companies are three times more likely to be breached by social attacks than by technical vulnerabilities, while12 percent of all attacks came from nation-sates and affiliated threat actors. (By: , Bank Info Security)

Experts spotted a campaign spreading a new Agent Tesla Spyware variant
Agent Tesla is a spyware that is used to spy on the victims by collecting keystrokes, system clipboard, screenshots, and credentials from the infected system. To do this, the spyware creates different threads and timer functions in the main function. A new variant of the infamous Agent Tesla spyware was spotted by experts at Fortinet, the malware has been spreading via weaponized Microsoft Word documents. (By: , Security Affairs)

Jenkins Miner: One of the Biggest Mining Operations Ever Discovered
By sending 2 subsequent requests to the CLI interface the crypto-miner operator exploits the known CVE-2017-1000353 vulnerability in the Jenkins Java deserialization implementation. The vulnerability is due to lack of validation of the serialized object, which allows any serialized object to be accepted. Similar to the Ruby Miner, the Jenkins Miner could negatively impact the servers, causing slower load times and even issuing a Denial of Service (DoS). Depending on the strength of the attack, this could prove to be very detrimental to the machines. (By: Checkpoint Research)

Huge Malware Distribution Network Crippled
Security researchers are claiming at least a temporary victory over an enormously productive malware distribution scheme that shuffled as many as 2 million users a day from legitimate websites to malware. The networked, dubbed EITest, leveraged compromised websites to direct users to ransomware, tech support schemes and exploit kits. EITest, noticed as far back as 2011, had been dubbed the "king of traffic distribution." (By: , )

Attackers exfiltrated a casino’s high-roller list through a connected fish tank
Internet of things devices are enlarging our attack surface, smart devices are increasingly targeted by hackers in the wild. Hackers recently stole a casino’s high-roller database through a thermometer in the lobby fish tank. At the time, hackers exfiltrated 10 GB of data that were sent out to a device in Finland.(By: , Security Affairs)

Sign Up For Netsec News Weekly

Contact Us

If you are concerned about a potential breach or if you are currently experiencing a breach and require immediate assistance, contact our 24x7x365 Emergency Hotline:


Ingalls Information Security
Ingalls Information Security is a Pure-Play Cybersecurity Services Company with 100% of Operations in the United States