GitHub Resets Passwords After Mass-scale Brute-force Attack
A methodical brute-force password-guessing attack on web hosting development site GitHub has resulted in a mass password reset and the revocation of various security authorizations.
Author: CySecBot
Symantec Finds the Early Stages of a Server-based Botnet Build
Trojan backdoors have traditionally attacked desktop and now mobile computers. In recent months, however, attackers have started to target servers. Two typical purposes are to use server bandwidth for powerful distributed denial-of-service (DDoS) campa…
Is MAM Identity and Access Management’s next big thing?
Mobile Application Management is making waves. Recent news from Oracle, IBM, and Salesforce highlight the market interest. It’s a natural extension of what you’ve been hearing at Identity trade shows over the past few years (and this year’s Gartner IAM…
Anonymous Said to be Exploiting ColdFusion in Government Hacks
The ongoing cyber-attacks by Anonymous on US government websites are being made possible thanks to an exploit for Adobe ColdFusion.
Lenovo Network Storage Flaw Revealed, and Patched
A new vulnerability in Lenovo network storage devices has been uncovered. The flaw can potentially be exploited by an attacker to gain unauthorized remote read-only access to network-attached storage (NAS) shares.
Botnet Takedowns: Effective or Deceptive?
This year has seen a few high-profile wins for the good guys in the form of botnet takedowns, especially those by Microsoft and Symantec earlier this year. But at least one security researcher is warning against rejoicing too heartily: the takedowns, h…
Is there a vBulletin Zero-day Out There?
Last Thursday the Inj3ct0r Team hacking group claimed on Twitter, “Inj3ct0r Team hacked http://vBulletin.com and http://Macrumors.com.” By Friday vBulletin admitted the breach, and on Monday it was reported that a zero-day vulnerability used against bo…
Millions in the UK Targeted by CryptoLocker Ransomware Spam
CryptoLocker, the ransomware menace that has been snowballing in profile of late, is stepping up its game even further. The UK’s National Crime Agency (NCA) is warning that its National Cyber Crime Unit are aware of a mass email spamming event that is …
Cyber-risk Transparency Spurring Cyber-insurance Interest
US public companies are more forthcoming with details regarding their cybersecurity risk profiles – and more transparency regarding cyber-risk and cyber-attacks is expected to drive greater adoption of cyber-insurance as a means of demonstrating better…
FBI Issues New Warning on Continuing Anonymous Hacks
Back in August the FBI announced that it had neutralized Anonymous “because of the dismantlement of the largest players.” This seemed to be confirmed with the October arrest of Brit Lauri Love for hacking thousands of networks including those of federa…