Beyond GDPR - The EU Directive on Security of Network and Information Systems (NIS Directive)

There is no doubt that organizations all over the EU are preparing diligently for GDPR. Organizations outside of the EU are also being impacted by GDPR as well if they currently or plan to do business in the EU. However, there is also another piece of legislation that is coming into effect in May 2018 in the EU – The NIS Directive. This Directive is the first piece of EU-wide legislation on cybersecurity that impacts both operators of essential services and digital service providers.

Memcached Servers Exploited in Major DDoS Attacks

There have been multiple reports of Memcached servers being exploited in massive DDoS attacks this week. Zenedge users are protected.

Topics: DDoS DDoS Attacks, Network DDoS

New Zero-Day Discovered in WordPress: CVE-2018-6389


A new zero-day vulnerability has been discovered in WordPress (CVE-2018-6389).

Fitness Trackers: Who is watching?

wearables-and-security_primary2-100715595-large.jpgOver the weekend, a story broke that military personnel may have unwittingly revealed sensitive geographical information through using the Strava fitness tracker. This particular device allows users to record activity statistics for walking, running, and biking through either their smartphone or a wearable. The information can then be uploaded to the Internet and displayed as a map showing their workout route. Not only did this information expose the global location of bases and spy posts, but also the layout of these sites based on the movement patterns.

Topics: fitness tracker wearables

IoT Threats: The Growing Unnatural Disaster

internet-of-things.jpgIn one of our predictions for 2018, we said the IoT threat was going to go mainstream. Not only can the industry expect to see IoT devices being used as a vector for attack, they also provide a means of creating an attack of potentially unbelievable size. The IoT threat is something most of us did not consider in the past, but today it is at the top of the list for threats the Internet faces.

Topics: DDoS IoT

Mirai: #NeverForget

In December, the Justice Department announced charges for three defendants who pleaded guilty Mirai.jpgto creating and operating two botnets which targeted IoT devices, thrusting the Mirai malware back into the spotlight. “The Mirai and Clickfraud botnet schemes are powerful reminders that as we continue on a path of a more interconnected world, we must guard against the threats posed by cybercriminals that can quickly weaponize technological developments to cause vast and varied types of harm,” said Acting Assistant Attorney General Cronan. “The Criminal Division will remain constantly vigilant in combating these sophisticated schemes, prosecuting cybercriminals, and protecting the American people.” Government agencies have vowed to remain constantly vigiliant, and of course some of that onus falls on the private sector as well. In light of the recent ruling, we’ll look back on some of the lessons learned from Mirai and how it has changed the requirements of modern day cybersecurity.

Topics: DDoS botnet mirai IoT

Zenedge response: Meltdown & Spectre

The Meltdown and Spectre vulnerabilities impact various microprocesses and enable a class of meltdown-spectre-kernel-vulnerability.pngexploits, namely timing attacks against cached memory. A complete fix, in most cases, is only possible by updating firmware or moving to a non-vulnerable chipset.

Stand-alone WAFs are not enough!

As the security threat landscape continues to evolve, and threat actors improve their hacking tactics, techniques, and procedures, the daunting task of protecting public-facing web applications and API endpoints becomes more difficult by the day. Not only do organizations need to come to grips with reality and understand they are under attack nearly 100 percent of the time, they must also come to terms with the fact that their current approach to defending their applications and APIs is woefully deficient. However, there are solutions available now that can dramatically improve defensive postures to defeat today’s hacker campaigns and their ever-increasing persistence.

Topics: Cybersecurity waf

Mining for Malware: The Hidden Dangers of Bitcoin Apps

Ask the average person on the street what a Bitcoin is, and you’ll get answers ranging from “I have no idea” to comparisons with stocks and panning for gold. Consistent, and at times astonishing surges in value, have kept Bitcoin steadily in the news, leading more and more people to ask themselves how they can get in on the boom.

So first off, what is Bitcoin? Bitcoin is a type of cryptocurrency, which is an encrypted data string that denotes a unit of currency. It is supported by a blockchain, a peer-to-peer network which serves as a secure ledger for transactions such as buying, selling, and transferring the currency. There are over five hundred different types of cryptocurrency out there, but Bitcoin has risen above the rest to become the most highly valued and legitimized form.

Topics: Bitcoin DDoS Malware Ransomware bitcoin

Got Bots? – There are Solutions!

One of the most annoying aspects about the explosion of the bot phenomenon is the dreaded phone bot. Years ago, people would man call centers where they spent hour-after-hour dialing for dollars. The call centers and the companies that ran them would call peoples’ home phones in an attempt to sell them something. Lists of phone numbers and information about the people who paid for these phone lines were available, and these lists were quite valuable. Many of the people who were doing the dialing actually became quite good at what they did.