Small Businesses Now Bigger Targets In Cyberattacks
An posting from Dark Reading about Small Businesses Now Bigger Targets In Cyberattacks: It’s not just the big boys who the bad guys are hacking anymore: Smaller, more vulnerable, and defenseless organizations are now one of the most popular targets, newly published data shows. As targeted cyberattacks increased by 42 percent last year, nearly one-third of all of these attacks were aimed at businesses with less than 250 people.
“Smaller businesses presume they are not a target. But we think attackers [are targeting] them because they have weaker security settings and are probably easier to penetrate. Plus they do work with larger organizations … and attackers can use small companies as a stepping stone to larger ones or as an entry point into getting the information they want,” says Vikram Thakur, principal security response manager for Symantec, which today released these latest findings as part of its 2013 Internet Security Threat Report. “They need to expect that.”
To read more click here:
Google Down – Gmail, Google Drive and Admin Panel not Working
Another interesting article from our partners at hackersnewsbulletin.com about various Google services not working. Read on below:
“Sorry, there seems to be a problem. The service you’re looking for is temporarily unavailable. We’re working hard to restore your access as soon as possible. Please try again in a few hours. Thanks for your patience.”
To read the rest of this article click here.
Botnet Targeting WordPress “Admin” Username Accounts on the Internet
If you are a blogger and you are running WordPress as your blogging platform, please read this article. Attackers are logging in to WordPress blogs by using the default username “admin” and then using a brute-force dictionary-based attack to locate the password for the account.
According to reports from HostGator and CloudFlare, there is currently a significant attack being launched at WordPress blogs across the Internet.
So, if you are running WordPress at this time, it would be a good idea to make sure you are using a very strong non-dictionary related password or better yet, to either disable or delete the ‘admin’ account from your user list.
In 2012, SplashData released its list of the most popular Internet passwords for 2012. Because these passwords are commonly used, they are also the most vulnerable when it comes to digital security. A list of the most popular passwords are listed below:
- password
- 123456 (Unchanged)
- 12345678 (Unchanged)
- abc123 (Up 1)
- qwerty (Down 1)
- monkey (Unchanged)
- letmein (Up 1)
- dragon (Up 2)
- 111111 (Up 3)
- baseball (Up 1)
- iloveyou (Up 2)
- trustno1 (Down 3)
- 1234567 (Down 6)
- sunshine (Up 1)
- master (Down 1)
- 123123 (Up 4)
- welcome (New)
- shadow (Up 1)
- ashley (Down 3)
- football (Up 5)
- jesus (New)
- michael (Up 2)
- ninja (New)
- mustang (New)
- password1 (New)
WordPress founder Matt Mullenweg released a blog post saying, “If you still use “admin” as a username on your blog, change it, use a strong password, if you’re on WP.com turn on two-factor authentication, and of course make sure you’re up-to-date on the latest version of WordPress. Do this and you’ll be ahead of 99% of sites out there and probably never have a problem.”
He explained that in the WordPress 3.0 update, the company began allowing you to create your own login username when you first set up your WordPress backend — “admin” used to be the default. If you took the opportunity to make your own username, your account will be unaffected for now. – Source
This is not the first time WordPress has been a target, in 2012 an outdated versions of TimThumb, a popular PHP-based image resizer that is often used as the default by many WordPress templates cause a stir.
SecurityOrb.com, an information security and privacy awareness organization based in the Washington, DC Metro area agrees with the above recommendations pertaining to removing the ‘admin’ username and using a strong password. In conjunction, also using WordPress plugins that limit the number of login attempts can also be helpful to mitigate brute force dictionary-based attacks.
McAfee, NIST partner to boost U.S. cyberdefenses
An posting from CNET News about McAfee, NIST partner to boost U.S. cyberdefenses :
Security firm McAfee is working with the National Institute of Standards and Technology to try to shore up America’s defenses against cyberthreats.
McAfee announced today that the company is now part of the the National Cybersecurity Excellence Partnership and will join cybersecurity professionals from both the private and public sector to tackle the escalating problem of computer-based threats.
The partnership is part of the National Cybersecurity Center of Excellence, which is hosted by NIST in collaboration with the state of Maryland and Maryland’s Montgomery County
To read more click here:
FAA and security researchers at odds over airplane hack security
An posting from Naked Security about FAA and security researchers at odds over airplane hack security:
Two big flight organizations and two avionics manufacturers have released statements refuting last week’s claims by a security researcher that planes can be hacked with an Android app he created.
Hugo Teso, who is both a security consultant at n.runs AG and a trained commercial pilot, gave a talk about his research and subsequent creation of an exploit framework and “PlaneSploit” app at the Hack in the Box conference in Amsterdam last week.
Teso tested the app on aircraft hardware and software he acquired from eBay and other sources.
To read more click here:
Microsoft Discovers Trojan That Erases Evidence Of Its Existence
An posting from dark reading: Researchers at Microsoft have spotted a Trojan downloader that does something very savvy yet rare: it deletes its own components so researchers and forensics investigators can’t analyze or identify it.
The so-called Win32/Nemim.gen!A Trojan is also unusual in that unlike most Trojan downloaders that are put in place to deliver the real payload, this Trojan is also the payload, according to Jonathan San Jose, a member of Microsoft’s Malware Protection Center.
But the researchers lucked out and found some of pieces of the malware. “Most URLs that this trojan attempts to connect to for downloading are currently unavailable, but we got lucky and were able to find some of its components to investigate further,” San Jose says in a blog post.
To read more click here:
