Trove of infected Elasticsearch nodes uncovered

siren

Once again, thousands of misconfigured Elasticsearch servers have placed the internet at risk. The vast majority of the poorly secured servers were hosted on Amazon Web Services. Attackers enlisted 4,000 of those servers into a powerful Point-Of-Sale (PoS) botnet. The security firm Kromtech Alliance, which found the unsecured servers, says that they were researching Elasticsearch […]

Internet worms through the ages — from relatively low risk to highly destructive

Security worm

In recent weeks, information security professionals have been sending out red alerts warning users of rapidly spreading, highly destructive worms. The security experts at DXC Technology are no exception. We are working with customers on a defense in-depth approach with perimeter security, using products with a secure-by-design approach (like recent chipsets from Intel & ARM) […]

Attention Apple users: New attack steals banking creds

Iphone security

A recently discovered malware targeting MacOS, named OSX/DOK, is now targeting unsuspecting Apple Mac users and attempting to steal their banking access credentials. The malware, initially discovered by researchers at Check Point Software Technologies, reportedly affects all versions of OSX, had a valid developer certificate, and targeted users via a widespread phishing attack. According to […]

Defensive strategies for protecting IoT

When it comes to the Internet of Things (IoT), there are already billions of the tiny connected devices and they’re creating game-changing opportunities for a variety of companies. But IoT’s promise could be derailed by its risks. Building a secure IoT future will require the efforts of all industry participants, from those that make IoT […]

Worse than ransomware? That’s just great.

Cyber attack

If you or your enterprise were victims of the reported massive ransomware attack that rocked the digital world Tuesday, you may have seen a message on your infected device informing you that your data will be unlocked after you pay a $300 hostage fee in bitcoin. Researchers initially thought the “malware was a new version […]

Suspected botnet author arrested

A 29-year-old man thought to have been involved in the Mirai botnet malware used in a series of devastating attacks during the second half of last year has been arrested. As the BBC reports in Router hacker suspect arrested at Luton Airport, the man was arrested under a European Arrest Warrant at the request of the […]

New Mac malware on the loose: What you need to know

In the past week, two relatively crude threats to Mac users have surfaced. The malware targets Apple’s operating system, now called MacOS. The first piece of malware, analyzed by researchers Claudio Guarnieri and Collin Anderson and dubbed MacDownloader, was used as part of an attack that targeted the U.S. defense and aerospace industries. The attackers created a fraudulent […]

The latest Android vulnerabilities threatening enterprises

A pair of major vulnerabilities have emerged in Android apps in recent months, according to mobile app risk management vendor Appthority. The company’s quarterly enterprise mobile threat update flags the emergence of rooting and overlay malware in Android apps. Three specific examples of rooting malware were detected in the third quarter inside apps on the Google Play […]

6 keys to enterprise mobile security

mobile device security enterprise IT CSC Blogs

There was a time when mobile devices just didn’t face the same kind of threats from attackers and malware as full-featured operating systems did. Those days are gone. Criminals, spies and whoever wants to access data have to make the transition to exploiting mobile devices because that’s where the users, apps and data reside today. The […]

New malware targets energy industry

cybersecurity malware energy industry infrastructure CSC Blogs

New malware, according to researchers at SentinelOne, is effective at bypassing the typical static and behavioral detection techniques used by anti-malware software, and performs numerous anti-sandboxing techniques. The malware is also designed to bypass certain types of authentication, such as facial recognition and fingerprint biometrics. Researchers  Joseph Landry and Udi Shamir suspect that the code was written […]