Evaluating ways to thwart massive distributed denial-of-service attacks leads the latest edition of the ISMG Security Report. Also, explaining how "conspiracy theories" tied to an historic breach of Yahoo will have an impact on the internet company's future.
Internet of things security takeaway: Save yourself, and by doing so, maybe help save the rest of us too. That's the obvious takeaway from the rise of low-tech, high-impact Mirai malware, which has been tied to the record-setting Oct. 21 DDoS attack against Dyn.
Chinese manufacturer Xiongmai has promised to replace or patch some IoT components that attackers are using to build massive internet of things Mirai botnets to wage DDoS attacks, such as the Oct. 21 disruption of DNS provider Dyn. But security experts question whether these moves will blunt future IoT attacks.
There are two Yahoo conspiracy theories: It was hacked by a "state-sponsored actor," and it disabled email forwarding to prevent a post-breach exodus. Although neither scenario appears to be true, that doesn't mean the badly breached search giant is in the clear.
Neutering the army of web-connected devices used in the large internet attack that hampered access to major sites - including Amazon, PayPal, Spotify and Twitter - is technically possible. But no option offers either a great or near-term fix.
Massive DDoS attacks, targeting DNS provider Dyn, have triggered widespread internet disruptions. Security intelligence firm Flashpoint says the attacks have been perpetrated at least in part via a botnet of Mirai-infected internet of things devices.
Authorities say Yevgeniy Aleksandrovich Nikulin stole credentials from a LinkedIn employee and used them to breach the social networking firm in 2012, in which well over 100 million members' passwords were exposed.
Widespread website outages beginning early Oct. 21 are suspected to have been caused by a massive distributed denial-of-service attack against DNS service provider Dyn. Numerous sites, including Amazon and Twitter, were sporadically unavailable.
Some 3.2 million Indian debit cards may have been compromised, according to the National Payments Council of India. While investigations are ongoing and several banks have reissued at-risk cards, the source of the card exposure has not been officially confirmed.
Former NSA contractor Harold T. Martin III., who is accused of pilfering mass quantities of highly classified information, will remain in jail until his trial. Martin engaged in "a course of felonious conduct that is breathtaking in its longevity and scale," prosecutors say.
Experts evaluating the likelihood of a hack to alter votes in this year's American presidential election highlights the latest edition of the ISMG Security Report. Also, U.S. federal regulators propose new cybersecurity rules for big banks.
Yahoo is appealing to the U.S. director of national intelligence to declassify an order that allegedly required the company to install secret spying software that scanned incoming email accounts for specific content.