Security News

QBot partners with Egregor ransomware in bot-fueled attacks
2020-11-20 05:00

The Qbot banking trojan has dropped the ProLock ransomware in favor of the Egregor ransomware who burst into activity in September. Since their launch in September 2020, Egregor has been one of the most active big game hunting ransomware operations currently active.

Kount Event-Based Bot Detection protects the end-to-end customer journey from fraud
2020-11-12 02:30

Kount's offerings protect the end-to-end customer journey from fraud, and the new bot detection solution is the latest in the company's momentous year of new products, patents, partnerships, industry recognition, and more. Quadrant Knowledge Solutions named Kount #1 overall for eCommerce Fraud Detection, scoring Kount the highest for both Customer Impact and Technology Excellence.

Scalper-Bots Shake Down Desperate PS5, Xbox Series X Shoppers
2020-11-10 20:40

It's a big week for gamers across the globe, with imminent, dueling releases of Xbox Series X and PlayStation PS5. However, an army of retail bots threaten to drive prices up as much as three times the retail price, putting the coveted holiday gifts well out of reach of everyday fans. "Since most retailers have built their environments for high-speed and high-volume transactions, the bots are being supported by the environment that is trying to keep them out. The effort to build a retail store that delights customers and enables transactions plays right into the bot creators' hands."

Apple search bot leaked internal IPs via proxy configuration
2020-11-04 13:50

A proxy request may contain the X-Forwarded-For or Via HTTP headers revealing the source device's IP address, and inform the destination that the request is coming from a proxy. Last month, Security researcher and podcast creator David Coomber found out that Applebot had been using a proxy that leaked Apple's internal IP addresses.

New TrickBot Control Servers Unable to Respond to Bot Requests
2020-10-20 17:36

Control servers included in the configuration file of new TrickBot samples fail to respond to bot requests, according to researchers at threat intelligence company Intel 471. Days after the announcement Intel 471's researchers revealed that TrickBot resumed operations, and that Emotet was observed serving TrickBot payloads to infected machines.

Auth0 Bot Detection: A security feature that reduces the effectiveness of a credential stuffing attack
2020-08-19 02:45

Auth0 launched Bot Detection, a new security feature that reduces the effectiveness of a credential stuffing attack by as much as 85%, with minimal impact on user experience. Bot Detection is a powerful addition to the company's expanding security portfolio, and works in tandem with Auth0 Breached Password Detection, Brute Force Protection, and Multi-factor Authentication, to provide extensive mitigation against a variety of sophisticated threats, including automated attacks, account takeovers, phishing attacks, and more.

The distinction between human and bot behavior is becoming increasingly blurred
2020-07-28 04:00

As consumers change their online habits, the distinction between human and bot behavior is becoming increasingly blurred, presenting cybersecurity teams with an even bigger challenge than before when it comes to differentiating humans from bots, and good bot behavior from bad. In the past, businesses have just blocked all bot activity. Credential stuffing involves using stolen passwords and usernames to hijack accounts-the hacker buys a list of leaked passwords and then has a bot input these passwords on other sites to try to gain access.

It's a Meow-nixed system, I know this: Purr-fect storm of 3,000+ insecure databases – and a data-wiping bot
2020-07-24 21:18

Poorly secured databases are being wiped and vandalized by the thousands in a seemingly automated attack. The nuked databases were left facing the internet by their administrators so that anyone can read and write them, access that malicious software dubbed the Meow bot took advantage of to wreck the information silos.

Overconfident about their security, businesses are falling victims to bot attacks
2020-07-20 03:00

Many businesses are at risk from bot attacks, despite an awareness of the problem and a widely held belief that they have the problem under control, Netacea reveals. It found a high awareness of how bot attacks could negatively affect a business, with over 70% understanding the most common attacks, including credential stuffing and card cracking, and 76% stating they have been attacked by bots.

820% jump in e-gift card bot attacks since COVID-19 lockdowns began
2020-07-16 16:19

Researchers with cybersecurity firm PerimeterX have released new data showing an 820% increase in e-gift card scams since March, when most people began staying home to protect themselves from COVID-19. "E-gift card attacks usually target well-known brands because their e-gift cards are 'hot goods' in the secondary market. Amongst the brands protected by PerimeterX, we saw e-gift card attacks stay fairly steady in the e-commerce vertical since the COVID-19 lockdown started we saw a skyrocketing increase of 820% in such attacks, mainly in online food delivery services," PerimeterX's Yossi Barkshtein wrote in a blog this week.