The Difference Between Sandboxing, Honeypots & Security Deception

Dark Reading

A deep dive into the unique requirements and ideal use cases of three important prevention and analysis technologies

Cybersecurity in 2019: From IoT & Struts to Gray Hats & Honeypots

Dark Reading

While you prepare your defenses against the next big thing, also pay attention to the longstanding threats that the industry still hasn't put to rest

Deception: Why It's Not Just Another Honeypot

Dark Reading

The technology has made huge strides in evolving from limited, static capabilities to adaptive, machine learning deception

Free Tool: Honey Feed

Security Affairs

Cybersecurity expert Marco Ramilli shared another tool of his arsenal that extracts suspicious IPs from undesired connections, his HoneyPots. In other words: HoneyPots. If you like having fresh HoneyPot feeds in your OSINT collection, please feel free to download them directly HERE.

Tools 98

Podcast: The Evolution of Deception Technology


IoT Podcasts Deception Technology honeypot Honeypots medical devices SCADADeception technology is an emerging category of cyber defense that is particularly useful when it comes to IoT devices, SCADA systems and medical devices.

New Threat Actor ‘Rocke’: A Rising Monero Cryptomining Menace


A threat actor been spotted on a number of honeypots looking to download and execute malicious cryptomining malware. Hacks Malware Cryptominer cryptomining Cryptomining Malware honeypot malware Monero oracle web logic server rocke shell script threat actor

Even 'Regular Cybercriminals' Are After ICS Networks

Dark Reading

A Cybereason honeypot project shows that ordinary cybercriminals are also targeting weakly secured environments

Researchers Offer 'a VirusTotal' for ICS

Dark Reading

Free online sandbox, honeypot tool simulates a real-world industrial network environment

ThreatList: Malware Samples Targeting IoT More Than Double in 2018


A honeypot set up to sniff out data on infected IoT devices found a broad array of compromised devices – from Mikrotik routers to dishwashers. IoT Malware botnet Gafgyt IoT security malware mikrotek Mirai SSH Telnet

Misleading Cyber Foes with Deception Technology

Dark Reading

Today's deception products go far beyond the traditional honeypot by catching attackers while they are chasing down non-existent targets inside your networks

Hackers target MySQL databases to deliver the GandCrab ransomware

Security Affairs

The experts discovered the attacks because they hit one of the company’s honeypots that emulates MySQL listening on the default TCP port 3306. The GandCrab sample that targeted the honeypot was downloaded more than 500 times.

Over 19,000 Orange Livebox ADSL modems leak WiFi credentials

Security Affairs

Experts at Bad Packets observed a scan targeting their honeypot, further investigation allowed them to discover that they were leaking the local network access details.

Hackers exploit Jenkins flaw CVE-2018-1000861 to Kerberods malware

Security Affairs

Marinho noticed some attacks hit one of his honeypots attempting to exploit this Jenkins vulnerability to deliver the Kerberods cryptominer. “After analyzing the threat which attacked one of my honeypots, I created the diagram shown in the picture below.

How Cybercriminals are Targeting free Wi-Fi Users?

Security Affairs

Fake Honeypots. The fake honeypots are quite similar to the fake Wi-Fi access points, but the only difference is that the honeypot is set in a more sophisticated manner. Free Wi-Fi is convenient, but it is also unsafe and puts users at great risk.

Past, present, and future of the Dark Web

Security Affairs

Honeypots. The dark web is full of honeypots. It is also impossible to determine the diffusion of honeypots. Or is the Dark Web itself a honeypot for criminals, anarchists, terrorists and. Which is the difference between the Deep Web and Dark Web?

Evolution of threat landscape for IoT devices – H1 2018

Security Affairs

The researchers set up a honeypot to collect data on infected IoT devices, the way threat actors infect IoT devices and what families of malware are involved. Security experts from Kaspersky have published an interesting report on the new trends in the IoT threat landscape.

IoT 91

Experts found first Mirai bot targeting Linux servers via Hadoop YARN flaw

Security Affairs

Netscout observed tens of thousands of exploit attempts daily targeting it honeypots, in November attackers attempted to deliver some 225 unique malicious payloads exploiting the Hadoop YARN vulnerability. “ASERT has been monitoring exploit attempts for the Hadoop YARN vulnerability in our honeypot network and found a familiar, but surprising payload – Mirai.

New Linux coin miner kills competing malware to maximize profits

Security Affairs

The experts detected a coinminer script on one of their honeypots and, the malicious code shares some parts with the Xbash malware and the KORKERDS cryptocurrency miner that leverages rootkit to avoid detection.

Weekly podcast: ICS attacks, Reddit and SIM swap arrests

IT Governance

Cybereason’s researchers recently set up a honeypot environment with a network architecture that replicated that of “typical power substation” and waited.

Multiple threat actors are targeting Elasticsearch Clusters

Security Affairs

“Through ongoing analysis of honeypot traffic, Talos detected an increase in attacks targeting unsecured Elasticsearch clusters. “Based on patterns in the payloads and exploit chains, Talos assesses with moderate confidence that six distinct actors are exploiting our honeypots.” Security researchers at Cisco Talos are warning of a spike in attacks on unsecured Elasticsearch clusters to drop cryptocurrency miners.

Cryptojacking campaign uses Shodan to scan for Docker hosts to hack

Security Affairs

The analysis of the logs and traffic data coming to and from the honeypot , revealed that the attackers used a container from a public Docker Hub repository named zoolu2.

Hacking the hackers – IOT botnet author adds his own backdoor on top of a ZTE router backdoor

Security Affairs

The code by Scarface targets devices on a different port, 8083 though( justifying why our NewSky honeypots are seeing a surge of this vulnerability usage on port 8083 instead of the standard 80/8080 ports).

IoT 109

Shellbot Botnet Targets IoT devices and Linux servers

Security Affairs

The experts used the credentials from one of the commands injected into the honeypots, they noticed the files’ contents often changed on the server and modification, deletion and addition of files mostly happened during daytime in Central European Time/CET.

IoT 107

Information Disclosure flaw allows attackers to find Huawei routers with default credentials

Security Affairs

The attacker does not need to attempt a failed login anymore, or encounter a generic honeypot which doesn’t have this flag. Some models of Huawei routers are affected by a flaw that could be exploited by attackers to determine whether the devices have default credentials or not.

Ngrok Mining Botnet

Security Affairs

In my previous post I discussed the initial prototyping of a Docker Honeypot / Sandbox called Whaler. There’s a clear correlation between the honeypot first appearing on Shodan and an immediate wave of attacks.

Mining 104

Chalubo, a new IoT botnet emerges in the threat landscape

Security Affairs

These types of simple attacks on our honeypots are quite common, but what made this stand out was the libsdes sample.”

IoT 87

Free Tools: spotting APTs through Malware streams

Security Affairs

Honey Feed , a tool that extracts suspicious IPs from undesired connections, his HoneyPots. Cyber security expert and founder of Yoroi has published a new tool that could be used to spot APTs (A dvanced Persistent Threats) through Malware streams.

Tools 94

DNS hijacking campaigns target Gmail, Netflix, and PayPal users

Security Affairs

“Over the last three months, our honeypots have detected DNS hijacking attacks targeting various types of consumer routers.” Security experts at Bad Packets uncovered a DNS hijacking campaign that is targeting the users of popular online services, including Gmail, Netflix, and PayPal.

Malware Training Sets: FollowUP

Security Affairs

The popular expert Marco Ramilli provided a follow up to its Malware classification activity by adding a scripting section which would be useful for several purposes. On 2016 I was working hard to find a way to classify Malware families through artificial intelligence (machine learning).

Challenges faced while training an AI to combat abuse


Collecting ground truth with honeypots : Honeypots. The main difficulty with honeypots is to make sure that the collected data is representative of the set of the attacks experienced by production systems.

Challenges faced while training an AI to combat abuse


Collecting ground truth with honeypots. Honeypots. The main difficulty with honeypots is to make sure that the collected data is representative of the set of the attacks experienced by production systems.

Google+ Won (Or Why Google Never Needed A Social Network)

John Battelle's Searchblog

The post Google+ Won (Or Why Google Never Needed A Social Network) appeared first on John Battelle's Search Blog. Since the news that Google+ chief Vic Gundotra has abruptly left the company , the common wisdom holds that Google’s oft-derided Facebook clone will not be long for this world.

Q&A: How emulating attacks in a live environment can more pervasively protect complex networks

The Last Watchdog

We’ve set up honeypots around the world, which we use to harvest and categorize malware. Most large enterprises today can point to multi-millions of dollars expended over the past two decades erecting “layered defenses” to protect their digital systems. Yet catastrophic network breaches continue apace. Turns out there’s a downside to “defense in depth.”. Related: Obsolecense creeps into legacy systems.

Leopard Spots and Zebra Stripes: Big Data and Identity Management

Thales eSecurity

Because behavioral biometric data can contain confidential and personal information, and reveal sensitive insight, it can also be a high value target and represent a honeypot for attackers.

Facebook, Twitter, and the Senate Hearings: It’s The Business Model, Period.

John Battelle's Searchblog

“We weren’t expecting any of this when we created Twitter over 12 years ago, and we acknowledge the real world negative consequences of what happened and we take the full responsibility to fix it.”

Podcast Episode 109: What’s The US Freedom Army? Ask Russia.

The Security Ledger

When the firm Cyberreason set up a honeypot network designed to look just like a functioning industrial control system environment, they were expecting to attract a few flies. In this week’s episode of the Security Ledger Podcast (#109): What lurks in the dark recesses of online information operations? How about a secret “US Freedom Army” organized by Russia linked online “info ops?” ” Dave Aitel of Cyxtera joins us to talk about it.

The Information Management Umbrella

Brandeis Records Manager

I partner with our Chief Info Security Officer on projects and share his vigilance under the broader governance umbrella, but I am not responsible for endpoint detection and response, authentication protocols, malware interception, and honeypots. George Despres, CRM. Program Director for University Records Management, Brandeis University. The content in this blog reflects the opinions of the author, and not of Brandeis University.).

Inside Mirai the infamous IoT Botnet: A Retrospective Analysis


By its second day, Mirai already accounted for half of all Internet telnet scans observed by our collective set of honeypots, as shown in the figure above. This post provides a retrospective analysis of Mirai — the infamous Internet-of-Things botnet that took down major websites via massive distributed denial-of-service using hundreds of thousands of compromised Internet-Of-Things devices. At its peak in September 2016, Mirai temporarily crippled several high-profile services such as.