Currently facing backlash from the widespread DDoS attacks last week, the FCC is being pressed on how they plan to manage and regulate the increase of IoT devices on the market. Many in congress are pressuring the FCC to regulate IoT devices as different entities than traditional computers, saying that their impact on network infrastructure is fundamentally different.
The current commissioners are pretty unanimous in their belief that the Open Internet Order gives ISP’s the correct amount of leeway to handle threats similar to the recent DDoS attacks themselves. The Open Internet Order grants ISP’s “Reasonable Network Management”. If that sound’s extremely flexible, that’s intentional.
Mostly, the FCC wants to keep their hands out of this mess, opting instead for a more advisory role.
You can read more on this subject by clicking here.
Well, it was about time the free, IRC/Teamspeak VOIP service has its holes punched. Discord has become an increasingly popular VOIP platform for gamers over the last couple of years and, with its popularity, hackers are now interested. Sources have warned that hackers are now abusing its servers to host and distribute remote access trojans. Ionut Arghire reports Symantec research on these RATs:
“According to Symantec, most of the malicious samples they discovered on the service include RATs such as NanoCore (Trojan.Nancrat), njRAT (Backdoor.Ratenjay), and SpyRat (W32.Spyrat), yet infostealers, Trojan Horse malware samples, and downloaders were also found being hosted on Discord. The security researchers believe that the malware might have been used in drive-by downloads or social-engineering campaigns.”
So what’s the motive? Experts are speculating that it’s simply to retrieve user credentials towards gaming. “The attackers behind the RATs and other malware may have distributed their threats on the service to steal sensitive information related to online gaming (credentials, items, in-game currency, and contacts) directly from the victim’s computer. This data can be valuable to attackers just as much as other personally identifiable information (PII), such as users’ bank account details, web service credentials, contact numbers, IP addresses, and biometric information. These could all be harvested by data thieves in the process,” Symantec notes.
Because Discord uses similar chat mechanics as IRC it’s easy for hackers to exploit/trick users into downloaded obscure files. Naturally common sense comes into play as Discord users should be careful giving out their information while roaming the streets of Discord servers. Discord has added additional virus scanning services to their software whenever an executable is uploaded as well as permission controls to encourage users to be safe while using the service. Naturally, however, common sense seems to be an easy pawn in the game of hacker vs user.
St. Jude Medical is currently being targeted due to security vulnerabilities in implanted heart devices. Back in August, MedSec and Muddy Waters released a report about how St. Jude’s pacemakers and defibrillators were vulnerable to cyberattacks that could result in battery drain or manipulation of pacemaker beat rates. This could in turn put a patient’s life at risk.
Bishop Fox, an independent security firm, recently provided a testimony stating that the St. Jude cardiac devices ecosystem does not meet the security requirements of a system responsible for safeguarding life-sustaining equipment implanted in patients. In addition, the wireless protocol used by the devices to communicate also have vulnerabilities that allow attackers to take control of the device and deliver shocks to patients at a range up to 10 feet and possibly more with additional components.
Movidius, a chip maker specializing in artificial intelligence and computer vision has created a chip called the Myriad chip. The company has recently been acquired by Intel and the Myriad chip is now being added to Hikvision, a line of internet-connected security cameras.
The chip is designed to perform deep learning techniques without overwhelming smaller devices like video cameras. Movidius claims that since the analysis can be done on the actual device, the amount of data that gets sent is actually much smaller and could share small video clips when it detects a serious threat or problem that requires attention. They also claim that it lowers the rate of false positives.
However, some features could be exploited for invasive government surveillance or worked around by someone trying to commit a crime. It is a helpful device with seemingly many problems.