Drupalgeddon 3 in retrospect
Nikolett Hegedüs

Drupalgeddon 3 in retrospect

As you know, recently we’ve released multiple security patches for the Drupalgeddon vulnerabilities. The last one was Drupal Remote Code Execution - SA-CORE-2018-004, CVE-2018-7602, patched only 2 days after it was first discovered. We’re very proud of our quick reaction time and would like to share some statistics with you about the attacks that were prevented since then - with the help of BitNinja. The data from the first incident that we’ve caught looks like this (the URL is masked for privacy purposes): Url: [###.hu//] Headers: [array ( 'User-Agent' => 'Mozilla/5.0 (X...
Read more
GPON routers – new elements of your botnet attacks?
Laszlo Takacs

GPON routers – new elements of your botnet attacks?

People can never rest. We thought that after the last serious Drupal vulnerablity finally we can rest, but a new threat came up which is including GPON routers made by Dasan. GPON is a type of Passive Optical Network (PON) used to provide fiber connections. It is being used to provide short haul fiber connections for cellulas base stations, home access points, DAS. Primary regions with GPON devices include Vietnam, Mexico, Kazakhstan. Top countries Number of Devices Mexico 492,080 Kazak...
Read more
Server security on point – 5 +1 best practices for Linux sysadmins
Boglarka Angalet

Server security on point – 5 +1 best practices for Linux sysadmins

No matter if you’re a Linux security veteran or you’re just about to get your feet wet, you’ll face the same security threats and upcoming attacks forms. Here we come with a security cheat sheet with ultimate checkpoints that no sysadmins should miss. When meeting new company, usually the very first thing I’m asked about is „How should I get rid of hackers? Show me the silver bullet.” But it’s a little bit like asking an economist on „Where to invest my money?”. It depends. To get a grip in the jungle of security recommendations, here I collected some guidelines...
Read more
Which are the most scanned ports?
Eniko Toth

Which are the most scanned ports?

What is a port? Ever since computers are able to run more programs at the same time and can connect to modern networks, ports became important. 3 things are needed for the communication between two machines: IP address of the host Port number Type of protocol (e.g. TCP, UDP) A port number is a 16-bit number between 0 and 65535. There are some specific ports which identify some exact services, e.g. port 80 is used for HTTP communication. Types of ports: Well Known Ports: 0 - 1023 Registered Ports: 1024 - 49151 Dynamic/Private : 49152 - 65535 W...
Read more
Old botnets aren’t harmless - the presence of Cutwail botnet nowadays
Anita Batari

Old botnets aren’t harmless - the presence of Cutwail botnet nowadays

Server operator faces many different types of attacks every day. Brute force, spam, CMS hacks and SQL injections are the most common - and the majority of them are automated botnet attacks. I think none of us can estimate how many servers and PCs are being unprotected against even the most simple botnets. But it’s not necessary to be a victim of an easily defendable attack. But even being careful, one thing you can fail about server security is underestimating the risk of old vulnerabilities and botnets. Thinking they’re doing no harm anymore, since they have been exposed and tracked d...
Read more
Castle Vs Airport Model in security
George Egri

Castle Vs Airport Model in security

Apart from changing the way we live, this virtual connectivity has exposed us to an array of attacks. Cyber risks are a growing concern in virtually every aspect of our lives. The integration of technology into our everyday tasks has paved way for more efficient work performance yet left us vulnerable to many cyber-attacks.  To combat the situation, easy-to-use server security tool was introduced into the equation with BitNinja being one of the top contenders.  With more and more malicious programs and hackers trying to penetrate systems on a daily basis via the use of latest tech...
Read more
Useful facts in cybersecurity landscape
Anita Batari

Useful facts in cybersecurity landscape

Today's post is a little eccentric. Thanks to the Crozdesk's  IT & Security we show you a really good infographic. You can check the past, the present and the future of the cybersecurity and the ITsecurity solutions. Which are the biggest fears? What are we expecting from a cybersecurity software? What kind of tools do you require to prevent attacks? You can find answers here: Which weapons are available in BitNinja? Malware Detection Web Application Firewall Intrusion Prevention System - with our greylist Denial of Service prevention...
Read more
The Next Level of Hacking
Dani Molnár

The Next Level of Hacking

Dani Molnár
In December 2015 and 2016 there were two blackouts in Ukraine that caused hundreds of thousands of Ukrainians to endure the notorious eastern cold winter for a few hours. At first, this wasn’t an alarming event as blackouts can happen anywhere and anytime, but the scale of it made people suspicious about it.  Later it turned out, that both attacks were cyber-attacks coming from Russia. Makes you think of Ian Fleming’s James Bond title “From Russia with Love” am I right? But why is it important? Why can we say that it is a milestone in the world of cyber-terrorism? Hackers can be found...
Read more
New IoT botnet captured by BitNinja
Anita Batari

New IoT botnet captured by BitNinja

We always keep our eyes on the logs, data, and charts. We always see abnormalities and unusual behaviours, we have found botnets before, but our recent catch is one of the biggest. These cases are really hard to handle due to the huge number of affected IPs. On the evening of 14th June, we have seen something strange, the average incident number increased by nearly 200%. But that was just the beginning, later on, there was a period when we received over five times more incidents. After 24 hours, we had four times more data than on an average day. We have captured a new botnet, which attacke...
Read more
The most common attacks against websites
Nikolett Hegedüs

The most common attacks against websites

Nikolett Hegedüs
I’m sure you’ve heard about the recent headlines about the hacked cameras with the system default passwords or how IoT (Internet of Things) devices can serve as botnets in huge DDoS attacks against the most frequently visited websites. One of these kinds of attacks was a DDoS attack against Dyn, the internet infrastructure company responsible for routing internet traffic. It caused outages in multiple large traffic websites like Twitter, Netflix, Reddit, Spotify, and Tumblr. In the case of a worse kind of black Friday, these websites were inaccessible for a couple of hours.   &n...
Read more