Archive for the Network Security Category






Real-Time Malware, Miscat, Terrorism & Porn Protection Extended to zveloDB

The frequently changing content of social networking, blogs and other popular websites presents a huge challenge for web content filtering and endpoint security vendors. Web filtering vendors must provide a reliable application to allow IT professionals within SMB or enterprise networks the ability to instantly detect and block malicious websites, or legitimate websites that have been compromised, in order to thwart web attacks that can compromise intellectual property. The real-time capability to block adult, porn, criminal, hate and other inappropriate web content must also be extended to corporations, organizations and end-users alike. zvelo has long offered real-time protection to the customers of its OEM Partners that have utilized the zveloNET™ cloud network. Now, those OEMs that have integrated the local SDK deployment option of zvelo’s URL database will benefit from the same real-time protection with zvelo Instant Protection™(read the official press release).

 

Read more

Looking forward to the DEF CON 25 Hacking Conference

Looking forward to the DEF CON 25 Hacking Conference

Two large annual security conferences are taking place in Las Vegas this week and I will be attending the second one.

Read more

Best Practices You Can Adopt to Help Protect Against Router Vulnerabilities

Best Practices You Can Adopt to Help Protect Against Router Vulnerabilities

About two months ago, I posted a video blog showing how easy it is to obtain unauthenticated root access on a very popular Netgear router. This Netgear vulnerability received overwhelming news coverage and the urgent call went out across the Internet to patch all of their routers ASAP. Users scrambled to get new firmware for their hardware before hackers could potentially exploit the weakness to break into their devices. As a reaction to this negative […]

Read more

“Why Aren’t IoT Manufacturers Doing More to Prevent Botnet Attacks?” IoT Evolution Magazine Feature News by Jeff Finn, special guest

“Why Aren’t IoT Manufacturers Doing More to Prevent Botnet Attacks?” IoT Evolution Magazine Feature News by Jeff Finn, special guest

*****The following article, by Jeff Finn, appears within the Featured News section of IoT Evolution Magazine’s web site and was originally published on February 23, 2017. Malicious hackers seeking out unsecured devices to add to their botnet armies is not new, but the Internet of Things (IoT) revolution is making their jobs all too easy. According to Cisco estimates, there are 15 billion IoT devices on the market today; IDC and Intel project over 200 billion […]

Read more

zvelo’s CEO, Jeff Finn, offers his opinion on the future of IoT security in InfoSecurity Magazine

zvelo’s CEO, Jeff Finn, offers his opinion on the future of IoT security in InfoSecurity Magazine

Users Can Secure Their IoT Devices; But Will They? *****The following article, by Jeff Finn, appears within the Opinion section of InfoSecurity Magazine’s web site and was originally published on February 15, 2017. On an increasingly massive scale, cybercriminals are repurposing connected Internet of Things (IoT) devices installed within our homes. These hackers use malware to enlist our smart thermostats, speakers, lights, and more as soldiers for their botnet armies – used in coordinated massive […]

Read more

IoT, Botnets and DDOS: Avoid Becoming Part of the Problem

IoT, Botnets and DDOS: Avoid Becoming Part of the Problem

IoT, Botnets and DDOS: Avoid Becoming Part of the Problem Recently, hackers successfully unleashed an absolutely massive Distributed Denial of Service (DDoS) attack that swiftly knocked some popular websites offline, including Twitter, Spotify, Amazon and even GitHub. DDoS attacks are of course nothing new, but the latest attack was unique. Primarily because of its scale, but also because it was carried out with a botnet utilizing Internet of Things (IoT) connected devices, as opposed to […]

Read more

zvelo Spent the Week with over 20,000 Hackers at DEF CON 24 (Final Thoughts)

zvelo Spent the Week with over 20,000 Hackers at DEF CON 24 (Final Thoughts)

zvelo Spent the Week with over 20,000 Hackers at DEF CON 24 — Wraping it all up (Pt. 4) DEF CON is one of the largest, (if not the largest), hacker conferences in the world. Held over four days every August in Las Vegas, DEF CON is now in its 24th year and is bigger, better — and scarier — than ever. Our Senior Malicious Detection Researcher, Eric Watkins, participated again this year and provided […]

Read more

zvelo Spent the Week with over 20,000 Hackers at DEF CON 24 (Pt. 3)

zvelo Spent the Week with over 20,000 Hackers at DEF CON 24 (Pt. 3)

zvelo Spent the Week with over 20,000 Hackers at DEF CON 24 — Here’s What We Saw (Pt. 3) DEF CON is one of the largest, (if not the largest), hacker conferences in the world. Held over four days every August in Las Vegas, DEF CON is now in its 24th year and is bigger, better — and scarier — than ever. Our Senior Malicious Detection Researcher, Eric Watkins, participated again this year and provided […]

Read more

zvelo Spent the Week with over 20,000 Hackers at DEF CON 24 (Pt. 2)

zvelo Spent the Week with over 20,000 Hackers at DEF CON 24 (Pt. 2)

zvelo Spent the Week with over 20,000 Hackers at DEF CON 24 — Here’s What We Saw DEF CON is one of the largest, (if not the largest), hacker conferences in the world. Held over four days every August in Las Vegas, DEF CON is now in its 24th year and is bigger, better — and scarier — than ever. Our Senior Malicious Detection Researcher, Eric Watkins, participated again this year and provided a great […]

Read more

zvelo Spent the Week with over 20,000 Hackers at DEF CON 24

zvelo Spent the Week with over 20,000 Hackers at DEF CON 24

zvelo Spent the Week with over 20,000 Hackers at DEF CON 24 — Here’s What We Saw DEF CON is one of the largest, (if not the largest), hacker conferences in the world. Held over four days every August in Las Vegas, DEF CON is now in it’s 24th year and is bigger, better — and scarier — than ever. Our Senior Malicious Detection Researcher, Eric Watkins, participated again this year and provided a great […]

Read more

zvelo Recognizes its Staff in the Fight Against Sexual Exploitation of Children

zvelo Recognizes its Staff in the Fight Against Sexual Exploitation of Children

zvelo Recognizes its Staff in the Fight Against Sexual Exploitation of Children   “WE KNOW THAT TECHNOLOGY FACILITATES THE SEXUAL EXPLOITATION OF CHILDREN, BUT WE ALSO KNOW THAT WITHIN TECHNOLOGY RESIDES A SOLUTION.” – ERNIE ALLEN, FORMER PRESIDENT & CEO THE INTERNATIONAL CENTRE FOR MISSING AND EXPLOITED CHILDREN All of us here at zvelo are incredibly proud of the staff who tirelessly participate in these efforts. You are our rockstars. Our heroes. And, while it […]

Read more

zvelo now provides Cloud and Local Integration Options for Ultra-fast and Secure Access to Content and Device Datasets with zveloAPI™

zvelo now provides Cloud and Local Integration Options for Ultra-fast and Secure Access to Content and Device Datasets with zveloAPI™

zvelo Unveils zveloAPI™  to Power High-speed Access to Datasets zvelo, the leading provider of website and device categorization, unveils zveloAPI™, an ultra-fast, secure API, for accessing the zveloDP datasets through cloud-based queries and streaming data feeds. zveloAPI was designed to support a broad range of integration and deployment requirements, including: Cloud-based queries of any of the zveloDP datasets – ideal for mobile devices with limited storage resources, such as web filtering or parental controls on […]

Read more

An Invaluable Resource Against Data Breaches in the Hacking Age

An Invaluable Resource Against Data Breaches in the Hacking Age

An Invaluable Resource against Data Breaches in the Hacking Age You’re probably just as concerned about the rise of online fraud, data breaches, hacks and stollen accounts as the rest of the world is lately. There is a site to help you verify if you have been compromised: HaveIBeenPwned.com (HIBP). HIBP boasts a database of 581,434,781 stolen user accounts for you to check your email accounts against. The impressive amount of hacked data includes information sourced from 91 different […]

Read more

zvelo Urges Partners (and everyone) to Update their SSL Certificates to SHA-2

zvelo Urges Partners (and everyone) to Update their SSL Certificates to SHA-2

zvelo Urges Partners (and everyone) to Update their SSL Certificates to SHA-2 After December 31, 2015, SSL certificates that use the SHA-1 hash algorithm for their signature will be declared “technology non grata” on the modern Internet. It’s important to note that this is an industry-wide change and not specific to just zvelo’s products. As a result, beginning January 1, 2016, all partners (and everyone in general) will need to support SHA-2 SSL signed certificates […]

Read more

Ad Fraud Q&A: Partner SpotX Talks Ad Fraud with zvelo

Ad Fraud Q&A: Partner SpotX Talks Ad Fraud with zvelo

Partner SpotX holds Q&A with zvelo Business Development Vice President, Cordell BaanHofman, on all things ad fraud related. SpotX recently sat down with Cordell BaanHofman, our VP Business Development here at zvelo to discuss the current state of fraud in the industry, including brand safety challenges and ways combat them. They were curious about how zvelo combines artificial intelligence with human-supervised machine learning methodologies to deliver the most extensive content categorization, malicious site detection, botnet […]

Read more

How Hackers Got Away with over $80 Million from Bangledesh Bank

Demonstrating the need for increased security against malware and malicious website, reports have emerged of a group of unknown hackers that broke into Bangladesh’s central bank. Once in, they obtained the credentials needed for payment transfers from Federal Reserve Bank of New York and then transferred large sums to fraudulent accounts based in the Philippines and Sri Lanka. Ultimately four requests to transfer a total of about $81 million to the Philippines had already gone […]

Read more

EU-US Privacy Shield: EU Commission and United States agree on new framework for transatlantic data flows

EU-US Privacy Shield: EU Commission and United States agree on new framework for transatlantic data flows

EU-US Privacy Shield EU Commission and United States agree on new framework for transatlantic data flows A new US/EU arrangement puts stronger regulations on companies in the U.S. to protect the personal data of Europeans and stronger monitoring and enforcement by the U.S. A few highlights that new arrangement will include: Strong obligations on companies handling Europeans’ personal data and robust enforcement. U.S. companies wishing to import personal data from Europe will need to commit […]

Read more

Crowdsourced Security for Web Threat Intelligence

If we have a thousand monkeys typing away on a thousand typewriters, surely they can produce great works of literature – or so goes the popular adaptation of the Infinite Monkey Theorem. But in the context of information security, a similar idea has been taking shape in past few years. Crowdsourced security, leveraging on input from a host of geographically dispersed systems, is slowly gaining ground as a means to provide actionable threat intelligence for both the public and private sectors.

Read more

Thoughts on Secure Programming, Education and BYOD

Heartbleed vulnerability logoRecent events serve as the best example of how the context of security has shifted from the once server-centric model to that of a decentralized threat landscape. From the Heartbleed attacks to the widespread Internet Explorer vulnerabilities and finally the sensationalized OAuth issues, it appears that even organizations with a hardened perimeter infrastructure are just as vulnerable as an end-user at home. Although threats geared towards enterprise infrastructure are by no means going away, the prevalence of vulnerabilities affecting end-users are alarming to say the least.

Read more

Hack In The Box 2013 Kuala Lumpur Highlights – RFID, AIS and SDR

zveloLABS once again attended the 2013 Hack In The Box (HITB) conference in Kuala Lumpur, Malaysia, held in mid-October. Of all the wide variety of talks conducted during the conference, I found two correlated with the vulnerabilities of RFID systems to be the most intriguing. I’ve summarized them below.

Read more