Blog | Network Security, IoT, Malicious Detection

Welcome to the zvelo Blog

The zvelo blog is where folks from zvelo discuss issues facing our markets – ad tech, network security and mobile service provider analytics. We discuss web security, malicious traffic, ad fraud, data breaches, artificial intelligence, fake traffic, website categorization, phishing, bots, privacy, BlackHat, DEF CON, Hack-in-the-Box, contextual targeting, semantic targeting, privacy, online safety and more.
IoT Cyber Security Is Reaching A Tipping Point In an article on ITPro, Jeff Finn writes about how the state of IoT cybersecurity is reaching a tipping point, forcing IoT device manufacturers to work partners that excel at networking. “The writing on the wall for IoT device manufacturers is to get serious about security and develop fruitful channel partnerships with network technology providers. The consensus among enterprise professionals is that IoT security has emerged as a front-of-mind
Once you see this vulnerability in action, it’s easy to imagine how easily devices can be exploited. Simple vulnerability hacks and tactics such as this can be used in coordination with home routers, smart speakers, video surveillance equipment, and much more to create havoc. If someone does take control of your router, they can easily infect or target other IoT (Internet of Things) devices on the same network. – Eric Watkins, Sr. Malicious Detection Researcher
The Other Winner of the EU ePrivacy Regulation – Contextual Targeting Recently, Digiday published an article about the “winners and losers” of the new EU ePrivacy law. As suspected, behavioral targeting is a clear loser due to its reliance on cookie-based targeting. The only winners mentioned seemed to be those outside of the realm of digital advertising. When the dust settles, after every publisher and tech company rushes to be compliant with these new rules,
It’s Bad Rabbit Season “Look, that rabbit’s got a vicious streak a mile wide! It’s a killer!” – Tim the Enchanter Like rabbits, ransomware seems to multiply at a prodigious rate.  The newest strain causing widespread damage dubbed Bad Rabbit, due to the TOR hidden service it directs victims to visit, appears to be based on the Petya ransomware and its’ variants, according to Cisco Talos.  The campaign seems to have largely targeted Russia and
Don’t Fear the Reaper What’s Reaper? Reaper (a.k.a IotTroop) is the latest botnet threat which is specifically targeting IoT vulnerabilities. With over 1.2 million devices already impacted, Reaper is the the largest IoT bot attack to date and continuing to grow rapidly. Using multiple C2’s, each with 10s of thousands of unique active IPs daily, Reaper is gaining momentum with each new device it exploits. Reaper builds on parts of Mirai’s code, but rather than
CRN-IoT Security Release
CRN Exclusive: zvelo Introduces IoT Security Offering To Detect Compromised Devices CRN: News, Analysis, and Perspective for VARs, and Technology Integrators *The following article, by Lindsey O’Donnell, is featured on CRN‘s website and was originally published on October 2, 2017. Network security company zvelo Monday unveiled an IoT security offering that uses artificial intelligence to automate the way enterprises discover and profile IoT devices on the network – and detect ones that are compromised. “Over the past two years, we saw
The role of content categorization in ensuring brand safety by Jeff Finn, CEO of zvelo With the digital advertising industry increasingly shaped by programmatic ad buying, brands are realizing the necessity – from a brand safety perspective – of ensuring that their ads steer clear of associations with objectionable content. *****The following article, by Jeff Finn, is featured on CMO Innovation‘s website and was originally published on September 19, 2017. The big boycott Just months ago, this issue
Real-Time Malware, Miscategorization, & Porn Protection Extended to zveloDB An Overview of zveloDB Instant Protection (zIP) zvelo Instant Protection (zIP) is a new feature designed to provide fast, up-to-the-minute updates on important category changes and real-time protection from newly identified blockable (adult, porn, hate, criminal, etc.) and malicious (malware, spyware, phishing, compromised, etc.) URLs. While SDK integrators of the zveloDB® – URL Database have always been protected from these URLs, local SDK database updates were
Keeping Voice-Activated Smart Home Device From Talking to the Wrong People by Jeff Finn, CEO of zvelo The introduction of voice-activated smart home solutions – like Amazon Echo and Dot, Google Home, and Apple’s HomePod – have brought with them the dream of convenient Star Trek-like interfaces where a user’s spoken wish is their command. But at the same time, these devices have served as a Trojan Horse, increasingly inviting in security issues and unintended
Spambot Spam Screen
Spambot Leak: 711 Million Email Addresses Ensnared by Lou Nabarrete, VP of Engineering and Data Operations Email Spam is dead! Long live Email Spam! It seems very strange that in the year 2017 (approximately 20 years from when the commercial use of the Internet first became possible), we are still dealing with email spam with no end in sight. There are many solutions now available in the industry that can be placed in various locations
Embedded Insiders Podcast – Keeping an eye on connected devices with data categorization “Data categorization” is helpful for analyzing information in IoT environments to support business intelligence applications, but it’s also an elegant way of monitoring the behavior of devices to determine whether they are being used as part of a potential cyber attack.  *****The following online article with an on-demand podcast, by Rich Nass, Embedded Computing Brand Director, and Brandon Lewis, Technology Editor together with
By Eric Watkins, Senior Malicious Detection Researcher at zvelo Two large annual security conferences are taking place in Las Vegas this week and I will be attending the second one. The first one, Black Hat, is primarily targeted at corporate audiences and sponsorships with well-known industry leaders and vendors supporting and attending the conference year after year. Traditionally, training sessions about computer security are also offered at Black Hat. The second security conference, DEF CON,
devil's ivy
By Eric Watkins, Senior Malicious Detection Researcher at zvelo This week, a new security vulnerability subject to remote attack, known as Devil’s Ivy, is targeting the c++ library used by thousands of different IoT device vendors. The most popular devices being compromised are IoT video cameras; however,  the associated risk is not limited to video cameras alone. IoT vendors often use chipsets from 3rd party OEMs as a means to quickly and easily integrate new
by Mathew Branyon, Data Operations Engineer at zvelo, Inc. In my last post, we explored reasons why we would want to use the container orchestration tool kubernetes to manage deployment of our applications. Of the numerous choices of  tools available to deploy Kubernetes, we’ve chosen kops because it works really well with Amazon Web Service (AWS). Now that we have chosen kops and AWS, let’s take a closer look at how to use them. What
*****The following article, by Jeff Finn, appears as an online article in the Opinion section on InfoSecurity Magazine Home’s web site and was originally published on July 13, 2017. In InfoSecurity Magazine: How IoT Device Discovery and Activity Detection Can Work by Jeff Finn, CEO of zvelo Even as IoT device volume races towards 200 billion by 2020, the vast majority of our connected gadgets still have little or no security features in place – leaving them ripe for
Let's Encrypt
Security TechTrends | zvelo Series by Eric Watkins, Senior Malicious Detection Researcher at zvelo In today’s world of malware and ransomware created to steal credentials and lock end users out of their machines, it’s important that we safeguard our credentials and data-at-rest (stored on our machines) and in transit (passing over the network). One of the best ways to secure data-in-transit is by ensuring that the services we use are configured to enable the strongest
by Eric Watkins, Senior Malicious Detection Researcher at zvelo Ransomware and malware attacks are not going to go away anytime soon, rather they are becoming increasingly more common. Last month we wrote about the malware ransomware campaign, WannaCry and now we’ll discuss yesterday’s ransomware campaign Petya which exploits another one of the many vulnerabilities released as part of the NSA toolset. What is Petya? The Petya malware ransomware screen Petya is a ransomware campaign that
Ad Roundup: Tools for traffic, ad placement. *****The following article, by Kristina Knight, appears in BizReport‘s web site in Advertising and was originally published on June 13, 2017. In today’s advertising roundup, a trio of new releases into the digital space which should help brands better detect traffic sources, get their information to customers, and optimize content. First, zvelo has released the Invalid Traffic dataset; the new dataset should help brands better determine the health of
zvelo beta tests Internet of Things security solution that leverages software-based sensors. zvelo CEO Jeff Finn explains how the assessment system works. *****The following article, by DH Kass, appears in MSSP Alert‘s web site and was originally published on June 16, 2017. Zvelo is beta testing an IoT Security solution, a software-based sensor that discovers network-attached devices, profiles them and tags compromised units. Think of it as an elaborate, sophisticated hall monitor that knows how you behave,
Marketing chiefs from the Association of National Advertisers (ANA) met with the heads of the trade group Trustworthy Action Group (TAG) to discuss how best to broach the matter of ad fraud, which is forecast to cost the industry in excess of $16bn this year alone, this week, amid wider efforts to meet this need from tech vendors. *****The following article, by Lisa Lacy, appears in the news section  on The Drum’s web site and was originally