Author Archives: Enurrendy

Imperva Application Security portfolio provides protection for any attack size

Imperva, the cybersecurity leader championing the fight to secure data and applications wherever they reside, announced significant enhancements to the Imperva Application Security portfolio, now offering targeted protection against account takeover (ATO), an industry-leading approach to detecting and blocking malicious attacks targeted at APIs, as well as partnerships with leading API vendors and an unprecedented three-second SLA for mitigating any type of DDoS attack. These capabilities help customers further harden their defenses against rapidly evolving … More ? The post Imperva Application Security portfolio provides protection for any attack size appeared first on Help Net Security .

View article:
Imperva Application Security portfolio provides protection for any attack size

Vulnerable TP-Link Wi-Fi extenders open to attack, patch now!

Several TP-Link Wi-Fi extender devices sport a critical remote code execution vulnerability that could allow attackers to take over the devices and command them with the same privileges of their legitimate user, IBM X-Force researcher Grzegorz Wypych warns. Aside from making the device part of a botnet, attackers could carry out sophisticated malicious activity by executing any shell command on the device’s operating system. “An attacker compromising this type of device, and the device being … More ? The post Vulnerable TP-Link Wi-Fi extenders open to attack, patch now! appeared first on Help Net Security .

Taken from:
Vulnerable TP-Link Wi-Fi extenders open to attack, patch now!

No Telegram today, protestors: Chinese boxes DDoS chat app amid Hong Kong protest

That Guns N’ Roses album* might be out soon… or not Chat app Telegram has reportedly been DDoS’d, with its downtime coinciding with protests in Hong Kong against repressive new Chinese laws.…

More here:
No Telegram today, protestors: Chinese boxes DDoS chat app amid Hong Kong protest

Global communications service providers struggling to fend off growing number of DDoS attacks

Global communications service providers, whose businesses are predicated on continuous availability and reliable service levels, are struggling to fend off a growing number of DDoS attacks against their networks. A lack of timely and actionable intelligence is seen as a major obstacle to DDoS protection, according to A10 Networks. The critical need for DDoS protection The A10 Networks study conducted by the Ponemon Institute highlights the critical need for DDoS protection that provides higher levels … More ? The post Global communications service providers struggling to fend off growing number of DDoS attacks appeared first on Help Net Security .

Follow this link:
Global communications service providers struggling to fend off growing number of DDoS attacks

Microsoft wants to improve routing security

The Mutually Agreed Norms for Routing Security (MANRS) initiative, supported by the Internet Society, announced that Microsoft has joined the program whose primary objective is to reduce the most common threats to the Internet’s routing system. Routing security is vital to the future and stability of the Internet. Last year alone, there were 12,600 routing outages or incidents such as route hijacking and leaks that led to large-scale Distributed Denial of Service (DDoS) attacks, stolen … More ? The post Microsoft wants to improve routing security appeared first on Help Net Security .

Excerpt from:
Microsoft wants to improve routing security

Attackers actively exploiting Atlassian Confluence and Oracle WebLogic flaws

Attackers are actively exploiting recently fixed vulnerabilities in Oracle WebLogic and the Widget Connector macro in Atlassian Confluence to deliver ransomware, mine cryptocurrency and make the compromised machines participate in DDoS attacks. The Oracle WebLogic attacks CVE-2019-2725 is a deserialization remote command execution vulnerability that affects all Oracle WebLogic versions that have two specific components enabled. It was publicly revealed on April 21 and Oracle published an out-of-band security fix for it on April 25. … More ? The post Attackers actively exploiting Atlassian Confluence and Oracle WebLogic flaws appeared first on Help Net Security .

More:
Attackers actively exploiting Atlassian Confluence and Oracle WebLogic flaws

There’s NordVPN odd about this, right? Infosec types concerned over strange app traffic

Firm explains but security folk not appy with clarifications Weird things are afoot with NordVPN’s app and the traffic it generates – Reg readers have spotted it contacting strange domains in the same way compromised machines talk to botnets’ command-and-control servers.…

Read this article:
There’s NordVPN odd about this, right? Infosec types concerned over strange app traffic

The latest DDoS attacks are mostly multi-vector and morph over time

DDoS attacks continue to be an effective means to distract and confuse security teams while inflicting serious damage to brands, according to Neustar. Also, when comparing Q1 2019 vs. Q1 2018, the company has registered a 200 percent increase of attacks on directly provisioned customers. Report findings The largest attack size observed by them in Q1 2019 was 587 Gbps in volume, and the longest duration for a single attack was nearly a day and … More ? The post The latest DDoS attacks are mostly multi-vector and morph over time appeared first on Help Net Security .

View article:
The latest DDoS attacks are mostly multi-vector and morph over time

The correlation between DDoS attacks and cryptomining

There is a direct correlation between cryptocurrency and DDoS attacks. As the price of cryptocurrency dropped in 2018, leading to decreased profits from cryptomining, hackers on the black market began to divert prime botnet resources to DDoS attack activities, which increased month by month. DDoS attacks in 2018 In NSFOCUS’ 2018 DDoS Attack Landscape report, NSFOCUS analyzed the threat landscape after a landmark year of technological growth related to cloud computing, big data, artificial intelligence … More ? The post The correlation between DDoS attacks and cryptomining appeared first on Help Net Security .

More:
The correlation between DDoS attacks and cryptomining

iovation provides new ways to stop fraud without inconveniencing good customers

iovation, a TransUnion company, released a series of updates to its online fraud prevention and authentication products. The additions increase security for businesses and reduce friction for consumers with features like email and phone number verification, botnet detection, streamlined de-registration of a device used for authentication, and more customization and context insight for authentication requests. The enhanced identification and removal of threats, coupled with increased trust of good consumer devices, advances iovation’s capabilities to use … More ? The post iovation provides new ways to stop fraud without inconveniencing good customers appeared first on Help Net Security .

Read More:
iovation provides new ways to stop fraud without inconveniencing good customers