Tag Archives: security

The power of passive OS fingerprinting for accurate IoT device identification

The number of IoT devices in enterprise networks and across the internet is projected to reach 29 billion by the year 2030. This exponential growth has inadvertently increased the attack surface. Each interconnected device can potentially create new avenues for cyberattacks and security breaches. The Mirai botnet demonstrated just that, by using thousands of vulnerable IoT devices to launch massive DDoS attacks on critical internet infrastructure and popular websites. To effectively safeguard against the risks … More ? The post The power of passive OS fingerprinting for accurate IoT device identification appeared first on Help Net Security .

Originally posted here:
The power of passive OS fingerprinting for accurate IoT device identification

Qakbot botnet disrupted, malware removed from 700,000+ victim computers

The Qakbot botnet has been crippled by the US Department of Justice (DOJ): 52 of its servers have been seized and the popular malware loader has been removed from over 700,000 victim computers around the world. “To disrupt the botnet, the FBI was able to redirect Qakbot botnet traffic to and through servers controlled by the FBI, which in turn instructed infected computers in the United States and elsewhere to download a file created by … More ? The post Qakbot botnet disrupted, malware removed from 700,000+ victim computers appeared first on Help Net Security .

See original article:
Qakbot botnet disrupted, malware removed from 700,000+ victim computers

How to accelerate and access DDoS protection services using GRE

As we entered 2023, the cybersecurity landscape witnessed an increase in sophisticated, high-volume attacks, according to Gcore. The maximum attack power rose from 600 to 800 Gbps. UDP flood attacks were most common and amounted to 52% of total attacks, while SYN flood accounted for 24%. In third place was TCP flood. The most-attacked business sectors are gaming, telecom, and finance. The longest attack duration in Q2/Q3 was seven days, 16 hours, and 22 minutes. … More ? The post How to accelerate and access DDoS protection services using GRE appeared first on Help Net Security .

Attackers intensify DDoS attacks with new tactics

As we entered 2023, the cybersecurity landscape witnessed an increase in sophisticated, high-volume attacks, according to Gcore. The maximum attack power rose from 600 to 800 Gbps. UDP flood attacks were most common and amounted to 52% of total attacks, while SYN flood accounted for 24%. In third place was TCP flood. The most-attacked business sectors are gaming, telecom, and financial. The longest attack duration in Q2/Q3 was seven days, 16 hours, and 22 minutes. … More ? The post Attackers intensify DDoS attacks with new tactics appeared first on Help Net Security .

See original article:
Attackers intensify DDoS attacks with new tactics

Compromised Linux SSH servers engage in DDoS attacks, cryptomining

Poorly managed Linux SSH servers are getting compromised by unknown attackers and instructed to engage in DDoS attacks while simultaneously mining cryptocurrency in the background. The Tsunami DDoS bot Tsunami, also known as Kaiten, is a type of DDoS bot that is frequently distributed alongside malware strains like Mirai and Gafgyt. What sets Tsunami apart from other DDoS bots is the fact that it functions as an internet relay chat (IRC) bot, meaning it uses … More ? The post Compromised Linux SSH servers engage in DDoS attacks, cryptomining appeared first on Help Net Security .

Read the article:
Compromised Linux SSH servers engage in DDoS attacks, cryptomining

Microsoft confirms DDoS attacks against M365, Azure Portal

The Microsoft 365 and Azure Portal outages users expirienced this month were caused by Layer 7 DDoS attacks, Microsoft has confirmed on Friday. The DDoS attacks against Microsoft 365 and Azure Portal Throughout the first half June 2023 Microsoft confirmed, at various times, ongoing issues with its cloud-based services – Microsoft 365 (including Outlook on the web and OneDrive) and Azure Portal – but did not say at the time that they were caused by … More ? The post Microsoft confirms DDoS attacks against M365, Azure Portal appeared first on Help Net Security .

Link:
Microsoft confirms DDoS attacks against M365, Azure Portal

Someone is roping Apache NiFi servers into a cryptomining botnet

If you’re running an Apache NiFi instance exposed on the internet and you have not secured access to it, the underlying host may already be covertly cryptomining on someone else’s behalf. The attack Indicators of the ongoing campaign were first spotted by the SANS Internet Storm Center when, on May 19th, their distributed sensor network detected a significant spike in requests for “/nifi.” After redirecting some of the requests to their honeypot system running the … More ? The post Someone is roping Apache NiFi servers into a cryptomining botnet appeared first on Help Net Security .

See the original article here:
Someone is roping Apache NiFi servers into a cryptomining botnet

New infosec products of the week: May 26, 2023

Here’s a look at the most interesting products from the past week, featuring releases from Axiado, Delinea, Netscout, Radware, and Veriff. Delinea Cloud Suite updates reduce the risk of lateral movement in cybersecurity breaches Delinea Cloud Suite updates include more granular support for just-in-time (JIT) and just-enough privilege access automation, and improved identity assurance through enforced human interaction when prompted for multi-factor authentication (MFA) at server log-in or privilege elevation. Radware Cloud Web DDoS Protection … More ? The post New infosec products of the week: May 26, 2023 appeared first on Help Net Security .

Original post:
New infosec products of the week: May 26, 2023

Europe: The DDoS battlefield

DDoS attacks appear to reflect major geo-political challenges and social tensions and have become an increasingly significant part in the hybrid warfare arsenal, according to Arelion. As the Ukrainian authorities sought a safe harbour for digital state registries and databases, Arelion saw the distribution of attacks move away from active conflict areas into global cloud centres – both as a result of damage to local network infrastructure, but also as local databases and applications were … More ? The post Europe: The DDoS battlefield appeared first on Help Net Security .

More:
Europe: The DDoS battlefield

ThreatX strengthens API and application protection with Botnet Console and API Catalog 2.0

ThreatX announced the expansion of its platform offering with the release of a new Botnet Console and API catalog 2.0. These new dashboards, unveiled at RSA Conference 2023, will help security teams rapidly investigate automated threats and attempts to abuse APIs with enhanced metrics, analytics, and visualizations. Attackers use botnets and other advanced techniques to exploit APIs and applications and evade detection thanks in part to solver services that are sold on the dark web. … More ? The post ThreatX strengthens API and application protection with Botnet Console and API Catalog 2.0 appeared first on Help Net Security .

Read the original:
ThreatX strengthens API and application protection with Botnet Console and API Catalog 2.0