Category Archives: Security Websies

What analytics can unveil about bot mitigation tactics

25% of internet traffic on any given day is made up of bots, the Kasada Research Team has found. In fact, there is a synthetic counterpart for almost every human interaction online. Bot mitigation tactics These bots work to expose and take advantage of vulnerabilities at a rapid pace, stealing critical personal and financial data, scraping intellectual property, installing malware, contributing to DDoS attacks, distorting web analytics and damaging SEO. Luckily, tools, approaches, solutions and … More ? The post What analytics can unveil about bot mitigation tactics appeared first on Help Net Security .

More:
What analytics can unveil about bot mitigation tactics

Spamhaus Intelligence API: Free threat intelligence data for security developers

Spamhaus Technology releases its Intelligence API. This is the first time Spamhaus has released its extensive threat intelligence via API, providing enriched data relating to IP addresses exhibiting compromised behaviour. Available free of charge, developers can readily access enhanced data that catalogues IP addresses compromised by malware, worms, Trojan infections, devices controlled by botnets, and third party exploits, such as open proxies. The API features live and historical data, including bot names, first seen dates, … More ? The post Spamhaus Intelligence API: Free threat intelligence data for security developers appeared first on Help Net Security .

See the original article here:
Spamhaus Intelligence API: Free threat intelligence data for security developers

DOSarrest Unleashes new version of its Simulated DDoS Attack platform

VANCOUVER, British Columbia, Dec. 01, 2020 (GLOBE NEWSWIRE) — DOSarrest Internet Security announced today that they have released a new version of its C ybe r A ttack P reparation P latform ( CAPP ) . CAPP is a serve yourself portal allowing customers to test their DDoS protection services they have in place or to stress test their website’s software capability under load. The service has over 50 different types of DDoS attacks in stock, the latest version is a completely new software build of the backend to accommodate a larger and more powerful botnet along with resource management. This version of CAPP, has a new easy to use Wizard to help customers navigate and launch multiple different attacks on multiple targets simultaneously. The customer interface is also integrated into DOSarrest’s customer portal along with all of their other Internet security services. Some of the new attacks now available include: SSL Connection Overload, GRE Protocol Floods, Database Stress Testing, Variable ICMP Type Floods & Advanced TCP Table Exhaustion, Enhanced HTTP Attacks – Able to randomize User agents, URI’s, referrers and much more, all with a high number of concurrent connections. DOSarrest CTO Jag Bains comments, “It’s interesting to see how different systems react to attacks; CAPP not only shows you the traffic to the victim but also shows you the traffic response from the victim. A small attack to a target can actually produce a response back that’s 500 times larger.” Bains adds, “Every time a customer uses the service, they learn something new, sometimes it’s bad news; the good news is, it’s only a test.” CEO of DOSarrest, Mark Teolis states “Pretty much all of the new attacks and enhancements are a result of customer feedback over the last few years of operating the service first launched in 2018. Customers know they have weak or overcommitted resources, and they want test them to make sure they don’t fail.” About DOSarrest Internet Security: DOSarrest founded in 2007 in Vancouver, B.C., Canada serves a global client base and specializes in fully managed cloud based Internet security services including DDoS prot e ction for websites , Net w ork Infrastructure protection , W eb A pplication F ir e w a ll (WAF) , Traff i c Analyzer as well as C A PP . Source: https://www.globenewswire.com/news-release/2020/12/01/2137310/0/en/DOSarrest-Unleashes-new-version-of-its-Simulated-DDoS-Attack-platform.html

Read the original post:
DOSarrest Unleashes new version of its Simulated DDoS Attack platform

How prevalent is DNS spoofing? Could a repeat of the Dyn/Mirai DDoS attack have the same results?

Two separate groups of academics have recently released research papers based on research into the Domain Name System (DNS). One has found that the overwhelming majority of popular site operators haven’t learned from the 2016 Dyn/Mirai incident/attack and set up a backup DNS server, and the other has shown that the rate of DNS spoofing, though still very small, has more than doubled in less than seven years. DNS dependency Carnegie Mellon University PhD student … More ? The post How prevalent is DNS spoofing? Could a repeat of the Dyn/Mirai DDoS attack have the same results? appeared first on Help Net Security .

Continue Reading:
How prevalent is DNS spoofing? Could a repeat of the Dyn/Mirai DDoS attack have the same results?

Attacks are rising in all vectors and types

DDoS, web application, bot, and other attacks have surged exponentially compared to the first half of 2019, according to CDNetworks. In particular, attacks on web applications rose by 800%. These alarming statistics show that enterprises are experiencing challenging times in their attempts to defend against cyber attacks and protect their online assets. Hackers extremely sensitive to industry transformation The report goes on to say that hackers are extremely sensitive to industry transformation. For this reason, … More ? The post Attacks are rising in all vectors and types appeared first on Help Net Security .

View original post here:
Attacks are rising in all vectors and types

Cyber insurance claims on the rise

External attacks on companies result in the most expensive cyber insurance losses, but it is employee mistakes and technical problems that are the most frequent generator of claims by number, according to a report from Allianz Global Corporate & Specialty (AGCS). The study analyzes 1,736 cyber-related insurance claims worth EUR 660mn (US$ 770mn) involving AGCS and other insurers from 2015 to 2020. “Losses from incidents such as distributed denial of service (DDoS) attacks or phishing … More ? The post Cyber insurance claims on the rise appeared first on Help Net Security .

Read More:
Cyber insurance claims on the rise

Russian jailed for eight years in the US for writing code that sifted botnet logs for web banking creds for fraudsters

Harvested usernames, passwords used to drain victims’ coffers A Russian programmer has been sentenced to eight years behind bars in America for his part in a massive cybercriminal network that hacked into and drained victims’ bank accounts.…

Continued here:
Russian jailed for eight years in the US for writing code that sifted botnet logs for web banking creds for fraudsters

Week in review: Criminals leveraging Office 365, endpoint attack anatomy, medical devices cybersec

Here’s an overview of some of last week’s most interesting news, reviews and articles: Critical flaw in SonicWall’s firewalls patched, update quickly! (CVE-2020-5135) SonicWall patched 11 vulnerabilities affecting its Network Security Appliance (NSA). Among those is CVE-2020-5135, a critical stack-based buffer overflow vulnerability in the appliances’ VPN Portal that could be exploited to cause denial of service and possibly remote code execution. The anatomy of an endpoint attack A lot has changed across the cybersecurity … More ? The post Week in review: Criminals leveraging Office 365, endpoint attack anatomy, medical devices cybersec appeared first on Help Net Security .

Read the original post:
Week in review: Criminals leveraging Office 365, endpoint attack anatomy, medical devices cybersec

Critical flaw in SonicWall’s firewalls patched, update quickly! (CVE-2020-5135)

Earlier this week SonicWall patched 11 vulnerabilities affecting its Network Security Appliance (NSA). Among those is CVE-2020-5135, a critical stack-based buffer overflow vulnerability in the appliances’ VPN Portal that could be exploited to cause denial of service and possibly remote code execution. About CVE-2020-5135 The SonicWall NSAs are next-generation firewall appliances, with a sandbox, an intrusion prevention system, SSL/TLS decryption and inspection capabilities, network-based malware protection, and VPN capabilities. CVE-2020-5135 was discovered by Nikita Abramov … More ? The post Critical flaw in SonicWall’s firewalls patched, update quickly! (CVE-2020-5135) appeared first on Help Net Security .

Originally posted here:
Critical flaw in SonicWall’s firewalls patched, update quickly! (CVE-2020-5135)

Microsoft and partners cut off key Trickbot botnet infrastructure

Two weeks after someone (allegedly the US Cyber Command) temporarily interrupted the operation of the infamous Trickbot botnet, a coalition of tech companies headed by Microsoft has struck a serious blow against its operators. “We disrupted Trickbot through a court order we obtained as well as technical action we executed in partnership with telecommunications providers around the world. We have now cut off key infrastructure so those operating Trickbot will no longer be able to … More ? The post Microsoft and partners cut off key Trickbot botnet infrastructure appeared first on Help Net Security .

Continue Reading:
Microsoft and partners cut off key Trickbot botnet infrastructure