Tag Archives: don’t miss

Attackers actively exploiting Atlassian Confluence and Oracle WebLogic flaws

Attackers are actively exploiting recently fixed vulnerabilities in Oracle WebLogic and the Widget Connector macro in Atlassian Confluence to deliver ransomware, mine cryptocurrency and make the compromised machines participate in DDoS attacks. The Oracle WebLogic attacks CVE-2019-2725 is a deserialization remote command execution vulnerability that affects all Oracle WebLogic versions that have two specific components enabled. It was publicly revealed on April 21 and Oracle published an out-of-band security fix for it on April 25. … More ? The post Attackers actively exploiting Atlassian Confluence and Oracle WebLogic flaws appeared first on Help Net Security .

More:
Attackers actively exploiting Atlassian Confluence and Oracle WebLogic flaws

The latest DDoS attacks are mostly multi-vector and morph over time

DDoS attacks continue to be an effective means to distract and confuse security teams while inflicting serious damage to brands, according to Neustar. Also, when comparing Q1 2019 vs. Q1 2018, the company has registered a 200 percent increase of attacks on directly provisioned customers. Report findings The largest attack size observed by them in Q1 2019 was 587 Gbps in volume, and the longest duration for a single attack was nearly a day and … More ? The post The latest DDoS attacks are mostly multi-vector and morph over time appeared first on Help Net Security .

View article:
The latest DDoS attacks are mostly multi-vector and morph over time

The correlation between DDoS attacks and cryptomining

There is a direct correlation between cryptocurrency and DDoS attacks. As the price of cryptocurrency dropped in 2018, leading to decreased profits from cryptomining, hackers on the black market began to divert prime botnet resources to DDoS attack activities, which increased month by month. DDoS attacks in 2018 In NSFOCUS’ 2018 DDoS Attack Landscape report, NSFOCUS analyzed the threat landscape after a landmark year of technological growth related to cloud computing, big data, artificial intelligence … More ? The post The correlation between DDoS attacks and cryptomining appeared first on Help Net Security .

More:
The correlation between DDoS attacks and cryptomining

CISO’s guide to an effective post-incident board report

A successful cyberattack is undoubtedly one of the most disruptive events an organization can experience. Whether it’s phishing, DDoS, ransomware or SQL injection, the incident often results in major service failures and potentially massive revenue loss, as well as damage to brand reputation and customer trust. As CISO, you are charged not just with overseeing the response and mitigation processes post-breach but also with assembling all relevant information in a post-incident report to the board. … More ? The post CISO’s guide to an effective post-incident board report appeared first on Help Net Security .

View article:
CISO’s guide to an effective post-incident board report

Vulnerable cloud infrastructure experiencing increasing attacks

Attackers are increasingly targeting vulnerable cloud infrastructure to exploit it for covert cryptojacking or to deliver ransomware, Securonix researchers warn. Some attacks are fairly trivial, but others are multi-vector/multi-platform threats where multiple functionalities are combined as part of the same malicious threat (e.g., XBash, which combines cryptomining, ransomware and botnet/worm activity). The way in The attacks are automated and probe the infrastructure and cloud services for vulnerabilities and/or weak or default login credentials. Among the … More ? The post Vulnerable cloud infrastructure experiencing increasing attacks appeared first on Help Net Security .

Visit site:
Vulnerable cloud infrastructure experiencing increasing attacks

SSDP amplification attacks rose 639%

The Nexusguard Q3 2018 Threat Report has revealed the emergence of an extremely stealthy DDoS attack pattern targeting communications service providers (CSPs). Comparison between normal attack traffic and attack traffic with legitimate traffic This new vector exploits the large attack surface of ASN-level (autonomous system number) CSPs by spreading tiny attack traffic across hundreds of IP addresses to evade detection. The ongoing evolution of DDoS methods suggests that CSPs need to enhance their network security … More ? The post SSDP amplification attacks rose 639% appeared first on Help Net Security .

Continue Reading:
SSDP amplification attacks rose 639%

Hackers who DDoSed African telecom and US hospital get long prison sentences

Two men who launched DDoS attacks against a variety of targets have received substantial prison sentences on Friday. Attacks against Liberian telecom 30-year-old Daniel Kaye (aka “BestBuy”), from Egham, Surrey (UK) has been sentenced to spend 2 years and 8 months in prison for DDoS attacks targeting the Liberian telecommunications provider Lonestar MTN in 2015. According to the UK National Crime Agency (NCA), Kaye first used rented botnets and stressor services to attack Lonestar. He … More ? The post Hackers who DDoSed African telecom and US hospital get long prison sentences appeared first on Help Net Security .

See the original article here:
Hackers who DDoSed African telecom and US hospital get long prison sentences

Cisco fixes serious DoS flaws in its email security appliances

Cisco has plugged a heap of security holes in many of its products, including two vulnerabilities (one critical) that open its email security appliances to denial of service attacks. About the vulnerabilities Both vulnerabilities affect the Cisco AsyncOS Software for Cisco Email Security Appliances, and can be exploited remotely by unauthenticated attackers. CVE-2018-15453 can be exploited by sending a malicious S/MIME-signed email through a targeted device. “If Decryption and Verification or Public Key Harvesting is … More ? The post Cisco fixes serious DoS flaws in its email security appliances appeared first on Help Net Security .

Continue reading here:
Cisco fixes serious DoS flaws in its email security appliances

Why you shouldn’t be worried about UPnP port masking

Last May, security firm Imperva wrote a blog post discussing a new proof of concept for bypassing DDoS mitigation after discovering reflected network protocols appearing on non-standard network ports. Imperva was able to replicate the same behavior using a technique called UPnP Port Masking, which uses the Universal Plug and Play (UPnP) Protocol to alter the source port of commonly abused network protocols in DDoS attacks. Multiple news outlets picked up on Imperva’s research and … More ? The post Why you shouldn’t be worried about UPnP port masking appeared first on Help Net Security .

View article:
Why you shouldn’t be worried about UPnP port masking

“Classic” bugs open TP-Link’s SafeStream Gigabit Broadband VPN Router to attack

Cisco Talos researchers have flagged four serious vulnerabilities in TP-Link’s SafeStream Gigabit Broadband VPN Router (TL-R600VPN). All four affect the device’s HTTP server, and can lead to denial of service, information disclosure, and remote code execution. About the vulnerabilities The flaws affect TP-Link TL-R600VPN, hardware versions 2 and 3. Numbered CVE-2018-3948 and CVE-2018-3949, respectively, the flaws that can be exploited for DoS and information disclosure can be triggered via an unauthenticated web request and a … More ? The post “Classic” bugs open TP-Link’s SafeStream Gigabit Broadband VPN Router to attack appeared first on Help Net Security .