Tag Archives: events

For recent big data software vulnerabilities, botnets and coin mining are just the beginning

The phrase “with great power comes great responsibility” was excellent advice when Ben Parker said it to his nephew Peter, aka Spiderman. It is even more applicable to any organization using open source software to manage their big data analysis. This is especially true since, in 2018, significant vulnerabilities were identified and disclosed for both Hadoop and Spark, allowing unauthenticated remote code execution via their REST APIs. Many enterprises have adopted big data processing components … More ? The post For recent big data software vulnerabilities, botnets and coin mining are just the beginning appeared first on Help Net Security .

View the original here:
For recent big data software vulnerabilities, botnets and coin mining are just the beginning

“Classic” bugs open TP-Link’s SafeStream Gigabit Broadband VPN Router to attack

Cisco Talos researchers have flagged four serious vulnerabilities in TP-Link’s SafeStream Gigabit Broadband VPN Router (TL-R600VPN). All four affect the device’s HTTP server, and can lead to denial of service, information disclosure, and remote code execution. About the vulnerabilities The flaws affect TP-Link TL-R600VPN, hardware versions 2 and 3. Numbered CVE-2018-3948 and CVE-2018-3949, respectively, the flaws that can be exploited for DoS and information disclosure can be triggered via an unauthenticated web request and a … More ? The post “Classic” bugs open TP-Link’s SafeStream Gigabit Broadband VPN Router to attack appeared first on Help Net Security .

Read More:
“Classic” bugs open TP-Link’s SafeStream Gigabit Broadband VPN Router to attack

Cequence Security announces application security platform to stop bot attacks

Cequence Security released Cequence ASP, an application security platform that provides a scalable defense against the growing number of bot attacks affecting today’s hyper-connected organizations. These financially-motivated attacks target externally-facing web and mobile apps, as well as API services that provide connections to other applications across their digital ecosystem. Attack objectives can include account takeover, content scraping, distributed denial of service, and much more. “From a bad actor’s perspective, geo-distributed bot attacks are relatively easy … More ? The post Cequence Security announces application security platform to stop bot attacks appeared first on Help Net Security .

View article:
Cequence Security announces application security platform to stop bot attacks

‘DerpTroll’ derps into plea deal, admits DDoS attacks on EA, Steam, Sony game servers

Austin Thompson, 23, cops to $95,000 worth of damage The man accused over DDoS-bombing several online games hosts in 2013 and 2014 has entered a guilty plea under a deal with US authorities.…

More:
‘DerpTroll’ derps into plea deal, admits DDoS attacks on EA, Steam, Sony game servers

NTT Security adds botnet infrastructure detection to Managed Security Services

NTT Security has developed a new network analytics technology to detect and defend NTT Group’s Managed Security Services (MSS) customers from attacks launched on botnet infrastructures. The new network flow data analysis uses machine learning and scalable streaming analytics – developed in partnership with NTT Group companies – and pulls data from NTT’s global network infrastructure, which provides visibility into the world’s internet traffic. The enhancement will enable NTT Security to find attacks on customers’ … More ? The post NTT Security adds botnet infrastructure detection to Managed Security Services appeared first on Help Net Security .

Read More:
NTT Security adds botnet infrastructure detection to Managed Security Services

Week in review: Top cyber attack sources, serverless botnets, CFO as best cybersecurity friend

Here’s an overview of some of last week’s most interesting news and articles: Repairnator bot finds software bugs, successfully submits patches Can a bot create valid, high-quality fixes for software bugs more rapidly than a human can, and get them accepted by human developers and permanently merged in the code base? How to make the CFO your best cybersecurity friend Good cybersecurity is extremely expensive, and bad cybersecurity is, well… even more expensive. It’s very … More ? The post Week in review: Top cyber attack sources, serverless botnets, CFO as best cybersecurity friend appeared first on Help Net Security .

See the article here:
Week in review: Top cyber attack sources, serverless botnets, CFO as best cybersecurity friend

Serverless botnets could soon become reality

We have been accustomed to think about botnets as a network of compromised machines – personal devices, IoT devices, servers – waiting for their masters’ orders to begin their attack, but Protego researchers say that many compromised machines are definitely not a requirement: botnets can quite as easily be comprised of serverless functions. They created one on the Google Cloud Functions platform as a proof of concept and have calculated that the losses experienced by … More ? The post Serverless botnets could soon become reality appeared first on Help Net Security .

Read the original post:
Serverless botnets could soon become reality

Verizon Digital Media Services adds managed security services to its Cloud Security Solution

Verizon Digital Media Services announced it has added a managed cloud security offering as part of its global Cloud Security Solution. The managed cloud security component provides access to security professionals who monitor and take corrective action against the security threats, no matter the time of day. The addition of this offering complements features previously available within Verizon Digital Media Services’ Cloud Security Solution, including a dual web application firewall (WAF), distributed denial-of-service (DDoS) protection, … More ? The post Verizon Digital Media Services adds managed security services to its Cloud Security Solution appeared first on Help Net Security .

Read More:
Verizon Digital Media Services adds managed security services to its Cloud Security Solution

Some credential-stuffing botnets don’t care about being noticed any more

They just take a battering ram to the gates The bots spewing out malicious login attempts by the bucketload appear to have cranked it up a notch.…

Follow this link:
Some credential-stuffing botnets don’t care about being noticed any more

No, the Mirai botnet masters aren’t going to jail. Why? ‘Cos they help Feds nab cyber-crims

Probation, comm service for poachers turned gamekeepers The three brains behind the Mirai malware, which infects and pressgangs Internet-of-Things devices into a botnet army, have avoided jail.…

See more here:
No, the Mirai botnet masters aren’t going to jail. Why? ‘Cos they help Feds nab cyber-crims