Tag Archives: expert analysis

The power of passive OS fingerprinting for accurate IoT device identification

The number of IoT devices in enterprise networks and across the internet is projected to reach 29 billion by the year 2030. This exponential growth has inadvertently increased the attack surface. Each interconnected device can potentially create new avenues for cyberattacks and security breaches. The Mirai botnet demonstrated just that, by using thousands of vulnerable IoT devices to launch massive DDoS attacks on critical internet infrastructure and popular websites. To effectively safeguard against the risks … More ? The post The power of passive OS fingerprinting for accurate IoT device identification appeared first on Help Net Security .

Originally posted here:
The power of passive OS fingerprinting for accurate IoT device identification

Out of the blue: Surviving an 18-hour, 39M-request DDoS attack

No online business can afford to neglect malicious bot threats. Attackers and fraudsters increasingly leverage bots to automate and coordinate attacks, driving IT teams and ill-equipped security tools to their limits. Only a full-endpoint, 360° bot protection solution that leverages aggregate global detection signals can save you from unexpected threats. Case in point: A large e-commerce website protected by DataDome’s bot and online fraud management solution recently remained blissfully unaffected throughout a high volume, highly-distributed … More ? The post Out of the blue: Surviving an 18-hour, 39M-request DDoS attack appeared first on Help Net Security .

Original post:
Out of the blue: Surviving an 18-hour, 39M-request DDoS attack

How can companies prioritize contact center security?

Security is front of mind for a lot of organizations these days, especially due to the 400% increase in cyberattacks since the pandemic started. Notable and alarming attacks include those on the federal government by nation-state threat actors using widely used third-party tools as vehicles for intrusion. Your contact center is no exception: it’s facing standard cyber security threats, such as DDoS attacks, but also seeing an increase in attacks targeting customers’ personal data. If … More ? The post How can companies prioritize contact center security? appeared first on Help Net Security .

View article:
How can companies prioritize contact center security?

Client-side web security

To address attacks such as XSS, Magecart and other card skimming exploits found in modern eCommerce environments, the use of client-side web security methods is beginning to emerge as a particularly useful practice. Obviously, enterprise teams should integrate client-side protections with desired server-side countermeasures to ensure a full risk management profile (e.g., the client-side is a poor selection point to stop denial of service). Several standards-based client-side security approaches have begun to mature that are … More ? The post Client-side web security appeared first on Help Net Security .

Read More:
Client-side web security

Speeding MTTR when a third-party cloud service is attacked

We all know you can’t stop every malicious attack. Even more troublesome is when an externally sourced element in the cloud – engaged as part of your infrastructure – is hit and it impacts customers using your digital service. That’s what happened on October 22 when a DDoS attack on the AWS Route 53 DNS service made its S3 storage service unavailable or slow loading to thousands of organizations. We had an early view of … More ? The post Speeding MTTR when a third-party cloud service is attacked appeared first on Help Net Security .

Visit link:
Speeding MTTR when a third-party cloud service is attacked

CISO’s guide to an effective post-incident board report

A successful cyberattack is undoubtedly one of the most disruptive events an organization can experience. Whether it’s phishing, DDoS, ransomware or SQL injection, the incident often results in major service failures and potentially massive revenue loss, as well as damage to brand reputation and customer trust. As CISO, you are charged not just with overseeing the response and mitigation processes post-breach but also with assembling all relevant information in a post-incident report to the board. … More ? The post CISO’s guide to an effective post-incident board report appeared first on Help Net Security .

View article:
CISO’s guide to an effective post-incident board report

How accepting that your network will get hacked will help you develop a plan to recover faster

As anyone in the network security world will tell you, it is an extremely intense and stressful job to protect the corporate network from ever-evolving security threats. For a security team, a 99 percent success rate is still a complete failure. That one time a hacker, piece of malware, or DDoS attack brings down your organization’s network (or network availability) is all that matters. It’s even more frustrating when you consider that the proverbial ‘bad … More ? The post How accepting that your network will get hacked will help you develop a plan to recover faster appeared first on Help Net Security .

See the original post:
How accepting that your network will get hacked will help you develop a plan to recover faster

For recent big data software vulnerabilities, botnets and coin mining are just the beginning

The phrase “with great power comes great responsibility” was excellent advice when Ben Parker said it to his nephew Peter, aka Spiderman. It is even more applicable to any organization using open source software to manage their big data analysis. This is especially true since, in 2018, significant vulnerabilities were identified and disclosed for both Hadoop and Spark, allowing unauthenticated remote code execution via their REST APIs. Many enterprises have adopted big data processing components … More ? The post For recent big data software vulnerabilities, botnets and coin mining are just the beginning appeared first on Help Net Security .

View the original here:
For recent big data software vulnerabilities, botnets and coin mining are just the beginning