Tag Archives: hot stuff

How to prevent DDoS attacks

The number of DDoS attacks we see around the globe is on the rise, and that trend is likely to continue throughout 2023, according to Corero. We expect to see attackers deploy a higher rate of request-based or packets-per-second attacks. In this Help Net Security video, Matthew Andriani, CEO at MazeBolt, discusses the growing threat and impact of DDoS attacks and how organizations can stay safe against them. For more details about the most powerful … More ? The post How to prevent DDoS attacks appeared first on Help Net Security .

The most significant DDoS attacks in the past year

DDoS attacks are getting larger and more complex moving towards mobile networks and IoT, which are now used in cyberwarfare. In this Help Net Security video, Steve Winterfeld, Advisory CISO at Akamai, discusses the most powerful DDoS attacks in the past 12 months. The post The most significant DDoS attacks in the past year appeared first on Help Net Security .

Out of the blue: Surviving an 18-hour, 39M-request DDoS attack

No online business can afford to neglect malicious bot threats. Attackers and fraudsters increasingly leverage bots to automate and coordinate attacks, driving IT teams and ill-equipped security tools to their limits. Only a full-endpoint, 360° bot protection solution that leverages aggregate global detection signals can save you from unexpected threats. Case in point: A large e-commerce website protected by DataDome’s bot and online fraud management solution recently remained blissfully unaffected throughout a high volume, highly-distributed … More ? The post Out of the blue: Surviving an 18-hour, 39M-request DDoS attack appeared first on Help Net Security .

Original post:
Out of the blue: Surviving an 18-hour, 39M-request DDoS attack

High-severity OpenSSL vulnerabilities fixed (CVE-2022-3602, CVE-2022-3786)

Version 3.0.7 of the popular OpenSSL cryptographic library is out, with fixes for CVE-2022-3602 and CVE-2022-3786, two high-severity buffer overflow vulnerabilities in the punycode decoder that could lead to crashes (i.e., denial of service) or potentially remote code execution. CVE-2022-3602, whose existence was preannounced by the OpenSSL Project team a week ago, has luckily turned out to be less dangerous than initially thought. So the much feared *Critical* #OpenSSL turns out to be “just” a … More ? The post High-severity OpenSSL vulnerabilities fixed (CVE-2022-3602, CVE-2022-3786) appeared first on Help Net Security .

More:
High-severity OpenSSL vulnerabilities fixed (CVE-2022-3602, CVE-2022-3786)

Defending against Windows RDP attacks

In 2020, attacks against Windows Remote Desktop Protocol (RDP) grew by 768%, according to ESET. But this shouldn’t come as a surprise, given the massive increase in people working remotely during the pandemic. With enterprises resorting to making RDP services publicly available, hackers have taken notice. Some DDoS attacks are leveraging RDP servers to amplify their effect, and malware like Trickbot is employing scanners to identify vulnerable open RDP ports. When it comes to remote … More ? The post Defending against Windows RDP attacks appeared first on Help Net Security .

See more here:
Defending against Windows RDP attacks

Client-side web security

To address attacks such as XSS, Magecart and other card skimming exploits found in modern eCommerce environments, the use of client-side web security methods is beginning to emerge as a particularly useful practice. Obviously, enterprise teams should integrate client-side protections with desired server-side countermeasures to ensure a full risk management profile (e.g., the client-side is a poor selection point to stop denial of service). Several standards-based client-side security approaches have begun to mature that are … More ? The post Client-side web security appeared first on Help Net Security .

How DNS filtering works and why businesses need it

The Domain Name System (DNS) is a cornerstone of the internet. DNS servers connect URL names that humans can read to unique Internet Protocol (IP) addresses that web browsers can understand. Without DNS, we’d all be typing in long, seemingly random combinations of characters and numbers in order to get anywhere online! However, this dependency opens up the possibility for misuse. From domain hijacking and cache poisoning to Denial of Service attacks, DNS is no … More ? The post How DNS filtering works and why businesses need it appeared first on Help Net Security .

See the original article here:
How DNS filtering works and why businesses need it

Speeding MTTR when a third-party cloud service is attacked

We all know you can’t stop every malicious attack. Even more troublesome is when an externally sourced element in the cloud – engaged as part of your infrastructure – is hit and it impacts customers using your digital service. That’s what happened on October 22 when a DDoS attack on the AWS Route 53 DNS service made its S3 storage service unavailable or slow loading to thousands of organizations. We had an early view of … More ? The post Speeding MTTR when a third-party cloud service is attacked appeared first on Help Net Security .

Visit link:
Speeding MTTR when a third-party cloud service is attacked

IoT is an ecosystem, as secure as its weakest link

Remember when, three years ago, several Mirai botnets hit DNS provider Dyn and caused part of the Internet to be unreachable for most users in North America and Europe? For a moment there it really seemed that IoT security would become an indisputable necessity. Unfortunately, that did not happen, and security professionals and consumers are left trying to minimize the dangers of insecure IoT and industrial IoT devices as best they can. The problem with … More ? The post IoT is an ecosystem, as secure as its weakest link appeared first on Help Net Security .

CISO’s guide to an effective post-incident board report

A successful cyberattack is undoubtedly one of the most disruptive events an organization can experience. Whether it’s phishing, DDoS, ransomware or SQL injection, the incident often results in major service failures and potentially massive revenue loss, as well as damage to brand reputation and customer trust. As CISO, you are charged not just with overseeing the response and mitigation processes post-breach but also with assembling all relevant information in a post-incident report to the board. … More ? The post CISO’s guide to an effective post-incident board report appeared first on Help Net Security .

View article:
CISO’s guide to an effective post-incident board report