Tag Archives: security

Cloudflare partners with Booz Allen Hamilton to guide organizations under attack

Cloudflare announced a collaboration with Booz Allen Hamilton to support enterprises under attack by providing expedited Under Attack as a Service (UAaaS) with 30-Day Rapid Response DDoS Mitigation, including continuous monitoring and protection. Under this new agreement, Booz Allen’s Global Commercial clients facing a cyber-attack will be connected to Cloudflare for immediate Incident Response. Now, Booz Allen clients that may fall victim to cyber-attacks have a fast track to support when they need it most. … More ? The post Cloudflare partners with Booz Allen Hamilton to guide organizations under attack appeared first on Help Net Security .

Excerpt from:
Cloudflare partners with Booz Allen Hamilton to guide organizations under attack

Fastly Bot Management protects websites, apps, and valuable data from malicious automated traffic

Fastly introduced Fastly Bot Management to help organizations combat automated “bot” attacks at the edge and significantly reduce the risk of fraud, DDoS attacks, account takeovers, and other online abuse. Fastly Bot Management represents an important cybersecurity milestone for the company, building on its proven bot mitigation expertise and capabilities currently available in its Next-Gen WAF. “Organizations increasingly are delivering more enhanced digital experiences to their users at the edge. Not surprisingly, cyber adversaries have … More ? The post Fastly Bot Management protects websites, apps, and valuable data from malicious automated traffic appeared first on Help Net Security .

Follow this link:
Fastly Bot Management protects websites, apps, and valuable data from malicious automated traffic

The effects of law enforcement takedowns on the ransomware landscape

While the results of law enforcement action against ransomware-as-a-service operators Alphv/BlackCat and LockBit are yet to be fully realized, the August 2023 disruption of the Qakbot botnet has had one notable effect: ransomware affiliates have switched to vulnerability exploitation as the primary method of delivering the malware. The switch is obvious to Symantec’s Threat Hunter Team but, unfortunately, it hasn’t been accompanied by a fall in the number of ransomware victims. “Analysis of data from … More ? The post The effects of law enforcement takedowns on the ransomware landscape appeared first on Help Net Security .

More:
The effects of law enforcement takedowns on the ransomware landscape

Akamai App & API Protector enhancements detect and mitigate short DDoS attack bursts

Akamai announced significant additions to its flagship Akamai App & API Protector product, including advanced defenses against sophisticated application-layer distributed denial-of-service (DDoS) attacks. The enhanced Layer 7 DDoS protections now precisely detect and mitigate short DDoS attack bursts and use client reputation scores for improved rate limiting. An additional new capability, URL Protection, ensures the availability of mission critical URLs, APIs, and microservices by smartly prioritizing legitimate traffic during highly distributed attacks. App & API … More ? The post Akamai App & API Protector enhancements detect and mitigate short DDoS attack bursts appeared first on Help Net Security .

Visit site:
Akamai App & API Protector enhancements detect and mitigate short DDoS attack bursts

U.S. authorities disrupt Russian intelligence’s botnet

In January 2024, an operation dismantled a network of hundreds of SOHO routers controlled by GRU Military Unit 26165, also known as APT 28, Sofacy Group, Forest Blizzard, Pawn Storm, Fancy Bear, and Sednit. This network facilitated various crimes, including extensive spearphishing and credential harvesting against entities of interest to the Russian government, such as U.S. and foreign governments, military, and key security and corporate sectors. This botnet was distinct from prior GRU and Russian … More ? The post U.S. authorities disrupt Russian intelligence’s botnet appeared first on Help Net Security .

See more here:
U.S. authorities disrupt Russian intelligence’s botnet

FritzFrog botnet exploits Log4Shell, PwnKit vulnerabilities

The FritzFrog cryptomining botnet has new potential for growth: a recently analyzed variant of the bot is exploiting the Log4Shell (CVE-2021-44228) and PwnKit (CVE-2021-4034) vulnerabilities for lateral movement and privilege escalation. The FritzFrog botnet The FritzFrog botnet, initially identified in August 2020, is a peer-to-peer (rather than centrally-controlled) botnet powered by malware written in Golang. It targets SSH servers by brute-forcing login credentials, and has managed to compromise thousands of them worldwide. “Each compromised host … More ? The post FritzFrog botnet exploits Log4Shell, PwnKit vulnerabilities appeared first on Help Net Security .

Excerpt from:
FritzFrog botnet exploits Log4Shell, PwnKit vulnerabilities

Consumers prepared to ditch brands after cybersecurity issues

In 2023, businesses have been hit with 800,000 cyberattacks, over 60,000 of which were DDoS attacks and 4,000 falling victim to ransomware, according to Vercara. The research found that consumers hold nuanced perceptions regarding cybersecurity incidents and are often less aware of the role they play in maintaining cyber hygiene within a business. These findings underscore brand trust’s important role in the digital landscape – with an overwhelming 75% of consumers expressing their readiness to … More ? The post Consumers prepared to ditch brands after cybersecurity issues appeared first on Help Net Security .

Continue Reading:
Consumers prepared to ditch brands after cybersecurity issues

NETSCOUT releases Adaptive DDoS Protection for AED

NETSCOUT launched Adaptive DDoS Protection for Arbor Edge Defense (AED) to protect ISPs and enterprises from DNS water torture attacks. According to the NETSCOUT DDoS Threat Intelligence Report, Domain Name System (DNS) water torture attacks increased 353% in the first six months of 2023, overwhelming Authoritative DNS server resources and bringing down critical DNS services. DNS water torture DDoS attacks have been around since 1997, yet many organizations still struggle to efficiently identify and mitigate … More ? The post NETSCOUT releases Adaptive DDoS Protection for AED appeared first on Help Net Security .

More:
NETSCOUT releases Adaptive DDoS Protection for AED

Dangerous vulnerability can be exploited to carry out massive DDoS attacks (CVE-2023-44487)

Cloudflare, Google, and Amazon AWS revealed that a zero-day vulnerability in the HTTP/2 protocol has been used to mount massive, high-volume DDoS attacks, which they dubbed HTTP/2 Rapid Reset. Decoding HTTP/2 Rapid Reset (CVE-2023-44487) In late August 2023, Cloudflare discovered a zero-day vulnerability developed by an unknown threat actor. The vulnerability exploits the standard HTTP/2 protocol—a fundamental piece to how the Internet and most websites operate. HTTP/2 is responsible for how browsers interact with a … More ? The post Dangerous vulnerability can be exploited to carry out massive DDoS attacks (CVE-2023-44487) appeared first on Help Net Security .

More here:
Dangerous vulnerability can be exploited to carry out massive DDoS attacks (CVE-2023-44487)

Global events fuel DDoS attack campaigns

Cybercriminals launched approximately 7.9 million DDoS attacks in 1H 2023, representing a 31% year-over-year increase, according to NETSCOUT. Global events like the Russia-Ukraine war and NATO bids have driven recent DDoS attack growth. Finland was targeted by pro-Russian hacktivists in 2022 during its bid to join NATO. Turkey and Hungary were targeted with DDoS attacks for opposing Finland’s bid. In 2023, Sweden experienced a similar onslaught around its NATO bid, culminating with a 500 Gbps … More ? The post Global events fuel DDoS attack campaigns appeared first on Help Net Security .

Excerpt from:
Global events fuel DDoS attack campaigns