DDoS attacks have always been a major threat to network infrastructure and web applications. Attackers are always creating new ways to exploit legitimate services for malicious purposes, forcing us to constantly research DDoS attacks in our CDN to build advanced mitigations. We recently investigated a DDoS attack which was generated mainly from users in Asia. In this case, attackers used a common HTML5 attribute, the <a> tag ping, to trick these users to unwittingly participate in a major DDoS attack that flooded one web site with approximately 70 million requests in four hours. Rather than a vulnerability, the attack relied…
ISBuzz Team
While Apple might be capitalizing on its privacy controls, some have criticized the company for such things as its identifiers for advertisers (IDFA). Chris Olson, CEO at The Media Trust: “The IDFA is simply one of several device identifiers. Even if Apple were to change the IDFA on a weekly basis it would be using another identifier to ensure the new IDFA is assigned to the right device. Moreover, changing the IDFA–however frequently–will not change the fact that apps collect information on device users independently of IDFAs. Early in the smartphone wars, Apple distinguished itself from competitors by running an airtight app store.…
The BBC reported this morning that the proportion of UK firms reporting a cyber-attack has jumped, despite most businesses admitting they are under-prepared for breaches, according to research from Hiscox. The insurer found 55% had faced an attack in 2019, up from 40% last year. But almost three quarters of firms were ranked as “novices” in terms of cyber readiness. Tim Mackey, Senior Technical Evangelist at Synopsys: “It would be fair to say that all businesses, independent of jurisdiction, are under constant cyber threat. The real question is whether they realise it or not. For example, smaller more local businesses may opt for an online store-front…
Following the leaked news that Theresa May and her senior ministers have approved the participation of Huawei in some non-core parts of Britain’s 5G data network, but have banned the Chinese company from more sensitive core parts of the project, please see below for comment from Malcolm Taylor, former senior British intelligence officer and current Director of Cyber Advisory at ITC Secure. Malcolm Taylor, Former Senior British Intelligence Officer and Current Director of Cyber Advisory at ITC Secure: “It’s always dangerous to comment on a leak – and it’s an interesting thought that the NSC doesn’t usually leak; this issue is becoming politicised in…
It has been reported that that a popular hotspot finder app for Android exposed the Wi-Fi network passwords for more than two million networks. The app allowed anyone to search for Wi-Fi networks in their nearby area. The app allows the user to upload Wi-Fi network passwords from their devices to its database for others to use. https://twitter.com/JNitterauer/status/1120334300170342400 Experts Comments: Tim Mackey, Senior Technical Evangelist at Synopsys: “The topic of data privacy, security and consent has been top of mind for both organisations and users since GDPR came into effect almost a year ago. One of the key components of GDPR is the concept of consent. Under this doctrine,…
Companies have been brainwashed to solely rely on hiring major auditing companies to help monitor and audit their vendors’ security. Assessments from these traditional auditors are typically an annual point-in-time affair. With technology advancing much more frequently, this outdated annual assessment model just can’t keep up, and today’s leading companies are ditching annual audits in favor of a continuous monitoring model. Those who haven’t made the jump worry that continuous monitoring will be a daunting, time-consuming undertaking. What may surprise many is that much of the work of continuous monitoring can be done in-house, at low cost and can be…
Thursday May 2nd is World Password Day 2019, yet a new report from the U.K. government’s National Cyber Security Centre shows that millions are still not using adequate passwords. According to the report, names, soccer players, musicians and fictional characters make up some of the worst passwords of the year, yet “123456” still remains the worst password of all. https://twitter.com/BowkerIT/status/977446174876753920 https://twitter.com/joetidy/status/1120592525142708226 Expert Comments: Nabil Hannan, Managing Principal at Synopsys: With many password leaks on the internet, organisations are starting to realise how important it is to store passwords securely in their applications. Storing passwords securely is not as simple as it might seem at first. Details of how to…
A third are concerned they will struggle to maintain cyber defences on current budgets Research conducted by Node4, the cloud, data centre and communications provider, has found that despite four in five (81%) IT leaders expecting their budgets to increase across 2019, 23% still believe that this will not be enough to meet their strategic ambitions. In addition, a third of IT leaders (32%) are concerned that they will struggle to maintain cyber defences on current budgets. The Node4 Mid-Market IT Priorities Report, which surveyed 300 mid-market IT decision-makers, including IT managers, CIOs, IT directors and Heads of IT, revealed that of those who would…
Facebook admitted last month that it has been storing passwords for Facebook, Facebook Lite and Instagram users in plaintext since 2012. While the unencrypted passwords were not accessed by a malicious actor, about 2,000 Facebook engineers and developers had the ability to view these users’ login credentials. Facebooks initial estimates stated that “hundreds of millions” of Facebook users and “thousands” of Instagram users were affected. However, Facebook waited until the Mueller report dropped yesterday to announce that “millions” of Instagram passwords were exposed in its password-related security incident last month, instead of the initial estimate of “tens of thousands.” Facebook…
Customers of fast food chain Chipotle are reported by TechCrunch to have had their accounts hacked. The company says it believes credential stuffing might be the cause, but some customers have said their passwords are unique to the Chipotle account, and others note that they don’t have accounts and used Chipotle’s guest checkout. Ameya Talwalkar, Co-founder and CPO at Cequence: “Without fully understanding all of the details of the attack, organizations like Chipotle are faced with the following challenges. On the dark web, attackers have a rich repository of user credentials, attack automation tools and compromised computing resources. With those three elements in hand, they will use…