Sysdig Details Proxyjacking Attack Leveraging Log4j Vulnerability
Sysdig today published a report that described how cybercriminals are exploiting the Log4j vulnerability to gain access to IP addresses that are then sold to entities that resell them. Dubbed proxyjacking, the attacks enable cybercriminals to resell bandwidth to providers of proxyware services that allow someone to hide their physical ...
Read More
NTT Taps Microsoft to Provide MDR Service
NTT Ltd has launched a managed detection and response (MDR) security service based on Microsoft Sentinel, a security information event management (SIEM) platform hosted in the Azure cloud service. The NTT MDR service collects data from any user, device, application and infrastructure platform from any on-premises or cloud computing environment ...
Read More
Western Digital Hacked: ‘My Cloud’ Data Dead (Even Local Storage!)
Richi Jennings
|
|
cloud storage
,
My Cloud
,
Ransomware
,
SB Blogwatch
,
storage
,
WD
,
Western Digital
,
Western Digital My Cloud
Déjà Vu: Hack of WD systems leads to My Cloud service outage. Owners unable to access files ...
Read More
Survey: Reactionary Cybersecurity is Misaligned With Business Goals
A global survey of 409 cybersecurity and IT decision-makers from companies with at least 250 employees suggested that while there is a lot more attention being paid to aligning cybersecurity strategy with business goals, most organizations are still spending most of their time reacting to events rather than achieving specific ...
Read More
After Brief Exposure in Public Repo, GitHub Rotated Private SSH Key
In an attempt to get ahead of fallout from the exposure of its private SSH key in a public repository, the software development platform GitHub proactively rotated its host key last week. “Out of an abundance of caution, we replaced our RSA SSH host key used to secure Git operations ...
Read More
Noname Security Extends Reach of API Security Platform
Noname Security this week extended the reach of its platform for securing application programming interfaces (APIs) to make it easier to discover APIs and visualize the workflows that revolve around them. Specifically, the company has added to the Noname Security Runtime Protection platform an ability to customize discovery and more ...
Read More
Elastic Unfurls Cloud Security Platform for AWS
Elastic today launched a cloud security analytics platform that provides visibility into Amazon Web Services (AWS) environments. The Elastic Search platform is based on the open source search engine platform it developed. Mike Nichols, vice president of product management for Elastic, said the Elastic Search platform provides both cloud security ...
Read More
Twitter Presses GitHub to Turn Over User Who Leaked Source Code
When Twitter joined the ranks of tech companies whose source code leaked online, it was met with little surprise and a whole lot of unease over what the leak might mean for the platform’s security. “Unlike other recent source code leaks, it is concerning that Twitter has not released a ...
Read More
API Attacks Rise 400% in Last Six Months
Attacks on APIs continue to rise sharply. New findings from Salt Labs found a shocking 400% increase in unique API attackers in the last six months. Interestingly, the report also discovered that nearly 80% of attacks occur over authenticated endpoints. Gartner previously predicted that APIs would soon become the most ...
Read More
Brits Slap Wrists of DDoS Kids, via NCA’s Fake Booter Sites
Richi Jennings
|
|
booter
,
booter services
,
booters and stressers
,
crime
,
ddos
,
National Crime Agency
,
National Cyber Crime Unit
,
NCA
,
Operation Power Off
,
Operation PowerOFF
,
SB Blogwatch
,
U.K. National Crime Agency
,
uk
UK National Crime Agency nips it in the bud: Aims to scare straight naughty DDoS kiddies ...
Read More
