Security News

Major financial institutions, airlines and the Hong Kong stock exchange were knocked offline by a backfiring distributed denial-of-service mitigation service Thursday. The hour-long outage, which was triggered at approximately 1 a.m. EST Thursday, is tied to Akamai Technology's anti-DDoS Prolexic service.

Kinetic Business introduced DDoS Mitigation Service, a fully managed service that monitors, detects, validates and mitigates attacks-even on third-party networks -before an outage or related damage occurs. Kinetic's DDoS Mitigation Service uses a network of highly scalable scrubbing centers that ingest and inspect attack traffic upstream from the customer's network.

DDoS attacks have dominated the charts in terms of frequency, sophistication, and geo-distribution over the last year. While there are no signs of DDoS attacks going away anytime soon, how do organizations ensure that their Internet assets are protected against threats of any size or kind?

His focus on information security began when he served in the U.S. Army, where he spent years identifying vulnerabilities and working on mitigation strategies to protect the network. From there, he served with NATO, where he played a very active role in cultivating a proactive security culture.

Recent Linux kernel updates include patches for a couple of vulnerabilities that could allow an attacker to bypass mitigations designed to protect devices against Spectre attacks. Symantec reported on Monday that Piotr Krysiuk, a member of its Threat Hunter team, has identified two new vulnerabilities in the Linux kernel that can be exploited to bypass mitigations for the Spectre vulnerabilities.

Cybersecurity researchers on Monday disclosed two new vulnerabilities in Linux-based operating systems that, if successfully exploited, could let attackers circumvent mitigations for speculative attacks such as Spectre and obtain sensitive information from kernel memory. While CVE-2020-27170 can be abused to reveal content from any location within the kernel memory, CVE-2020-27171 can be used to retrieve data from a 4GB range of kernel memory.

Microsoft Defender Antivirus will now protect unpatched on-premises Exchange servers from ongoing attacks by automatically mitigating the actively exploited CVE-2021-26855 vulnerability. The Microsoft Defender automatic protection from active attacks targeting unpatched Exchange servers works by breaking the attack chain.

Microsoft has released Exchange On-Premises Mitigation Tool, which quickly performs the initial steps for mitigating the ProxyLogon flaw on any Exchange server and attempts to remediate found compromises. "This tool is not a replacement for the Exchange security update but is the fastest and easiest way to mitigate the highest risks to internet-connected, on-premises Exchange Servers prior to patching," Microsoft explained.

Microsoft on Monday released a one-click mitigation software that applies all the necessary countermeasures to secure vulnerable environments against the ongoing widespread ProxyLogon Exchange Server cyberattacks. Called Exchange On-premises Mitigation Tool, the PowerShell-based script serves to mitigate against current known attacks using CVE-2021-26855, scan the Exchange Server using the Microsoft Safety Scanner for any deployed web shells, and attempt to remediate the detected compromises.

Microsoft's scramble to address the fallout from the zero-day attacks against on-prem Exchange Server installations continued this week with the release of a one-click mitigation tool help businesses contain the damage. The new Exchange On-premises Mitigation Tool is aimed at companies without dedicated security or IT teams to manage patching and post-incident forensics.