Security News

'Anomalous surge in DNS queries' knocked Microsoft's cloud off the web last week
2021-04-06 02:41

It was a tsunami of DNS queries that ultimately took out a host of Microsoft services, from Xbox Live to Teams, for some netizens about an hour on April Fools' Day, Redmond has said. The web giant's Threat Analysis Group said it had detected in March a bogus security company SecuriElite reaching out to legit professionals via social media, such as LinkedIn and Twitter.

How To Defend the Extended Network Against Web Risks
2021-04-05 17:28

Aamir Lakhani, cybersecurity researcher for Fortinet's FortiGuard Labs, discusses criminals flocking to web server and browser attacks, and what to do about it. Attackers use email, instant messages, SMS messages and links on social networking to trick at-home workers into installing malware that leads to identity theft, loss of property and, possibly, entry into the corporate network.

Cisco helps service providers and web scale companies offer a more accessible internet
2021-04-02 00:15

Cisco announced its strategy to help communication service providers and web scale companies around the world connect, secure and automate their networks to deliver a stronger, more accessible internet to everyone, everywhere, regardless of geographic limitations. Answering the call, Cisco designed its Converged SDN Transport, an innovative blueprint designed to help service providers converge multiple networks into a common, cost efficient and secure infrastructure with enormous scale.

Administrator of Dark Web Portal Pleads Guilty to Money Laundering
2021-04-01 13:55

An Israeli national has pleaded guilty to his role in operating DeepDotWeb, a website that functioned as a gateway to various Dark Web marketplaces, the U.S. Justice Department announced on Wednesday. The man, Tal Prihar, 37, together with co-defendant Michael Phan, 34, of Israel, owned and operated DeepDotWeb between October 2013 and May 2019, when the website was seized by authorities.

Payment app MobiKwik denies customer data was stolen from it, has no idea how the info ended up on the dark web: Maybe it was your fault?
2021-03-31 02:56

Indian payment app maker MobiKwik has denied its security has been breached, saying that if it's true, as has been claimed, that its customers' information has appeared on the dark web, then some other platform was totally responsible for that. "Some users have reported that their data is visible on the dark web," reads a message from the company, dated March 30.

India payment app MobiKwik denies data leak, says customers may have posted own data to Dark Web
2021-03-31 02:56

Indian payment app maker MobiKwik has denied its security has been breached, saying that if it's true, as has been claimed, that its customers' information has appeared on the dark web, then some other platform was totally responsible for that. "Some users have reported that their data is visible on the dark web," reads a message from the company, dated March 30.

PHP web language narrowly avoids “backdoor” supply chain attack
2021-03-30 18:30

Open source web programming language PHP narrowly avoided a potentially dangerous supply chain attack over the weekend. In theory, anyone who downloaded the very latest "Still in development" version of PHP on Sunday 2021-03-28, compiled it, and installed it on a real-life, internet facing web server could have been at risk.

Your web application firewall should be more than a firewall – it should be a noise filter too
2021-03-30 07:30

A web application firewall is your first line of defence when it comes to protecting your organization from an array of potential threats. By filtering out the content scrapers, bots, and other web creepy-crawlies, you can remove their impact on your infrastructure reduce the overall cost of maintaining your web presence.

Using memory encryption in web applications to help reduce the risk of Spectre attacks
2021-03-25 06:00

As Google security engineers pointed out, these mechanisms do not prevent the Spectre exploit, but rather "Protect sensitive data from being present in parts of the memory from which they can be read by the attacker." To further reduce the risk of data leakage, website owners should add an extra line of defense to protect the actual data in memory in the event that all other security controls.

Cockup or conspiracy? Popular privacy extension ClearURLs removed from Chrome web store
2021-03-24 17:08

The Chrome browser extension ClearURLs has been removed from the Chrome Web Store, for reasons its developer describes as "Ridiculous." Google's Chrome team emailed ClearURLs developer Kevin Roebert yesterday to tell him: "Your item had to be removed from the Chrome Web Store," citing three violations of its terms.