Security News
Amazon Web Services, an Amazon.com company, announced the opening of the AWS Europe Region. "AWS customers in Italy are among the most creative and innovative organizations that we support anywhere in the world, and we are always inspired by the work they do with our technology," said Peter DeSantis, Senior Vice President of Global Infrastructure and Customer Support, Amazon Web Services.
Today, in part due to the work Let's Encrypt does, roughly 85% of all websites use HTTPS and over one billion certificates have been issued. What about money? Aas may have wanted to give away certificates for free, but building the Let's Encrypt apparatus was anything but free.
The US National Security Agency and its Australian counterpart the Australian Signals Directorate have published a set of guidelines to help companies avoid a common kind of attack: web shell exploits. A web shell is a malicious program, often written in a scripting language like PHP or Java Server Pages, that gives an attacker remote access to a system and lets them execute functions on a victim's web server.
The United Sates National Security Agency and the Australian Signals Directorate have issued a joint Cybersecurity Information Sheet that provides details on vulnerabilities exploited by threat actors to install web shell malware on web servers. Software usually deployed on a victim's web server, web shells can be used for command execution, providing attackers with persistent access to a compromised environment.
Web shell malware continues to evade many security toolsCyber attackers are increasingly leveraging web shell malware to get persistent access to compromised networks, the US National Security Agency and the Australian Signals Directorate warn. Phishers exploit Zoom, Webex brands to target businessesProofpoint researchers have spotted and documented email phishing campaigns targeting US companies in a variety of industries with emails impersonating Zoom and Cisco.
To address attacks such as XSS, Magecart and other card skimming exploits found in modern eCommerce environments, the use of client-side web security methods is beginning to emerge as a particularly useful practice. Several standards-based client-side security approaches have begun to mature that are worth examining from the perspective of website security and protection of browser sessions from malicious exploits.
Cyber attackers are increasingly leveraging web shell malware to get persistent access to compromised networks, the US National Security Agency and the Australian Signals Directorate warn. Attackers usually manage to deploy web shells by exploiting web application vulnerabilities, weak server security configuration, or by uploading to otherwise compromised systems.
Network operators, integrators and software vendors have joined forces to create Leitstand, an open-source community that aims to increase the efficiency of developing, buying and running network management systems for next generation carrier networks. It will provide the tools needed to operate the underlying infrastructure in a disaggregated telecoms network, including zero-touch provisioning of infrastructure, inventory management, operational visibility of network elements, alarm monitoring, fault diagnosis and software version management.
The National Cyber Security Centre has launched the Suspicious Email Reporting Service: a new email address for reporting scam mails to a government department that might actually do something about it. The cybersecurity service, an offshoot of eavesdropping agency GCHQ, said it has set up an "Automated programme" that will "Immediately test the validity of the site" if one is mentioned in a phishing email.
There have been significant changes in web attack and traffic trends as a result of COVID-19, according to Imperva. Amid COVID-19, web traffic and attack trends were affected.