Image: Getty/MoMo Productions Mozilla has rolled out a privacy protection it calls “Total Cookie Protection” as the default for the Firefox browser on Windows, Mac and Linux. The idea behind Total Cookie Protection is that cookies remain limited to the site from which they were added to a browser. Mozilla’s analogy for the functionality of […] More
Web performance firm Cloudflare says it mitigated a record-breaking distributed denial of service (DDoS) attack last week that peaked at 26 million request per second (rps). It was caused by a small but powerful botnet of just 5,067 devices. This attack didn’t originate from compromised low-bandwidth Internet of Things devices like many other DDoS or junk traffic attacks on websites, but rather from cloud service providers, according to Cloudflare. That it came from cloud provider infrastructure suggests the attackers hijacked higher-bandwidth virtual machines and servers, the firm suggests. This attack was over HTTPS, the secure version of the web, similar to a DDoS attack it mitigated in April. As the firm explains, HTTPS DDoS attacks are more computationally expensive for the attacker and victim due to the cost of establishing an encrypted Transport Layer Security (TLS) connection over the internet. Among other things, Cloudflare provides customers SSL/TLS certificates to website owners. The attack targeted one customer that used Cloudflare’s free plan, which offers DDoS protection, a content delivery network, and an SSL certificate. According two Cloudflare’s graph, the attack lasted lasted less than two minutes, climbing to a peak and then fading over the course of 10 seconds. “We’ve seen very large attacks in the past over (unencrypted) HTTP, but this attack stands out because of the resources it required at its scale,” Cloudflare product manager Omer Yoachimik writes in a blogpost. This “small but powerful” botnet consisted of 5,067 devices, with each node averaging about 5,200 rps. In 30 seconds it generated 212 million HTTPS requests from over 1,500 networks in 120 countries. It was much more powerful than another botnet Cloudflare tracks, which consists of over 730,000 devices and generates an average of just 1.3 rps per device. “Putting it plainly, this botnet was, on average, 4,000 times stronger due to its use of virtual machines and servers,” Cloudflare said.The top countries where the distributed attack originated were Indonesia, the US, Brazil and Russia. The last two years have seen multiple record breaking DDoS attacks. Amazon in June 2020 said it mitigated a 2.3 Terabit per second (Tbps) attack, which was measured in packets per second rather than requests per second for HTTP/S. That DDoS abused the CLDAP (Connection-less Lightweight Directory Access Protocol). Microsoft in January said it mitigated a 3.47 Tbps DDoS attack that leveraged the used the User Datagram Protocol (UDP) in a “reflection attack”. Many of the DDOS attacks the result of intense rivalry between users of popular online games, according to Microsoft. The second largest DDoS attack on a Cloudflare customer happened in July 2021 and peaked at 17.2 million rps. More
Optus soon will have more autonomy to run its enterprise business, giving the Australian telco direct accountability of how it wants to navigate the unit’s growth path. Its enterprise division would be transferred from Optus’ parent company Singtel, so it would have “more operational autonomy” with the unit under its direct management, Singtel said in a statement Wednesday. Optus’ enterprise revenue clocked at AU$1.21 billion ($843.69 million) in its financial year, ended March 2022.Effective from July 1, the move is part of Singtel’s reorganisation efforts that began last year to “decentralise” the Singapore telco’s organisational structure and “empower” its businesses to tap commercial synergies and capabilities for growth. Singtel Group CEO Yuen Kuan Moon said this was essential in the current volatile macro-economic environment where business units needed greater independence and agility to better navigate the market.Yuen said: “Optus has been part of the Singtel stable for two decades and a leading player in the Australian consumer market. Given the hyper digitalisation that enterprises are currently experiencing, this is also timely as Optus can focus on advancing its growth as a B2B (business-to-business) player.”Optus CEO Kelly Bayer Rosmarin noted that a “more unified and collaborative” model would allow the Australian telco to support its enterprise customers’ localised needs and push products and services more quickly to the local market. She added that the company not only would have the autonomy to make decisions quickly, but also still be able to tap Singtel’s global reach and knowledge.Singtel last year kickstarted a business transformation it dubbed a “strategic reset”, which also saw its ICT business unit NCS spun off from its enterprise business and positioned as a pan-Asia B2B digital services provider. NCS’ growth strategy was focused on Australia and Greater China, as well as on diversifying beyond its stronghold in Singapore’s public sector into the enterprise space.According to Singtel, these efforts had pushed its digital revenue to account for almost half of overall revenue in the last fiscal year. In its announcement Wednesday, the telco also announced that Bill Chang would assume a new role as CEO of the group’s data centre business, effective July 1. Chang would retain his current role as CEO of Singtel’s enterprise unit. Both its data centre unit and NCS had been earmarked as growth engines for Singtel’s digital businesses. NCS last October acquired a majority stake in Australian cloud consultancy, Eighty20 Solutions, as part of efforts to expand its footprint in the country. The move followed the purchase of another Australia-based cloud services vendor, Riley, which service offerings were specialised on Google platforms and comprised cloud-native transformation, data supply chain, and cloud operations. Singtel in February unveiled plans to spend at least SG$2 billion ($1.49 billion) to redevelop its global headquarters, pitching the new site as a smart building that would showcase sustainable workspaces for employees and future tenants. Called Comcentre, the building has sat on its current plot since 1979 and occupies an area of 19,252 square metres. RELATED COVERAGE More
Brazil’s National Data Protection Authority (ANPD) will gain independence from the presidency. The data protection body was elevated to the special authority status under a provisional measure published today.According to the text, ANPD will be transformed into an autarchy of a special nature while still maintaining the organizational structure and competences of the law that created it in 2018. The provisional measure notes that, considering the scope of the powers of the authority, which oversees both the public and private sectors, the shift towards becoming an autarchy is legally important to ensure independence.
ZDNet Recommends
The effects of the provisional measure become immediate after its signature, thus giving full administrative and budgetary autonomy to ANPD, which previously had only technical and decision-making autonomy. However, for the measure to be definitively signed into law, it will still require on approval by the Lower House of the Brazilian Congress as well as the Senate.Brazil’s data protection regulations (LGPD) granted the ANPD powers of inspection, sanction, and regulation. The authority has a critical role in the legal framework for the protection of data subjects, which enables the proper use of personal data in public and private contexts.ANPD’s link with the presidential office has been heavily criticized since its inception in 2020. When the Brazilian Constitution was amended to make data protection a fundamental citizen right in February, consumer protection body Idec said the authority’s lack of independence was “something that goes against international recommendations for the constitution of authorities on the subject and jeopardizes the necessary supervision of data processing in the country.”After the provisional measure that creates the autarchy is signed into law, the National Data Protection Authority will have the autonomy it needs to fully perform its functions and legal competences. This includes the activities related to the administrative management of the body itself.According to the ANPD, its independence from the presidency is aligned with government policies and programs, such as facilitating international trade and increasing competitiveness, in addition to bringing relevant impacts to society and companies, providing compatibility with other regulatory regimes around the world. In addition, the authority noted that the move improves Brazil’s readiness for entry into international organizations and blocs, such as the Organization for Economic Cooperation and Development (OECD).”The transformation of the ANPD’s legal nature will enable the Authority to be more capable of prioritizing actions and generating better results for society”, the authority said in a statement. “In addition, it will bring greater legal certainty to individuals and organizations, representing an advance in the application of the LGPD, increasing Brazil’s international reputation and credibility.”
Government More
Microsoft has released 55 security fixes that resolve critical issues including Remote Code Execution (RCE). The Redmond giant’s latest round of patches, usually released on the second Tuesday of each month in what is known as Patch Tuesday, includes fixes for problems such as RCE vulnerabilities, information leaks, Elevation of Privilege (EoP), Use-After-Free issues, and out-of-bounds memory access.
Special Feature
Products impacted by June’s security update include the Windows operating system, Microsoft Office, Hyper-V Server, Azure, and Windows Defender. In total, three vulnerabilities are critical, one is moderate, and the rest are considered important. Many of the vulnerabilities patched this month relate to remote code execution, but Microsoft says that there are no reports of active exploitation in the wild with the exception of an update to CVE-2022-30190, a Microsoft Windows Support Diagnostic Tool (MSDT) vulnerability made public in May. Also: Everything Microsoft revealed at its 2022 Xbox & Bethesda ShowcaseSome of the most severe vulnerabilities resolved in this update are: CVE-2022-30136: CVSS 9.8, Windows Network File System RCE vulnerability. Attackers need to make an unauthenticated, crafted call to a Network File System (NFS) service to trigger the bug.CVE-2022-30163: CVSS 8.5, A Windows Hyper-V RCE vulnerability exploitable through a specially crafted application on a Hyper-V guest session.CVE-2022-30139: CVSS 7.5, A Windows Lightweight Directory Access Protocol (LDAP) RCE vulnerability but only if the MaxReceiveBuffer LDAP policy is set to a value higher than the default value.CVE-2022-30164: CVSS 8.4, Kerberos AppContainer security feature bypass. It was possible to circumvent the service ticketing feature which performs user access control checks.CVE-2022-30157: CVSS 8.8, Microsoft SharePoint Server RCE vulnerability. Attackers must be authenticated and have page creation permissions,CVE-2022-30165: CVSS 8.8, Windows Kerberos EoP security flaw. It was possible to spoof the Kerberos log on process when a remote credential guard connection was made via CredSSP.As noted by the Zero Day Initiative (ZDI), this is the first patch release in a long time that has not featured updates for the Print Spooler. Last month, Microsoft resolved 74 bugs in the May batch of security fixes. These included seven critical and one important flaw, with RCE, privilege escalation, information leaks, and spoofing making an appearance. A month prior, the tech giant tackled two zero-day vulnerabilities during April’s Patch Tuesday. Earlier this month, Microsoft warned of the upcoming retirement of Internet Explorer. Support is ending for Internet Explorer 11 on June 15, impacting the Windows 10 client SKU (version 20H2 and later) and Windows 10 IoT (version 20H2 and later). IE Mode will be maintained in Microsoft Edge until at least 2029 to give developers time to modernize their IE applications. Alongside Microsoft’s Patch Tuesday round, other vendors, too, have published security updates which can be accessed below. More
Credit: Microsoft Microsoft is acquiring Miburo, a cyberthreat analysis company specializing in the detection of and response to foreign information operations. Microsoft is not disclosing the purchase price but announced the deal publicly on June 14. Miburo is based in New York City. According to its LinkedIn profile, the company specializes in social media investigations […] More
Image: Getty At least one ransomware group has been spotted using Exchange Server vulnerabilities to deploy BlackCat ransomware on target networks, according to Microsoft. Microsoft has warned that one cyber-criminal gang has used an unpatched Exchange Server to gain entry to a target organization to deploy the notorious BlackCat/ALPHV ransomware. The company provides a case […] More
Image: Getty Images Security researchers have warned of “increasing and unsustainable stress levels” in the cybersecurity workforce resulting from persistent ransomware threats and looming, large-scale attacks, which are pushing security professionals towards abandoning the industry altogether. A report by cybersecurity company Deep Instinct found that 46% of senior and executive-level cybersecurity professionals have considered quitting […] More
