Subterms
Image: Getty/FG Trade After 27 years as Microsoft’s Windows web browser, Internet Explorer (IE) is no longer supported. But that doesn’t mean the legacy Windows browser isn’t still in use, and despite years of warning it seems there are people that aren’t ready for the change. It’s been just over a year since Microsoft announced […] More
Getty Images Over the last few years, we’ve been battling an array of organic malware attacks from various SARS-CoV-2 variants that have been exploiting a zero-day vulnerability (CVE-2019-05309) in host system immunity. Fortunately, prominent pharma security vendors, such as Pfizer, have made the required software patches available to thwart these attacks using the latest mRNA […] More
After getting the umpteenth notification in your email inbox about a compromised password (we feel your pain), it’s time to start looking at more secure options. After all, remembering every single letter, number, and symbol when you’ve had to change your Facebook account’s password every few months can get confusing. With NordPass’ surprise sale More
While having access to an encrypted SSD — like the new Kingston IronKey Vault Privacy 80 — is nice, sometimes you want something smaller and more convenient to carry around with you. Enter the Kingston IronKey Vault Privacy 50 More
Over 24 billion usernames and passwords are up for grabs on cyber-criminal marketplaces and the amount of breached credentials is still rising as hackers take advantage of weak and re-used passwords. Analysis by cybersecurity researchers at Digital Shadows found that there’s been a 65% increase in usernames and passwords sold, traded or dumped in cyber-criminal […] More
Most companies that get hit by a cyberattack are likely to fall victim again – sometimes repeatedly – as many struggle to improve their cybersecurity strategy, even after incidents. According to research by cybersecurity company Cymulate, 39% of companies were hit by cybercrime over the past 12 months – and of those, two-thirds were hit […] More
Image: Getty/MoMo Productions Mozilla has rolled out a privacy protection it calls “Total Cookie Protection” as the default for the Firefox browser on Windows, Mac and Linux. The idea behind Total Cookie Protection is that cookies remain limited to the site from which they were added to a browser. Mozilla’s analogy for the functionality of […] More
Web performance firm Cloudflare says it mitigated a record-breaking distributed denial of service (DDoS) attack last week that peaked at 26 million request per second (rps). It was caused by a small but powerful botnet of just 5,067 devices. This attack didn’t originate from compromised low-bandwidth Internet of Things devices like many other DDoS or junk traffic attacks on websites, but rather from cloud service providers, according to Cloudflare. That it came from cloud provider infrastructure suggests the attackers hijacked higher-bandwidth virtual machines and servers, the firm suggests. This attack was over HTTPS, the secure version of the web, similar to a DDoS attack it mitigated in April. As the firm explains, HTTPS DDoS attacks are more computationally expensive for the attacker and victim due to the cost of establishing an encrypted Transport Layer Security (TLS) connection over the internet. Among other things, Cloudflare provides customers SSL/TLS certificates to website owners. The attack targeted one customer that used Cloudflare’s free plan, which offers DDoS protection, a content delivery network, and an SSL certificate. According two Cloudflare’s graph, the attack lasted lasted less than two minutes, climbing to a peak and then fading over the course of 10 seconds. “We’ve seen very large attacks in the past over (unencrypted) HTTP, but this attack stands out because of the resources it required at its scale,” Cloudflare product manager Omer Yoachimik writes in a blogpost. This “small but powerful” botnet consisted of 5,067 devices, with each node averaging about 5,200 rps. In 30 seconds it generated 212 million HTTPS requests from over 1,500 networks in 120 countries. It was much more powerful than another botnet Cloudflare tracks, which consists of over 730,000 devices and generates an average of just 1.3 rps per device. “Putting it plainly, this botnet was, on average, 4,000 times stronger due to its use of virtual machines and servers,” Cloudflare said.The top countries where the distributed attack originated were Indonesia, the US, Brazil and Russia. The last two years have seen multiple record breaking DDoS attacks. Amazon in June 2020 said it mitigated a 2.3 Terabit per second (Tbps) attack, which was measured in packets per second rather than requests per second for HTTP/S. That DDoS abused the CLDAP (Connection-less Lightweight Directory Access Protocol). Microsoft in January said it mitigated a 3.47 Tbps DDoS attack that leveraged the used the User Datagram Protocol (UDP) in a “reflection attack”. Many of the DDOS attacks the result of intense rivalry between users of popular online games, according to Microsoft. The second largest DDoS attack on a Cloudflare customer happened in July 2021 and peaked at 17.2 million rps. More
