Hackers Using Hard-to-Block DDoS Amplification Technique

Hackers Using Hard-to-Block DDoS Amplification Technique

Hackers have started to abuse routers and other internet-of-things devices that expose their UPnP interfaces to the internet to launch distributed denial-of-service (DDoS) attacks that are hard to block, even by DDoS mitigation providers. Researchers from security firm Imperva have recently observed a DDoS amplification attack in which some of ... Read More
Branch Office Security

Barrracuda Networks Unfurls WAF Cloud Service

Barracuda Networks announced today a managed cloud-based web application firewall (WAF) service that cybersecurity professionals can configure using a five-step wizard process. Nitzan Miron, vice president of product management for application security services for Barracuda Networks, said the Barracuda WAF-as-a-Service is designed for organizations that want to be able to ... Read More
Small Security Budget

Making a Big Impact with a Small Security Budget

An excessive security budget isn’t the only way to build strong security Enterprises invest a lot of money into cybersecurity, yet still they get breached. We need look no further than Yahoo! to see the hard, cold truth that if attackers are persistent enough, they will somehow gain access to ... Read More
Safeguard Email Compromised Attacks

Adobe Patches Zero-Day Vulnerability in Acrobat, Reader

Adobe Systems has released new security patches for critical vulnerabilities in its Acrobat and Reader products, including one zero-day vulnerability found in the wild. The updates fix 47 vulnerabilities, 24 of which are rated critical and can lead to remote code execution. The rest are rated important and can lead ... Read More
Security Boulevard's 5 Most Read Stories for the Week, May 7-May 11

Security Boulevard’s 5 Most Read Stories for the Week, May 7-May 11

A new week, a new crop of security stories. Last week, Privacy in Public Places, Fileless Malware, Spam Bots and Fake Accounts and Cryptomining Worm MassMiner made headlines. Also, we offered some insight into Securing the Network—and Your Organization’s Future. Missed out on any of the news? Here are the ... Read More
Time to Rethink Security

Password Apathy: Time to Rethink Security?

Recently, Twitter asked its 330 million users to do something distasteful: Change their passwords. The social media company discovered a bug in the system that caused passwords to be stored in a readable text format. Although Twitter said there is no reason to believe any passwords were stolen or compromised, ... Read More
Researchers Warn of Serious Flaws in PGP and S/MIME Email Encryption

Researchers Warn of Serious Flaws in PGP and S/MIME Email Encryption

A team of security researchers has found serious flaws in how email clients handle PGP and S/MIME encrypted emails that could allow attackers to steal the contents of sensitive communications. On May 13, the Electronic Frontier Foundation (EFF) published a blog post warning users to disable automatic decryption in their ... Read More
GDPR Affects IAM Usage

How GDPR Affects IAM Usage

GDPR is placing a lot of demands on companies to protect the privacy of individuals. But what does that mean for identity management? The European Union’s General Data Protection Regulation (GDPR) takes effect May 25 and aims to protect the identity of individuals. Unfortunately, its requirements are more complex than ... Read More
Leaked Point-of-Sale Malware Source Code Could Fuel New Variants

Leaked Point-of-Sale Malware Source Code Could Fuel New Variants

The source code for a malware program called TreasureHunter, which has been used to steal payment card information from point-of-sale (PoS) systems for years, is now available to cybercriminals for free. As with similar incidents in the past, researchers expect that this leak will lead to more variants being developed ... Read More
Government-Sponsored Cyberattacks

Tech Companies Vow Not to Participate in Government-Sponsored Cyberattacks

Security experts (and security writers) spend a lot of time talking about cybercriminals and hackers—the so-called bad actors who are after data to use or sell on the dark web. But the time has come to expand our thinking of who or what constitutes a bad actor. Many of the ... Read More