Next week I'll be attending the Forum of Incident Response and Security Teams (FIRST) annual Boston meet-up at the Boston Park Plaza Hotel along with several Akamai colleagues. FIRST is a global non-profit organization that brings together computer security incident response teams (CSIRTs) from over 240 corporations, government bodies, universities and other institutions spread across the Americas, Asia, Europe and Oceania.
Get In Touch
Recently in Web Security Category
A look at the security issues making headlines so far this week:
The €30k data takeaway: Domino's Pizza Faces Ransom Demand After Hack (The Guardian)
Hackers have demanded a ransom of €30,000 (£24,000) from Domino's Pizza after stealing personal data on more than 600,000 of its French and Belgian customers.
Ruling Raises Stakes for Cyberheist Victims (KrebsOnSecurity)
A Missouri firm that unsuccessfully sued its bank to recover $440,000 stolen in a 2010 cyberheist may now be on the hook to cover the financial institution's legal fees, an appeals court has ruled. Legal experts say the decision is likely to discourage future victims from pursuing such cases.
World Cup 2014: Experts Warn of Security Threats (Dark Reading)
Brazilians and foreign visitors in the country for the World Cup are being warned of a potential rise in security attacks. Fake Wi-Fi hotspots to ATM scams are on the list of dangers locals and tourists should be aware of.
Cisco Extends Deadline for Internet of Things Security Contest (eWeek)
Cisco Systems is extending the deadline for submissions for its Internet of things security contest, giving interested parties another two weeks.
Hacked Synology NAS Systems Used in Big-Profit Cryptocurrency Mining Scheme (Computerworld)
A hacker earned over $600,000 by infecting network-attached storage devices with Dogecoin mining malware, Dell SecureWorks researchers said.
Target Top Security Officer Reporting to CIO Seen as a Mistake (CSOonline)
Experts worry that the retailer's chief executive and board may not get a complete picture on the company's security, if the CISO does not report directly to them.
After Akamai acquired Prolexic several months back, a lot of people asked what it would mean in terms of the research we shared.
PLXsert monitors malicious cyber threats globally and analyzes DDoS attacks using proprietary techniques and equipment. Through attack data forensics and post-attack analysis, PLXsert is able to build a detailed global view of DDoS attacks, which the team shares with customers and the public. By sharing timely DDoS intelligence and analysis, PLXsert helps organizations adopt best practices for DDoS defense, and make more informed, proactive decisions about specific DDoS threats.
What follows is a roundup of what we've released so far.
Microsoft released it's June 2014 Security Update Tuesday. The latest vulnerabilities to be addressed affect everything from Windows, Internet Explorer, Office to Microsoft Lync.
Akamai's PLXSert team has discovered new payloads from the Zeus crimeware kit in the wild, deeming it "high risk" in an advisory released this morning.
The advisory says the Zeus framework has evolved from focusing on the harvesting of banking credentials to being used in the control of compromised hosts (zombies) for criminal activity, including distributed denial of service (DDoS) attacks and attacks customized for specific platform-as-a-service (PaaS) and software-as-a-service (SaaS) infrastructures.
This month's Microsoft Patch Tuesday has almost arrived. This time out the tech giant has given advance notification that there will be seven fixes rolled out including two critical patches. The issues that are tackled by these patches are remote execution bugs in Windows, Internet Explorer (versions 6-11 depending on OS level), Office and Lync. I should note that the two critical patches require a system restart after they are applied.
Akamai CSIRT has identified a trend in online extortion that has the potential to impact customer websites and their users.
Attackers are using reflected UDP to launch direct-to-origin denial of service attacks at e-commerce sites, then demanding payment to stop the attacks, CSIRT's Mike Kun wrote in an advisory.
"We have seen these extortion attempts target e-commerce and retail sites, as well as online collaboration sites, but all sectors are vulnerable," Kun wrote.
This advisory serves as a description of the attacker, their capabilities, and how to mitigate the threat.
Akamai Security Advocate Dave Lewis (@gattaca on Twitter) has written a new post for Forbes. He argues that we need to assume that our systems will fail and fail hard.
"We need to build network security with failure in mind," he wrote. "There was once a notion of 'bricks and clicks' that was meant to demonstrate a delineation between retail and online presence. This too has fallen by the wayside as online business is now just the business."