As cloud computing services evolve, the cloud opens up entirely new ways for potential attacks. In February 2017, Tavis Ormandy of the Google Project Zero team exposed major memory leakage in Cloudflare’s Content Delivery Network (CDN) web caching services. It exposed all sorts of sensitive data, including passwords, authentication tokens and cookies. Although this is just one example of a cloud-oriented service with a major security issue (which, for the record, the company responded to immediately and remediated quickly), it demonstrates that all of us may have more exposure points than we realise.
It’s no secret that CEOs across North America and Europe have been marshal-ing forces for digital transformation in a high-stakes battle to ward off ambitious insurgents, maintain market share and address the changing demands of today’s customers. This is a once-in-a-generation challenge for any business leader, but it’s not the whole story. Behind the scenes, a fourth imperative is being added to the list of transformation considerations—combating modern cybercriminals.
For over a year now, F5 Labs and our data partner, Loryka, have been monitoring the ongoing hunt by attackers to find vulnerable IoT devices they can compromise. In our first report, DDoS’s Newest Minions: IoT Devices, our research proved what many security experts had long suspected: IoT devices were highly vulnerable to exploit, the level of interest in exploiting them was high, and distributed denial-of-service (DDoS) attacks using these devices were already occurring. Our findings and conclusions in Volume 11 rang true, and the new numbers show even steeper growth than we had imagined.
The NSA’s Information Assurance Directorate left many people scratching their heads in the winter of 2015. The directive instructed those that follow its guidelines to postpone moving from RSA cryptography to elliptic curve cryptography (ECC) if they hadn’t already done so.
GET BETTER PROTECTION AND BETTER PERFORMANCE IMMEDIATELY BY REPLACING YOUR CURRENT AV SOLUTION WITH CROWDSTRIKE FALCON PREVENT
STREAMING THE THREAT DETECTION AND RESPONSE LIFECYCLE WITH SPEED, AUTOMATION AND UNRIVALED VISIBILITY