2018 DDoS Attack Landscape-5
May 8, 2019
3.3 DDoS Attack Duration
3.3.1 Attack Duration Distribution
In 2018, the average duration of a DDoS attack was 42 minutes, down 17% from 2017. This indicates that DDoS attacks were upgraded in industrialization, weaponization, and efficiency and DDoS-as-aService gained momentum for fast growth. We noticed that the longest DDoS attack in 2018 lasted around 12 days, far shorter than attacks detected in previous years. (more…)
A Look into RSA 2019-Automation of Threat Discovery and Response
May 7, 2019
The RSA Conference 2019, which is dedicated to addressing worldwide information security issues, was held in March 4–8. This year’s RSA Conference took “Better” as its theme, aimed at exploring new cybersecurity development realms in a digital epoch and finding better security vendors, products, services, and solutions. In the past few years, with the rapid adoption of big data and artificial intelligence (AI) techniques, players across the security industry have been energetic in pushing “better” application of these new techniques in the security field. Detection and response are the two permanent security topics much talked about at both last year’s and this year’s conference. This indicates that security vendors are inputting more resources into AI-automated detection and response. By combining automation, process orchestration, AI, and machine learning, they try to optimize their centralized security management and operations platform for more automatic and intelligent threat discovery and response. (more…)
Analysis of File Disclosure by APT34
May 6, 2019
1 About APT34
APT34, exposed to the public view in 2014, mainly targets Middle Eastern countries and some international organizations. APT34 attacks a variety of sectors mainly in the Middle East, but not limited to finance, government, energy, chemical engineer, and telecommunications. (more…)
Oracle WebLogic Server Deserialization Remote Code Execution Vulnerability Threat Alert
May 3, 2019
1 Vulnerability Overview
On April 17, China National Vulnerability Database (CNVD) published details of a remote code execution vulnerability in Oracle WebLogic Server. Specifically, this vulnerability exists in the wls9_async_response.war component that comes with Oracle WebLogic Server as this component fails to properly deserialize the input information. An unauthorized attacker could exploit this vulnerability to gain server privileges for remote code execution by sending a carefully crafted malicious HTTP request. (more…)
IoT Agenda: Can California legislation save the world from IoT security risks?
May 2, 2019
IoT Agenda – I am known for railing against IoT devices because I consider them the eventual destroyers of the internet as we know it. They are not secure, most people that use them do not realize they are not secure, and most vendors that make them have done little knowing they are not secure.
Cisco IOS XR 64-Bit Critical Vulnerability (CVE-2019-1710) Threat Alert
May 2, 2019
Overview
Cisco has released a security advisory to announce the fix of a vulnerability (CVE-2019-1710) in Cisco IOS XR 64-bit Software running on Cisco ASR 9000 Series Aggregation Services Routers. This vulnerability is the result of incorrect isolation of the secondary management interface from internal sysadmin applications. An unauthenticated attacker could exploit this vulnerability to log in to an affected device remotely or cause a denial of service. (more…)
A Look into RSA 2019: Finding a New Balance Between Efficiency and Security in Incident Response
May 1, 2019
Incident Response Is Changing The enterprise security market has seen fast incorporation of more and more cloud, Internet of Things (IoT), and mobile devices into enterprise security environments, which traditionally abound with servers, workstations, and networking and security devices. In this context, enterprises are faced with decentralized services and products from a variety of service […]
