A DDoS (Distributed Denial of Service) attack seeks to exhaust resources in a given infrastructure (nowadays, mostly cloud-based systems), to hinder the operation of its services and applications.

There are different types of DDoS attacks. In volumetric assaults, the target becomes overloaded due to the sudden increase in traffic volume, disrupting it and preventing legitimate users from accessing the service.

more →

How DDoS attacks have evolved

As with most IT security threats, distributed denial of service attacks have evolved over time.  Simple attacks at the network level designed to exhaust target bandwidth capacity have been complemented with more complex and subtle attacks that can bring down websites but leave the network standing, often without triggering DDoS mitigation.

more →

XSS – Cross-site scripting

XSS is a common form of injection attack on public facing web servers. Any web server can be vulnerable to attack, and websites now are feature-rich with multiple embedded databases, comments sections, and media… all of which increase the vector types that can be attempted by cyber criminals for various reasons.

more →

As a business starts its journey towards the cloud, security focus will often shift outwards towards the Internet.  By moving data from inside the traditional network perimeter to the cloud, a whole new set of cybersecurity considerations occur and questions such as “How can we prevent our cloud environment from a breach and protect our data from theft?” become more relevant than ever.

more →

IoT devices are everywhere and some businesses are only just starting to realise the security implications of so many unmanaged items on their network.  The number of IoT devices is forecast to increase five fold to 75 billion devices by 2025.  Couple the roll out of cellular IoT and faster 5G networks with vulnerable IoT devices, and you could be gifting hackers the ability to utilise compromised devices to launch DDoS attacks and/or deploy malware.

more →

Financial services organizations are where the money is, and as such will always be prime targets for cybercrime. For many financial institutions, this bot traffic can account for more than half of their overall website traffic — covering both good bots engaged in essential business tasks to bad bots performing malicious activities.

more →

This month we are sharing a blog from our security partner Radware that takes a look at recent attacks on the financial services industry.

Over the last few weeks, Radware has been tracking a significant Credential Stuffing Campaign targeting the financial industry in the United States and Europe.

more →

This month we are sharing a blog from our security partner Oracle + Dyn that takes a look at web application security and what lies ahead.

Websites and apps are increasingly under attack, so effective web application security must be a top priority.

Before 2008, data breaches were somewhat rare, and most occurred because of human error, such as the loss of a laptop, a USB drive, or some other media.

more →