SEARCH
Archive
Unnamed Web Host Hit With DDoS Attack
Attackers launched a massive distributed denial-of-service against a specific website hosted by a hosting provider in early June. Not only was the 1.44 terabit-per-second DDoS attack the largest Akamai has seen to date, it was also one of the most complex to resolve.
Thousands of SaltStack Servers Patched, But Many Still Vulnerable
The number of servers vulnerable to the CVE-2020-11651 SaltStack flaw has dropped considerably, but several thousand are still unpatched.
SaltStack Flaw Used in Numerous Attacks
Attackers are exploiting the CVE-2020-11651 flaw in SaltStack Salt to install coinmining scripts on exposed servers.
BeyondProd Lays Out Security Principles for Cloud-Native Applications
First, it was Beyond Corp, to shift security away from the perimeter and onto individual users and devices. Now it is BeyondProd, to apply zero-trust principles to cloud-native applications and workloads that rely on microservices and communicate primarily over APIs.
AWS Adds New Protections Against SSRF, Other Web App Attacks
The new AWS IMDSv2 security feature mitigates common attacks that take advantage of SSRF, open WAFs, and open layer 3 firewalls.