Application Security News for September 2016

Topics:

Oct. 4, 2016

Google Chrome to explicitly identify sites that do not use HTTPS

Google has been at the forefront of securing the web and users. Starting a few years back, Google started improving the search rankings of sites that use HTTPS, in an attempt to convince website owners to start securing their sites with HTTPS. Now, it is pushing this even further with a new change to the Chrome Browser.

Starting with Version 56, the Google Chrome browser will start explicitly identifying sites that do not use HTTPS with a warning. The change will look like this:

DDoS-as-a-service site ‘vDOS’ hacked, brought down

vDOS — a “booter” service that has earned in excess of $600,000 over the past two years helping customers coordinate more than 150,000 so-called distributed denial-of-service (DDoS) attacks designed to knock Web sites offline — has been massively hacked, spilling secrets about tens of thousands of paying customers and their targets.The vDOS database, obtained by KrebsOnSecurity.com at the end of July 2016, points to two young men in Israel as the principal owners and masterminds of the attack service, with support services coming from several young hackers in the United States.

...

To say that vDOS has been responsible for a majority of the DDoS attacks clogging up the Internet over the past few years would be an understatement. The various subscription packages to the service are sold based in part on how many seconds the denial-of-service attack will last. And in just four months between April and July 2016, vDOS was responsible for launching more than 277 million seconds of attack time, or approximately 8.81 years worth of attack traffic.

Indonesia experiences "drastic increase" in cyber attacks, especially on e-commerce sites

Indonesia President Joko “Jokowi” Widodo stated that the country had seen a drastic increase in cyber crime, according to a report.

Speaking in a limited Cabinet meeting at the State Palace on Tuesday, President Jokowi cited that the number of cases has grown by 389 per cent in 2014 to 2015. He also mentioned that most of the cases occurred in the e-commerce sector.

Supporting his statement, this July the Office of the Coordinating Political, Legal and Security Affairs Minister had stated that cyber attacks in Indonesia rose by 33 per cent in 2015 from the previous year.

Of all these attacks, 54.5 per cent were aimed at e-commerce-related websites, causing the system to stop working.

White House names retired Air Force general as first cyber security chief

The White House on Thursday named a retired U.S. Air Force brigadier general as the government’s first federal cyber security chief, a position announced eight months ago that is intended to improve defenses against hackers.

Gregory Touhill's job will be to protect government networks and critical infrastructure from cyber threats as federal chief information security officer, according to a statement.

Things Twitter Said on CyberSecurity

Yo dawg I heard you like exploits, so I put an exploit framework exploit in your exploit frameworkhttps://t.co/cFXxbI8EzD

— ＧＮＵ／ＪＵＳＴＩＮ ✖️ (@justinsteven) September 19, 2016

Give a man an 0day and he'll have access for a day, teach a man to phish and he'll have access for life.

— the grugq (@thegrugq) February 7, 2015

The basics still apply to the cloud! @carnal0wnage and Ken Johnson talking at #DerbyCon pic.twitter.com/7JE0XQANwd

— Traversal (@haydnjohnson) September 23, 2016

financial industry lobby group thinks we shouldn't make TLS 1.3 too secure and keep crappy RSA based key exchange https://t.co/z5s3WeEB9b

— hanno (@hanno) September 22, 2016

Securing your applications with Barracuda Web Application Firewall

Securing your web application need not be difficult. The Barracuda Web Application Firewall exists to secure your web applications easily and provide you with peace of mind. Once you deploy the Barracuda Web Application Firewall in front of your web application, it is trivially easy to setup a HTTPS front end and enable complete application security. The Barracuda Web Application Firewall provides complete security against all web attacks (pdf), including application DDoS and Web Scraping. We offer several deployment options, including physical and virtual appliances, and Azure, AWS, and vCloud Air. Try it in your environment for 30 days, risk-free.

Tushar Richabadas is a Product Manager for the Barracuda Web Application Firewall team in our India office. You can connect with him on LinkedIn here.

Tushar Richabadas

Tushar Richabadas is Senior Product Marketing Manager, Applications and Cloud Security, Barracuda. Prior to this role, Tushar was a Product Manager for the Barracuda Web Application Firewall and Barracuda Load Balancer ADC, with a focus on cloud and automation. Tushar has a wide range of experience, from leading networking product testing teams and technical marketing for HCL-Cisco. Tushar closely tracks the rapidly increasing impact of digital security and is passionate about simplifying digital security for everyone.

Connect with him on LinkedIn here.