The target was Github, who mitigated the 1.3Tbs attack with the help of Akamai.
Memcached-based amplification attacks aren't a new idea, but it seems to have been picked up and weaponised. With it an in incoming packet can be amplified about 50,000 times, making a request of 203 bytes come out to a 100 megabyte response.
From what I can make out: Trustico, an SSL reseller, wanted to mass-revoke 50.000 of their certificates, issued through Symantec. Digicert, who bought the Symantec SSL business, said they could only do that if these certificates were compromised. Then Trustico e-mailed them the private keys of 23,000 certificates, which they never should have had in the first place, hence compromising them openly and triggering revocation. More details in the article.
Researchers from Duo have discovered an attack where one can change how a username is read without invalidating the request. Effectively giving someone on the same SSO server the ability to identify as someone else.
It's a service that makes it possible to tell your users that their password has been seen in a breach before, and hence will probably be in any hacker's dictionary attack. It explains thoroughly how he ensures privacy and how the service is built.
Researchers have described a malicious ad network that bypasses ad blockers by continuously computing new domain names where the ads and miners are hosted, so that ad blockers can't keep up with their blacklists. DGA, as that technique is called, is usually seen in malware.
The article details the inner workings of Infraud, a well organised marketplace for stolen identities and the likes, similar to Silk Road. A total of 36 people are indicted, of which only 13 have been arrested so far.
Though not a new technique in itself, data exfiltration through CSS selectors has gotten some new attention lately. This article goes through the findings.
Interesting blogpost by a researcher on how to find instances of cryptojacking. Coinhive alone seems to be present on over 34.000 sites, with various similar services taking a much smaller slice.
Amazing list of threat intelligence resources: IP blacklists and whitelists, firewall rules, threat sharing formats and threat-related reading material.
WAFs are a good security measure but the security of your web applications should not solely depend on it. Watch this demo on Paul’s Security Weekly during which a researcher from Netsparker explains and demos how modern web application firewalls can be bypassed.
Fleetsmith is a fantastic solution for keeping your macOS devices managed and secure, used by yours truly every day. It fully integrates with G Suite, and you can try it free with 10 devices for as long as you need.