Google Begins Testing IP Protection
by Artie Kaye
The IP Protection service will be implemented within Google’s Chrome browser and functions much like a VPN would, however maintaining the user’s location within the same country. Currently planned to be a free service, its stated goal is to help mask user information while browsing, providing a more secure browsing experience. The service is in its testing stages right now, and its use will be opt-in when it goes live.
Third-Party references:
Click the links below to learn more details. (Opens in a new tab/window.)
HTTP/2 DDoS Attack
by Artie Kaye
Dubbed “Rapid Reset” due to the method which the attack uses, it became the largest denial of service attack recorded yet. The work-around being advised by some companies is through disabling the HTTP/2 protocol until an appropriate patch has been developed. Some organizations, such as Netty and Apache, have already rolled out fixes for their software. For which solutions might be available to you, check the security advisories from your network software providers, and contact your tech support regarding implementation of workarounds or patches if needed.
Third-Party references:
Click the links below to learn more details. (Opens in a new tab/window.)
Cisco IOS XE Update
by Artie Kaye
Cisco has released a patch addressing the zero-day attack, which could allow total device control. Take note to update any IOS XE at your earliest ability. With the discovery of this exploit, certain implanted programming was found on many devices, marking them as compromised by researchers. After knowledge of the flaw spread, the number of these devices has diminished. The cause was due to a change in the implant’s behavior when responding to specific queries. Patch any affected devices to help mitigate any potential damage, and discuss with your support team about any other actions which may need to be taken.
Third-Party references:
Click the links below to learn more details. (Opens in a new tab/window.)
VMware and Citrix Patches
by Artie Kaye
Two high priority updates were released for NetScaler by Citrix and for vCenter Server by VMware. The flaws are considered critical, with VMware patching end of life products, and should be addressed as soon as able. For more information, please check the security announcements from the respective companies below.
Third-Party references:
Click the links below to learn more details. (Opens in a new tab/window.)