Microsoft: Web Application Firewall adds malicious bot protection
BleepingComputer reports that the cloud-native Azure Web Application Firewall bot protection feature is entering general availability on Azure Application Gateway, according to a statement from Microsoft.
“This feature allows users to enable a managed bot protection rule set for their WAF to block or log requests from known malicious IP addresses,” Microsoft said.
The new bot protection rule set blocks bots that are used by malicious actors to scan for vulnerabilities in web applications. It scans bots against the Microsoft Threat Intelligence feed to find those using known malicious IP addresses, and remains in sync with the bots by updating several times daily from the Microsoft Threat Intelligence feed.
“Your web applications are continuously protected even as the bot attack vectors change,” Microsoft said.
Users can deploy Azure WAF directly through Azure Application Gateway, Azure Content Delivery Network and Azure Front Door and complete the setup within minutes and may use the bot protection rule sets with OWASP core rule sets for increased protection for their web applications.
Qualcomm on Tuesday disclosed nearly two dozen security vulnerabilities in its chipsets, including the company’s flagship suite of SnapDragon processor chips and affecting products that range from cars to powerline communications.
Open source software utilization has been scaled back by nearly 40% of industry professionals due to security concerns, with more than 50% reducing open source usage following the emergence of the widespread Log4j vulnerability, The Register reports.
New security vulnerabilities have been added by Keksec threat group, also known as Kek Security, FreakOut, and Necro, to its Enemybot Linux-based botnet to attack web servers, content management systems, and Android devices, reports The Hacker News.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news