Mon.Oct 07, 2024

article thumbnail

Largest Recorded DDoS Attack is 3.8 Tbps

Schneier on Security

CLoudflare just blocked the current record DDoS attack: 3.8 terabits per second. (Lots of good information on the attack, and DDoS in general, at the link.) News article.

DDOS 215
article thumbnail

Timeline: 15 Notable Cyberattacks and Data Breaches

Tech Republic Security

These 15 cyber attacks or data breaches impacted large swaths of users across the United States and changed what was possible in cybersecurity.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Mind the (air) gap: GoldenJackal gooses government guardrails

We Live Security

ESET Research analyzed two separate toolsets for breaching air-gapped systems, used by a cyberespionage threat actor known as GoldenJackal.

article thumbnail

Learn Cybersecurity Essentials for Just $40 from Home

Tech Republic Security

Gain a comprehensive understanding of cybersecurity with this 12-hour, 5-course bundle that covers everything from foundational concepts to advanced strategies.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

New Gorilla Botnet Launches Over 300,000 DDoS Attacks Across 100 Countries

The Hacker News

Cybersecurity researchers have discovered a new botnet malware family called Gorilla (aka GorillaBot) that is a variant of the leaked Mirai botnet source code. Cybersecurity firm NSFOCUS, which identified the activity last month, said the botnet "issued over 300,000 attack commands, with a shocking attack density" between September 4 and September 27, 2024.

DDOS 144
article thumbnail

US Government, Microsoft Aim to Disrupt Russian Threat Actor ‘Star Blizzard’

Tech Republic Security

Read more about the U.S. Department of Justice and Microsoft’s efforts to interrupt the activities of Russian-based threat actor Star Blizzard, and learn how to protect from this threat.

More Trending

article thumbnail

Australian Cybersecurity Professionals Confess To Growing Job Stress

Tech Republic Security

Australian cyber professionals are reporting more job stress, partly due to skills gaps and other growing industry challenges.

article thumbnail

Pro-Ukrainian Hackers Strike Russian State TV on Putin's Birthday

The Hacker News

Ukraine has claimed responsibility for a cyber attack that targeted Russia state media company VGTRK and disrupted its operations, according to reports from Bloomberg and Reuters. The incident took place on the night of October 7, VGTRK confirmed, describing it as an "unprecedented hacker attack.

article thumbnail

Multi-cloud Strategies Making DDI and DNS Cumbersome to Manage

Tech Republic Security

DNS and IP address management is getting harder as multi-cloud strategies take over in Australia and the APAC region.

DNS 150
article thumbnail

Kyiv’s hackers launched an unprecedented cyber attack on Russian state media VGTRK on Putin’s birthday

Security Affairs

Russian state media VGTRK faced a major cyberattack, which a Ukrainian source claimed was conducted by Kyiv’s hackers. A Ukrainian government source told Reuters that Kyiv’s hackers are behind the cyber attack that disrupted operations at the Russian state media company VGTRK on Putin’s birthday. The All-Russia State Television and Radio Broadcasting Company (VGTRK, Russian: ВГТРК) or Russian Television and Radio Broadcasting Company, also known as Russian Television and Radio,

Media 140
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

iPhone flaw could read your saved passwords out loud. Update now!

Malwarebytes

Apple has issued security updates for iOS 18.0.1 and iPadOS 18.0.1 which includes a fix for a bug that could allow a user’s saved passwords to be read aloud by its VoiceOver feature. VoiceOver allows users to use their iPhone or iPad even if they can’t see the screen. It gives audible descriptions of what’s on your screen—for example, the battery level, who’s calling you, or what item your finger is on.

Passwords 136
article thumbnail

Universal Music data breach impacted 680 individuals

Security Affairs

Universal Music Group notified hundreds of individuals about a data breach compromising their personal information. Universal Music Group is notifying 680 individuals about a data breach that compromised their personal information, including their Social Security number. The data breach occurred on July 15, 2024, and was discovered on August 30, 2024. “In early July, we detected unauthorized activity in one of our internal applications.

article thumbnail

Awaken Likho is awake: new techniques of an APT group

SecureList

Introduction In July 2021, a campaign was launched primarily targeting Russian government agencies and industrial enterprises. Shortly after the campaign started, we began tracking it, and published three reports in August and September 2024 through our threat research subscription on the threat actor we named Awaken Likho (also named by other vendors as Core Werewolf).

Phishing 135
article thumbnail

FBCS data breach impacted 238,000 Comcast customers

Security Affairs

238,000 Comcast customers were impacted by the FBCS data breach following the February ransomware attack, Comcast reports. Telecommunications giant Comcast is notifying approximately 238,000 customers impacted by the Financial Business and Consumer Solutions (FBCS) data breach. FBCS, a third-party debt collection agency, collects personal information from its clients to facilitate debt collection activities on behalf of those clients.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Vulnerable APIs and Bot Attacks Costing Businesses Up to $186 Billion Annually

The Hacker News

Organizations are losing between $94 - $186 billion annually to vulnerable or insecure APIs (Application Programming Interfaces) and automated abuse by bots. That’s according to The Economic Impact of API and Bot Attacks report from Imperva, a Thales company. The report highlights that these security threats account for up to 11.

article thumbnail

Critical Apache Avro SDK RCE flaw impacts Java applications

Security Affairs

A critical vulnerability in the Apache Avro Java Software Development Kit (SDK) could be exploited to execute arbitrary code on vulnerable instances. A critical vulnerability, tracked as CVE-2024-47561, in the Apache Avro Java Software Development Kit (SDK) could allow the execution of arbitrary code on vulnerable instances. The flaw, tracked as CVE-2024-47561, impacts all versions of the software prior to 1.11.4.

Big data 134
article thumbnail

Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications

The Hacker News

A critical security flaw has been disclosed in the Apache Avro Java Software Development Kit (SDK) that, if successfully exploited, could allow the execution of arbitrary code on susceptible instances. The flaw, tracked as CVE-2024-47561, impacts all versions of the software prior to 1.11.4. "Schema parsing in the Java SDK of Apache Avro 1.11.

Software 130
article thumbnail

News alert: Hybrid Analysis adds Criminal IP’s real-time domain scans, boosts malware detection

The Last Watchdog

Torrance, Calif., Oct. 7, 2024, CyberNewswire — Criminal IP , a renowned Cyber Threat Intelligence (CTI) search engine developed by AI SPERA , has partnered with Hybrid Analysis , a platform that provides advanced malware analysis and threat intelligence, to enhance threat research. This collaboration integrates Criminal IP’s advanced domain scanning capabilities into the Hybrid Analysis platform, providing security professionals with deeper insights and more effective threat mitigation s

Malware 130
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

THN Cybersecurity Recap: Top Threats and Trends (Sep 30 - Oct 6)

The Hacker News

Ever heard of a "pig butchering" scam? Or a DDoS attack so big it could melt your brain? This week's cybersecurity recap has it all – government showdowns, sneaky malware, and even a dash of app store shenanigans. Get the scoop before it's too late!

article thumbnail

Akamai Embeds API Security Connector in CDN Platform

Security Boulevard

Akamai Technologies has made available at no extra cost a connector that makes it simpler for cybersecurity teams to discover application programming interfaces (APIs) that organizations have exposed via its content delivery network (CDN). The post Akamai Embeds API Security Connector in CDN Platform appeared first on Security Boulevard.

article thumbnail

Google Blocks Unsafe Android App Sideloading in India for Improved Fraud Protection

The Hacker News

Google has announced that it's piloting a new security initiative that automatically blocks sideloading of potentially unsafe Android apps in India, after similar tests in Singapore, Thailand, and Brazil.

128
128
article thumbnail

How to Prepare Identity Stack to Adopt the Zero-Trust Model

Security Boulevard

The zero-trust model demands robust identity security, which needs continuous verification of individuals and systems. The post How to Prepare Identity Stack to Adopt the Zero-Trust Model appeared first on Security Boulevard.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Comcast and Truist Bank customers impacted by debt collector’s breach

Malwarebytes

A data breach at Financial Business and Consumer Solutions (FBCS), a US debt collection agency, has led to the loss of data of some Comcast Cable Communications and Truist Bank customers. FBCS is in the business of collecting unpaid debts on behalf of its customers. The data breach occurred in February 2024 and the cybercriminals responsible for the incident gained access to: Full names Social Security Numbers (SSNs) Date of birth Account information and other provider information ID card and/or

Banking 123
article thumbnail

DOJ Wants to Claw Back $2.67 Million Stolen by Lazarus Group

Security Boulevard

The DOJ wants to seize $2.67 million from the $69 million in crypto the North Korean-backed Lazarus Group stole in from the options exchange Deribit in 2022 and online gambling platform Stake.com last year. The post DOJ Wants to Claw Back $2.67 Million Stolen by Lazarus Group appeared first on Security Boulevard.

article thumbnail

Your robot vacuum cleaner might be spying on you

Graham Cluley

When Sean Kelly bought a top-of-the-line vacuum cleaner, he imagined he was making a safe purchase. Little did he know that the cleaning machine scuttling about his family's feet contained a security flaw that could let anyone see and hear their every move. Read more in my article on the Hot for Security blog.

118
118
article thumbnail

Critical Skills Gap in AI, Cloud Security

Security Boulevard

There is a growing disconnect between the increasing sophistication of cybersecurity threats and the preparedness of IT teams to combat them, according to an O’Reilly study of more than 1300 IT professionals. The post Critical Skills Gap in AI, Cloud Security appeared first on Security Boulevard.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Large scale Google Ads campaign targets utility software

Malwarebytes

After what seemed like a long hiatus, we’ve observed threat actors returning to malvertising to drop malware disguised as software downloads. The campaign we identified is high-impact, going after utility software such as Slack, Notion, Calendly, Odoo, Basecamp, and others. For this blog, we decided to focus on the Mac version of communication tool Slack.

Software 117
article thumbnail

Reachability and Risk: Prioritizing Protection in a Complex Security Landscape

Security Boulevard

Understanding reachability is increasingly important for enterprises, as it can significantly influence their risk management strategies. The post Reachability and Risk: Prioritizing Protection in a Complex Security Landscape appeared first on Security Boulevard.

Risk 118
article thumbnail

Your Smart TV is Watching You: New Research Reveals the Extent of ACR Tracking

Penetration Testing

A new study has revealed the extent to which smart TVs use Automatic Content Recognition (ACR) technology to track users’ viewing habits. The research, conducted by a team of scientists... The post Your Smart TV is Watching You: New Research Reveals the Extent of ACR Tracking appeared first on Cybersecurity News.

article thumbnail

Modernization of Authentication: Webinar on MFA, Passwords, and the Shift to Passwordless

The Hacker News

The interest in passwordless authentication has increased due to the rise of hybrid work environments and widespread digitization. This has led to a greater need for reliable data security and user-friendly interfaces. Without these measures, organizations are at risk of experiencing data breaches, leaks, and significant financial losses.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.