Unprecedented 3.15 Billion Packet Rate DDoS Attack Mitigated by Global Secure Layer
On August 25th 2024, Global Secure Layer mitigated the largest packet rate DDoS attack recorded against our platform
cyberveille.decio.ch
DDoS attack volume rises, peak power reaches 1.7 Tbps
The total number of DDoS attacks during H1 2024 amounted to 830,000, an increase of 46% when compared to H1 2023, according to Gcore.
%2520attacks%2520on%2520other%2520targets.%26imtext3%3D%2520%26imtext4%3D%2520%2520%2520%26font%3D25%26Gravity%3DCenter?width=92&height=&ar=&mode=&format=avif&dpr=2)
Akamai Blocked 419 TB of Malicious Traffic in a 24-Hour DDoS Attack
On July 15, 2024, Akamai prevented one of the largest distributed denial-of-service (DDoS) cyberattacks it has ever observed against a major financial services company in Israel. The highly sophisticated, high-volume attack lasted almost 24 hours. The attacker deployed larger-than-usual resources, indicating a serious risk for future attacks. Other Israeli financial institutions reportedly suffered outages and downtimes on the same day, potentially due to the same type of attack and the same aggressor.
TuDoor
TuDoor is a new DNS attack, which could be exploited to carry out DNS cache poisoning, denial-of-service, and resource consuming. DNS can be compared to a game of chess in that its rules are simple, yet the possibilities it presents are endless. While the fundamental rules of DNS are straightforward, DNS implementations can be extremely complex. In this study, we intend to explore the complexities and vulnerabilities in DNS response pre-processing by systematically analyzing DNS RFCs and DNS software implementations.
Lviv neighbourhood left without heating, hot water by hacker attack
The Sykhiv residential area in Lviv was left without hot water and heating as a result of a hacker attack on Lvivteploenergo. This is reported on the company's website. "The hacker attack disrupted the heat supply management system. Work is underway to restore heating and hot water supply in the Sykhiv residential area. The estimated time of restoration is 21:00," the statement said.
South African pathology labs down after ransomware attack
The National Health Laboratory Service is the primary diagnostic service for 80% of the population, and no timeline for its restoration has been determined
New SnailLoad Attack Exploits Network Latency to Spy on Users' Web Activities
Researchers unveil SnailLoad, a new side-channel attack exploiting network latency to infer web activity remotely, achieving up to 98% accuracy in vid
New attack uses MSC files and Windows XSS flaw to breach networks
A novel command execution technique dubbed 'GrimResource' uses specially crafted MSC (Microsoft Saved Console) and an unpatched Windows XSS flaw to perform code execution via the Microsoft Management Console.
Okta warns of "unprecedented" credential stuffing attacks on customers
Okta warns of an "unprecedented" spike in credential stuffing attacks targeting its identity and access management solutions, with some customer accounts breached in the attacks.
Round 2: Change Healthcare Targeted in Second Ransomware Attack
RansomHub, which is speculated to have some connection to ALPHV, has stolen 4TB of sensitive data from the beleaguered healthcare company.
A Vigilante Hacker Took Down North Korea’s Internet. Now He’s Taking Off His Mask
As “P4x,” Alejandro Caceres single-handedly disrupted the internet of an entire country. Then he tried to show the US military how it can—and should—adopt his methods.
research!rsc: The xz attack shell script
Andres Freund published the existence of the xz attack on 2024-03-29 to the public oss-security@openwall mailing list. The day before, he alerted Debian security and the (private) distros@openwall list. In his mail, he says that he dug into this after “observing a few odd symptoms around liblzma (part of the xz package) on Debian sid installations over the last weeks (logins with ssh taking a lot of CPU, valgrind errors).” At a high level, the attack is split in two pieces: a shell script and an object file. There is an injection of shell code during configure, which injects the shell code into make. The shell code during make adds the object file to the build. This post examines the shell script. (See also my timeline post.)
PyPI halted new users and projects while it fended off supply-chain attack
Automation is making attacks on open source code repositories harder to fight.
Thousands of servers hacked in ongoing attack targeting Ray AI framework
Researchers say it's the first known in-the-wild attack targeting AI workloads.
Recent ‘MFA Bombing’ Attacks Targeting Apple Users – Krebs on Security
Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple's password reset feature. In this scenario, a target's Apple devices are forced to display dozens of system-level prompts that…
ZenHammer: Rowhammer Attacks on AMD Zen-based Platforms
Our work shows that it is possible to trigger Rowhammer bit flips on DDR4 devices on AMD Zen 2 and Zen 3 systems despite deployed TRR mitigations. This result proves that AMD systems are equally vulnerable to Rowhammer as Intel systems, which greatly increases the attack surface, considering today’s AMD market share of around 36%… Read
.jpg?width=92&height=&ar=&mode=&format=avif&dpr=2)
Managing Attack Surface | Huntress Blog
Huntress recently detected interesting activity on an endpoint; a threat actor was attempting to establish a foothold on an endpoint by using commands issued via MSSQL to upload a reverse shell accessible from the web server. All attempts were obviated by MAV and process detections, but boy-howdy, did they try!
LoanDepot Ransomware Attack Exposed 16.9 Million Individuals - SecurityWeek
Lending firm LoanDepot said the personal information of 16.9 million individuals was stolen in a ransomware attack in early January 2024.
GitHub besieged by millions of malicious repositories in ongoing attack | Ars Technica
GitHub keeps removing malware-laced repositories, but thousands remain.
Midnight Blizzard: Guidance for responders on nation-state attack
The Microsoft security team detected a nation-state attack on our corporate systems on January 12, 2024, and immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access. The Microsoft Threat Intelligence investigation identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor also known as NOBELIUM.
Microsoft's Top Execs' Emails Breached in Sophisticated Russia-Linked APT Attack
Microsoft on Friday revealed that it was the target of a nation-state attack on its corporate systems that resulted in the theft of emails and attachments from senior executives and other individuals in the company's cybersecurity and legal departments. The Windows maker attributed the attack to a Russian advanced persistent threat (APT) group it tracks as Midnight Blizzard (formerly Nobelium), which is also known as APT29, BlueBravo, Cloaked Ursa, Cozy Bear, and The Dukes.