DHS Says China, Russia, Iran, and Israel Are Spying on People in US with SS7
The Department of Homeland Security knows which countries SS7 attacks are primarily originating from. Others include countries in Europe, Africa, and the Middle East.
300,000+ Prometheus Servers and Exporters Exposed to DoS Attacks
In this research, we uncovered several vulnerabilities and security flaws within the Prometheus ecosystem. These findings span across three major areas: information disclosure, denial-of-service (DoS), and code execution. We found that exposed Prometheus servers or exporters, often lacking proper authentication, allowed attackers to easily gather sensitive information, such as credentials and API keys. Additionally, we identified an alarming risk of DoS attacks stemming from the exposure of pprof debugging endpoints, which, when exploited, could overwhelm and crash Prometheus servers, Kubernetes pods and other hosts.
Tuta has suffered multiple DDoS attacks in one week – but it claims privacy has not been compromised
Some users are still lamenting issues in using the encrypted email service
Lateral Movement on macOS: Unique and Popular Techniques and In-the-Wild Examples
We uncover macOS lateral movement tactics, such as SSH key misuse and AppleScript exploitation. Strategies to counter this attack trend are also discussed. We uncover macOS lateral movement tactics, such as SSH key misuse and AppleScript exploitation. Strategies to counter this attack trend are also discussed.
Update on Windows Downdate
Downgrade attacks: researchers took over the Windows Update process to make the term “fully patched” meaningless on any Windows machine.
New Gorilla Botnet Launches Over 300,000 DDoS Attacks Across 100 Countries
New Gorilla botnet launches over 300,000 DDoS attacks globally, exploiting IoT devices and Apache Hadoop flaws.
Geopolitical Tensions Drive Explosion in DDoS Attacks
Radware found that Web DDoS attacks rose by 265% in H1 2024, driven by hacktivist groups amid rising geopolitical tensions
Apple warns iPhone users in 98 countries of spyware attacks
Apple has issued a new round of threat notifications to iPhone users across 98 countries, warning them of potential mercenary spyware attacks. It's the Apple issued threat notifications to iPhone users across 98 countries, warning them of spyware attacks.
How do cryptocurrency drainer phishing scams work?
In recent months, a surge in cryptodrainer phishing attacks has been observed, targeting cryptocurrency holders with sophisticated schemes aimed at tricking them into divulging their valuable credentials.
The Rise of Packet Rate Attacks: When Core Routers Turn Evil
A sharp increase of DDoS attacks have been observed since the beginning of 2023. A new trend is to send high packet rate attacks though. This article introduces the findings of our teams in order to bring new insights regarding this threat.
Vulnerabilities in CocoaPods Open the Door to Supply Chain Attacks Against Thousands of iOS and MacOS Applications
- E.V.A Information Security researchers uncovered several vulnerabilities in the CocoaPods dependency manager that allows any malicious actor to claim ownership over thousands of unclaimed pods and insert malicious code into many of the most popular iOS and MacOS applications. These vulnerabilities have since been patched. Such an attack on the mobile app ecosystem could infect almost every Apple device, leaving thousands of organizations vulnerable to catastrophic financial and reputational damage. One of the vulnerabilities could also enable zero day attacks against the most advanced and secure organizations’ infrastructure. Developers and DevOps teams that have used CocoaPods in recent years should verify the integrity of open source dependencies used in their application code. * Dependency managers are an often-overlooked aspect of software supply chain security. Security leaders should explore ways to increase governance and oversight over the use these tools.
Mandiant Finds Possible Link Between Kremlin, Pro-Russian ‘Hacktivists’
US officials and allies have warned about attacks from XakNet and related groups.
CVE-2022-26143: TP240PhoneHome Reflection/Amplification DDoS Attack Vector
A new reflection/amplification distributed denial of service (DDoS) vector with a record-breaking potential amplification ratio of 4,294,967,296:1 has been abused by attackers in the wild to launch multiple high-impact DDoS attacks.
'Got that boomer!': How cybercriminals steal one-time passcodes for SIM swap attacks and raiding bank accounts | TechCrunch
The incoming phone call flashes on a victim’s phone. It may only last a few seconds, but can end with the victim handing over codes that give cybercriminals the ability to hijack their online accounts or drain their crypto and digital wallets. “This is the PayPal security team here. We’ve detected some unusual activity on your account and are calling you as a precautionary measure,” the caller’s robotic voice says. “Please enter the six-digit security code that we’ve sent to your mobile device.”
DDoS threat report for 2024 Q1
2024 started with a bang. Cloudflare’s autonomous systems mitigated over 4.5 million DDoS attacks in the first quarter of the year — a 50% increase compared to the previous year.
Mandiant Finds Possible Link Between Kremlin, Pro-Russian ‘Hacktivists’
US officials and allies have warned about attacks from XakNet and related groups.
CVE-2022-26143: TP240PhoneHome Reflection/Amplification DDoS Attack Vector
A new reflection/amplification distributed denial of service (DDoS) vector with a record-breaking potential amplification ratio of 4,294,967,296:1 has been abused by attackers in the wild to launch multiple high-impact DDoS attacks.
DSoS attacks statistics and observations
he year 2023 turned out to be quite rich in events and trends in the field of cybersecurity. We witnessed a new term "white noise", the development of artificial intelligence led to increased bot activity, which significantly affected commercial companies. We detected signs of a resurgence in popularity of commercial DDoS attacks. The implementation of "remote office" technologies led to the expansion of communication channels and, as a result, increased intensity of attacks. But first things first. DDoS Attacks by Vectors The fourth quarter of the past year didn't bring any surprises in terms of the distribution of mixed attacks by vectors. UDP flood once again topped the list with a rate of 60.20%. IP flood came in second at 16.86%. Multivector attacks also made it into the top three with 13.36%. Overall, the distribution was as follows: UDP flood - 60.20% SYN flood - 7.26% IP flood - 16.86% Multivector attacks - 13.36%
Mandiant Finds Possible Link Between Kremlin, Pro-Russian ‘Hacktivists’
US officials and allies have warned about attacks from XakNet and related groups.
CVE-2022-26143: TP240PhoneHome Reflection/Amplification DDoS Attack Vector
A new reflection/amplification distributed denial of service (DDoS) vector with a record-breaking potential amplification ratio of 4,294,967,296:1 has been abused by attackers in the wild to launch multiple high-impact DDoS attacks.
Understanding and Responding to Distributed Denial-Of-Service Attacks
This joint guide, Understanding and Responding to Distributed Denial-Of-Service Attacks, addresses the specific needs and challenges faced by organizations in defending against DDoS attacks. The guidance now includes detailed insight into three different types of DDoS techniques: Volumetric, attacks aiming to consume available bandwidth. Protocol, attacks which exploit vulnerabilities in network protocols. * Application, attacks targeting vulnerabilities in specific applications or running services.
Mandiant Finds Possible Link Between Kremlin, Pro-Russian ‘Hacktivists’
US officials and allies have warned about attacks from XakNet and related groups.
CVE-2022-26143: TP240PhoneHome Reflection/Amplification DDoS Attack Vector
A new reflection/amplification distributed denial of service (DDoS) vector with a record-breaking potential amplification ratio of 4,294,967,296:1 has been abused by attackers in the wild to launch multiple high-impact DDoS attacks.
Amnesty confirms Apple warning: Indian journalists’ iPhones infected with Pegasus spyware
Apple's warnings in late October that Indian journalists and opposition figures may have been targeted by state-sponsored attacks prompted a forceful Behind closed doors, senior officials from Modi's administration demanded that Apple soften the political impact of the state-sponsored warnings, according to Washington Post.
Mandiant Finds Possible Link Between Kremlin, Pro-Russian ‘Hacktivists’
US officials and allies have warned about attacks from XakNet and related groups.
CVE-2022-26143: TP240PhoneHome Reflection/Amplification DDoS Attack Vector
A new reflection/amplification distributed denial of service (DDoS) vector with a record-breaking potential amplification ratio of 4,294,967,296:1 has been abused by attackers in the wild to launch multiple high-impact DDoS attacks.
Threat actors misuse OAuth applications to automate financially driven attacks
Microsoft Threat Intelligence presents cases of threat actors misusing OAuth applications as automation tools in financially motivated attacks.
Scanning Danger: Unmasking the Threats of Quishing
In this blog, we explore the modus operandi of threat actors utilizing QR code attacks, by examining recent and widespread quishing campaigns detected by Trellix.
Star Blizzard increases sophistication and evasion in ongoing attacks
Microsoft Threat Intelligence continues to track and disrupt malicious activity attributed to a Russian state-sponsored actor we track as Star Blizzard, who has improved their detection evasion capabilities since 2022 while remaining focused on email credential theft against targets.
Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns | CISA
The Russia-based actor Star Blizzard (formerly known as SEABORGIUM, also known as Callisto Group/TA446/COLDRIVER/TAG-53/BlueCharlie) continues to successfully use spear-phishing attacks against targeted organizations and individuals in the UK, and other geographical areas of interest, for information-gathering activity. The UK National Cyber Security Centre (NCSC), the US Cybersecurity and Infrastructure Security Agency (CISA), the US Federal Bureau of Investigation (FBI), the US National Security Agency (NSA), the US Cyber National Mission Force (CNMF), the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), the Canadian Centre for Cyber Security (CCCS), and the New Zealand National Cyber Security Centre (NCSC-NZ) assess that Star Blizzard is almost certainly subordinate to the Russian Federal Security Service (FSB) Centre 18.