Cyberattack

Cloudflare says it has blocked a distributed denial-of-service (DDoS) attack that peaked at between 50 and 70 million requests per second (rps), at one point reaching 71 rps. Cloudflare says that the attack “is the largest reported HTTP DDoS attack on record.” The record-breaking DDoS was just one of dozens of DDoS attacks over the …

As the digital age continues to progresses, it is increasingly important that we understand how to stay secure and protected when browsing online. It is becoming more and more likely that we will come across malicious sites and vulnerable networks, so it is essential that we take the necessary precautions to protect ourselves when browsing …

The websites of some German airports, financial institutions, and government agencies were targeted with distributed denial-of-service (DDoS) attacks earlier this week. The attacks are believed to be the work of Russian hacktivists. Germany’s Federal office for Information Security (BSI) says that some websites were made unavailable, but there were no service disruptions. Note DDoS attacks …

Security researcher Dawid Potocki discovered that more than 300 motherboard models from MSI do not implement the Secure Boot feature by default, which means that they will allow any bootloader, signed or unsigned, to run. According to an MSI Reddit post, the company says they “preemptively set Secure Boot as Enabled and ‘Always Execute’ as …

This article could start by reviewing the college that closed permanently after a ransomware attack or the large school district that suffered an incident during a recent holiday weekend. Or it could focus on how critical infrastructure—such as water treatment plants, pipelines, and meat processing plants—are increasingly under attack. We could even comment on the …

Royal Mail, which suffered a ransomware attack earlier this month, is slowly recovering from the incident. Initially, the attack disrupted the UK postal service company’s operations, rendering it unable to ship overseas. Earlier this week, Royal Mail said that it has “resumed the export of letters which do not require a customs declaration to all …

Updated on 2023-01-04: Cloud-based Records Management Service Discloses Cyberattack Cloud-based digital records management company Cott Systems has notified customers that it suffered an “organized cyberattack” in late December. Cott disconnected its servers to isolate the infection. As a result, many local governments across the US have been forced to turn to manual processes for birth …

Updated on 2023-01-11 SF BART ransomware The San Francisco Bay Area Rapid Transit (BART) is investigating an intrusion of its IT network after the Vice Society ransomware gang claimed to have compromised the agency via a blog post on their dark web leak site. The agency’s spokesperson told The Record that “no BART services or …

Updated on 2022-12-29: Comcast Xfinity account hacks Several Comcast Xfinity customers said they had their accounts hacked. The accounts were then used to reset passwords and bypass 2FA accounts on cryptocurrency portals like Gemini and Coinbase. Overview Comcast Xfinity accounts have been hacked in widespread credential stuffing attacks that bypassed the 2FA security. The compromised …

Updated on 2022-12-29: STEPPY#KAVACH APT Securonix has a report out on a spear-phishing campaign linked to the STEPPY#KAVACH APT that targeted Indian government officials. Securonix researchers described STEPPY#KAVACH as having “many common TTPs with the SideCopy/APT36 threat actors” that were previously linked to the Pakistan government. Overview Indian government officials were targeted in a new …

Updated on 2022-12-22: T-Mobile hacker sentenced Argishti Khudaverdyan, the owner of a T-Mobile retail who hacked into T-Mobile’s main network as part of a larger phone-unlocking scheme, was sentenced last week to 10 years in prison. Read more: Former Mobile Phone Store Owner Sentenced to 10 Years in Federal Prison for Multimillion-Dollar Scheme to Illegally …

Updated on 2023-01-05: SickKids ransomware attack The LockBit ransomware gang has apologized for its attack on the Sick Kids Hospital chain and released a free decrypter to help the victim recover files without paying. Updated on 2023-01-02 LockBit apologized for the attack on SickKids, Canada, and released a free decryptor for the hospital. It claimed …

Updated on 2022-12-13 A severe vulnerability in Amazon ECR Public Gallery could enable attackers to delete any container image or insert malicious code into the images of other accounts. Read more: Amazon ECR Public Gallery flaw could have wiped or poisoned any image Overview: AWS ECR vulnerability Cybersecurity firm Ligthspin has discovered a vulnerability in …

Updated on 2022-12-12: Phosphorus APT brazenness Researchers with Team Cymru say that even if one of their servers was exposed in a CISA alert in September, Phosphorus, an Iranian threat actor group, has continued to use it for subsequent attacks throughout October and November 2022. Read more: Alert (AA22-257A): Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber …

Updated on 2022-12-12: MuddyWater APT Deep Instinct researchers have a report out on a recent spear-phishing campaign carried out by the MuddyWater Iranian APT. This particular campaign was of note because of two things. First, the group used compromised corporate accounts to send out emails to their targets. Second, the final payload was Syncro, a …