DDoS Archives - Cyber Security Minute

EV Charging Infrastructure Offers an Electric Cyberattack Opportunity

Issued by: Dark Reading

As electric vehicle (EV) charging infrastructure rushes to keep pace with the dramatic rise in sales of electric vehicles in the United States, cyberattackers and security researchers alike have already started focusing on security weaknesses in the infrastructure. In February, researchers with energy-network cybersecurity firm Saiflow discovered two vulnerabilities in the Open Charge Point Protocol…

News

Cyberthreats, Regulations Mount for Financial Industry

Issued by: Dark Reading

The cybersecurity landscape for financial institutions and finance technology (fintech) has changed dramatically in the past few years, and 2023 will likely be no different. In 2022, for example, distributed denial-of-service (DDoS) attacks targeting financial firms increased by 22% worldwide, compared to the previous year, according to a joint report published by the Financial Services…

Application Security

When CISOs Are Ready to Hunt

Issued by: Dark Reading

Like a member of any profession, a chief information security officer (CISO) grows into their role. They exhibit a maturity curve that can be roughly split into five attitudes: Protection: When a CISO first steps into their role, they look to perfect the basics and build a fortress for themselves in the form of firewalls,…

Network Security

US Agencies Issue Guidance on Responding to DDoS Attacks

Issued by: Security Week

A type of cyberattack targeting applications or websites, denial-of-service (DoS) attacks aim to exhaust the target system’s resources to render it inaccessible to legitimate users. DDoS attacks may target server vulnerabilities to overload network resources or to consume these resources through the reflection of a high volume of network traffic to the target, or may…

Application Security, Software Security

Mirai Botnet Launched 2.5 Tbps DDoS Attack Against Minecraft Server

Issued by: Security Week

The attack was aimed at a Minecraft server named Wynncraft and it involved UDP and TCP floods. However, the web security firm said it mitigated the attack, preventing it from causing any disruption to the game. While this may have been a record-breaking attack for Cloudflare, Microsoft last year observed an attack that peaked at…

Malware & Threats

ALPHV Ransomware Gang Creates Searchable Database With Victim Data

Issued by: Security Week

Also known as BlackCat and Noberus, ALPHV emerged in November 2021 as the first ransomware family coded using the Rust programming language. To date, the ALPHV cybergang has compromised more than 100 organizations. Likely tied to the cybercrime group behind the Darkside/Blackmatter ransomware, ALPHV operates under the Ransomware-as-a-Service (RaaS) business model, with their affiliates compromising…

Malware & Threats

Linux Trojan XorDdos Attacks Surge, Targeting Cloud, IoT

Issued by: Dark Reading

Cybercriminal use of the Linux Trojan known as XorDdos is on the rise, according to a new report, which found a 254% increase in malicious activity against Linux endpoints using the malware over the last six months. It was first discovered in 2014, and the Microsoft 365 Defender Research Team explained in a recent blog…

Malware & Threats

‘Moobot’ Botnet Targets Hikvision Devices via Recent Vulnerability

Issued by: Security Week

Tracked as CVE-2021-36260 and affecting over 70 cameras and NVRs from Hikvision, the critical-severity bug can be exploited to gain root access and completely take over vulnerable devices, without any form of user interaction. Hikvision released patches for the vulnerability on September 18 and, shortly after, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) alerted…

Vulnerabilities

Home routers are being hijacked using vulnerability disclosed just 2 days ago

Issued by: Blog Malwarebytes

The early bird catches the worm. Unless the worm was early enough to hide. On August 3, 2021 a vulnerability that was discovered by Tenable was made public. Only two days later, on August 5, Juniper Threat Labs identified some attack patterns that attempted to exploit this vulnerability in the wild. The vulnerability is listed…

Vulnerabilities

TsuNAME Vulnerability Can Be Exploited for DDoS Attacks on DNS Servers

Issued by: Security Week

The flaw, dubbed TsuNAME, was discovered by researchers at SIDN Labs (the R&D team of the registry for .nl domains), InternetNZ (the registry for .nz domains), and the Information Science Institute at the University of Southern California. Impacted organizations have been notified and given 90 days to take action before the vulnerability was disclosed. Google…