News

At 15.3 million requests per second, the assault was the largest HTTPS blitz on record lasting 15 seconds

Cloudflare this month halted a massive distributed denial-of-service (DDoS) attack on a cryptocurrency platform that not only was unusual in its sheer size but also because it was launched over HTTPS and primarily originated from cloud datacenters rather than residential internet service providers (ISPs).…

Multi-layered protection from Huawei curbs ransomware attacks

Sponsored Feature  The mass pandemic-driven migration to remote working has been a significant threat vector which precipitated a surge in cyberattacks last year. Prominent among these were ransomware attacks, which rose by 92.7 percent year-on-year in 2021, according to consulting firm NCC Group.…

Malicious cyber actors go after 2021's biggest misses, spend less time on the classics

Security flaws in Log4j, Microsoft Exchange, and Atlassian's workspace collaboration software were among the bugs most frequently exploited by "malicious cyber actors" in 2021 , according to a joint advisory by the Five Eyes nations' cybersecurity and law enforcement agencies.…

Will Redmond start code-naming Windows make-me-admin bugs?

Flaws in networkd-dispatcher, a service used in some parts of the Linux world, can be exploited by a rogue logged-in user or application to escalate their privileges to root level, allowing the box to be commandeered, Microsoft researchers said Wednnesday.…

Because digital transformation means transforming security first

Sponsored Post  The threat of ransomware or nation state attacks might open-up corporate wallets for short-term cyber-security investment but working out how to develop both your security team and your defenses for the long-term calls for a little more sophistication.…

A different type of bug bounty

Uncle Sam will dole out up to $10 million for vital information on each of six Russian GRU officers linked to the Kremlin-backed Sandworm gang, who, according to the Feds, have plotted to carry out destructive cyber-attacks against American critical infrastructure.…

State-sponsored Bronze President group launches cyber-espionage malware campaign against notional ally

China appears to be entering a raging cyber-espionage battle that's grown in line with Russia's unprovoked attack on Ukraine, deploying advanced malware on the computer systems of Russian officials.…

First Middle Kingdom company to take a stance says it doesn't want anyone weaponizing its flying machines

In a first for a major Chinese tech company, drone-maker DJI Technologies announced on Tuesday that it will temporarily suspend business in both Russia and Ukraine.…

Our Vectra Masked CISO series tackles some of the biggest issues in security and how to overcome them

Advertorial  As security professionals, we aren’t known for our levity. True, we’re often fire-fighting serious incidents with potentially profound consequences for the organisation, and our career prospects. But our relationships with others are usually characterised by policing and enforcement rather than engagement and support.…

Web giant milks advertisers with data harvested from digital assistant

Amazon and third-party services have been using smart speaker interaction data for ad targeting, in violation of privacy commitments, according to researchers at four US universities.…

We hope you've patched that 9.8/10 severity bug

A team of Iranian cyber-spies dubbed Rocket Kitten, for one, is likely behind attempts to exploit a critical remote-code execution vulnerability in VMware's identity management software, according to endpoint security firm Morphisec.…

Life tastes not so good right now

Coca-Cola confirmed it's probing a possible network intrusion after the Stormous cybercrime gang claimed it stole 161GB of data from the beverage giant.…

Thinktank, and former Google CEO Eric Schmidt, call for proper policy development

The USA's policy of decoupling its technology industries from China lacks a strategy, a theory of success, and an understanding of how to achieve its ill-defined goals, according to a new paper by Jon Bateman from the thinktank Carnegie Endowment for International Peace (CEIP).…

More attacks and more targeted attacks than ever before. What could have happened to cause that uptick?

Kaspersky has released a report showing Distributed Denial of Service (DDoS) attacks hit an all-time-high in the first quarter of 2022.…

You thought hunting for discount vouchers took a while? That's nothing compared to Windows booting on a till

A fresh Windows 11 patch slipped out overnight as an optional update, but contains an impressively long list of fixes for Microsoft's flagship operating system.…

Meanwhile, UK and India finally explain Cyber Security Partnership agreed to in May 2021

India's government and the European Union have signed up to create a "Trade and Technology Council" – an entity the EU has previously only created to enhance its relationship with the United States.…

Worth doing a lot of heavy lifting there, we know

Crooks stole non-fungible tokens (NFTs) said to be worth about $3 million after breaking into the Bored Ape Yacht Club's Instagram account and posting a link to a copycat website that sought to harvest marks' assets. …

Financial software giant slammed for 'poor security practices'

Intuit is being sued in the US after a security failure at its Mailchimp email marketing business allegedly led to the theft of cryptocurrency from one or more digital wallets.…

Thinking of another word for this US govt department's name

The first bug bounty program by America's Homeland Security has led to the discovery and disclosure of 122 vulnerabilities, 27 of which were deemed critical.…

Check Point uncovers web vulnerability that could have led to cryptocurrency theft

A flaw detected in the browser version of the Ever Surf cryptocurrency wallet could have given hackers who exploited it full control over a targeted user's wallet, say threat hunters at Check Point Research.…