Cyberattacks

The Simply Cyber Report: January 10, 2023

Jan 10, 2023 By LimaCharlie In LimaCharlie

Unknown threat actors observed hiding malware execution behind a legitimate Windows support binary. S3 buckets now encrypted by default. Powerful Android malware targeting banking applications. End of life for WIndows Server 2008.

View Video

LimaCharlie

Read more about The Simply Cyber Report: January 10, 2023

SCATTERED SPIDER Exploits Windows Security Deficiencies with Bring-Your-Own-Vulnerable-Driver Tactic in Attempt to Bypass Endpoint Security

Jan 10, 2023 By CrowdStrike Intelligence Team In CrowdStrike

In December, CrowdStrike reported that beginning in June 2022, the CrowdStrike Services, CrowdStrike® Falcon OverWatch™ and CrowdStrike Intelligence teams observed an increase in the targeting of telco and BPO industries. CrowdStrike Intelligence attributed this campaign with low confidence to the SCATTERED SPIDER eCrime adversary.

Read Post

CrowdStrike

Read more about SCATTERED SPIDER Exploits Windows Security Deficiencies with Bring-Your-Own-Vulnerable-Driver Tactic in Attempt to Bypass Endpoint Security

What is DDoS-for-hire?

Jan 10, 2023 By A10 Networks In A10 Networks

The term of the day is DDoS-for-hire, a service that allows anyone to purchase and carry out a distributed denial of service (DDoS) attack. This type of service is modeled after the Software as a service (SaaS) business model and is often profitable because it allows the operator of an Internet of Things (IoT) botnet to conduct a cost-effective attack.

View Video

A10 Networks

Read more about What is DDoS-for-hire?

Leveraging Zero Trust and Threat Intelligence for DDoS Protection

Jan 10, 2023 By A10 Networks In A10 Networks

With the growing number of botnets escalating the danger of denial of service attacks, companies are increasing their focus on DDoS defense. The Zero Trust architecture plays a crucial role in this endeavor, helping to secure networks from being used as weapons and ensuring that only verified and authorized individuals can access resources.

View Video

A10 Networks

Read more about Leveraging Zero Trust and Threat Intelligence for DDoS Protection

Infrastructure Attacks vs. Application Attacks

Jan 10, 2023 By A10 Networks In A10 Networks

An infrastructure attack aims to exploit vulnerabilities in the network layer or transport layer. These attacks are called DDoS attacks and include SYN floods, Ping of Death, and UDP floods. Infrastructure attacks can be broken down into two subcategories: volumetric attacks and protocol attacks. Volumetric attacks focus on inundating a server with false requests to overload its bandwidth, while protocol attacks target specific protocols to crash a system.

View Video

A10 Networks

Read more about Infrastructure Attacks vs. Application Attacks

AWS hit by Largest Reported DDoS Attack of 2.3 Tbps

Jan 10, 2023 By A10 Networks In A10 Networks

A significant milestone occurred with the reported largest DDoS attack on Amazon Web Services (AWS) reaching 2.3 terabits per second. This is a substantial increase of 70% from the previous record holder, the Memcached-based GitHub DDoS attack in 2018, which measured 1.35 terabits per second. Over the years, these attention-grabbing performance gains in DDoS attacks have been rising consistently, with major high-profile attacks happening every two years.

View Video

A10 Networks

Read more about AWS hit by Largest Reported DDoS Attack of 2.3 Tbps

Preventing Cyberattacks Against HR Teams

Jan 6, 2023 By Keeper Security In Keeper

IT leaders count on Human Resource (HR) departments to be partners in promoting an organizational culture that values security. From setting device usage policies on an employee’s first day to facilitating security training and awareness, HR has an important role to play in the adoption of IT policies. In their day-to-day roles, HR is critical to security in its own right.

Read Post

Keeper

Read more about Preventing Cyberattacks Against HR Teams

What is a cyber attack? Cybersecurity 101

Jan 6, 2023 By Bulletproof In Bulletproof

What is a #cyberattack? This quick (mostly) off-the-cuff video that maaaaaybe explains all. Part of our #Cybersecurity101 series – an introduction to the basic terms you’ll hear in the world of cyber security.

View Video

Bulletproof

Read more about What is a cyber attack? Cybersecurity 101

10 of the Most Common IoT Hacks and How to Defend Against Them

Jan 6, 2023 By Louise José In Device Authority

The Internet of Things (IoT) has revolutionised the way we live and work, connecting devices and systems to the internet and each other to create a more efficient and interconnected world. However, as with any new technology, the IoT comes with its own set of security risks and vulnerabilities. In this blog, we will look at the 10 most common IoT hacks and how to defend against them.

Read Post

Device Authority

Read more about 10 of the Most Common IoT Hacks and How to Defend Against Them

Watch out for DoS when using Rust's popular Hyper package

Jan 5, 2023 By Ori Hollander In JFrog

The JFrog Security Research team is constantly looking for new and previously unknown vulnerabilities and security issues in popular open-source projects to help improve their security posture and defend the wider software supply chain.

Read Post