The U.S. government wants to find the people responsible for the Colonial Pipeline ransomware attack and it's putting up multi-million rewards for data on the operators behind the DarkSide extortion campaign. The Department of State on Thursday offered up to $10 million for information leading to the identification or location of senior members of the DarkSide gang that caused major gas disruptions earlier this year. READ MORE...
Radware has published results from its report which provides an overview of the DDoS attack landscape, application attack developments, and unsolicited network scanning trends. "More DDoS attacks were blocked during the first nine months of 2021 than all of 2020," said Pascal Geenens, director of threat intelligence for Radware. During the third quarter, DDoS records for large volumetric attacks were broken across three continents." READ MORE...
Researchers are calling attention to a newly discovered security defect in a kernel module that ships with all major Linux distributions, warning that remote attackers can exploit the bug to take complete control of a vulnerable system. The vulnerability -- CVE-2021-43267 -- is described as a heap overflow in the TIPC (Transparent Inter-Process Communication) module that ships with the Linux kernel to allow nodes in a cluster to communicate with each other in a fault-tolerant way. READ MORE...
NSO Group - the Israeli-based maker of the notorious, military-grade Pegasus spyware that's been linked to cyberattacks against dissidents, activists and NGOs (and murders of journalists) at the hands of repressive regimes - has been blacklisted by the United States. NSO Group is one of four spyware developers or traffickers that the U.S. Commerce Department added to its "Entity List" on Wednesday, effectively banning trade with the company. READ MORE...
The Federal Bureau of Investigation (FBI) warns that victims of various fraud schemes are increasingly asked by criminals to use cryptocurrency ATMs and Quick Response (QR) codes, making it harder to recover their financial losses. The warning was published as a public service announcement on the Bureau's Internet Crime Complaint Center (IC3) on Thursday. READ MORE...
The holiday shopping season always means big business for phishers, who tend to find increased success this time of year with a lure about a wayward package that needs redelivery. Here's a look at a fairly elaborate SMS-based phishing scam that spoofs FedEx in a bid to extract personal and financial information from unwary recipients. Louis Morton, a security professional based in Fort Worth, Texas, forwarded an SMS phishing or "smishing" message sent to his wife's mobile device. READ MORE...
A new multistage phishing campaign spoofs Amazon's order notification page and includes a phony customer service voice number where the attackers request the victim's credit card details to correct the errant "order." The campaign, highlighted in new research from Avanan on Thursday, underscores how phishing attacks are growing in sophistication by using a combination of email and voice lures and leveraging popular brands such as Amazon to scam potential victims. READ MORE...