Why the Record-Breaking 30 Tbps DDoS Attack Should Concern Every Business
If you're reading this article, I can be pretty sure that your organisation relies on the internet. It may be for serving customers, delivering apps, running cloud services, or simply maintaining your day-to-day operations. The fact is that if your connection to the internet is disrupted, it is likely that there will be an impact on your business to a lesser or greater extent. And that's why a new warning about the threat posed by DDoS attacks should make you sit up and listen. READ MORE...
Cloudflare blames today's outage on emergency React2Shell patch
Earlier today, Cloudflare experienced a widespread outage that caused websites and online platforms worldwide to go down, returning a "500 Internal Server Error" message. In a status page update, the internet infrastructure company has now blamed the incident on an emergency patch designed to address a critical remote code execution vulnerability in React Server Components, which is now actively exploited in attacks. READ MORE...
Asus supplier hit by ransomware attack as gang flaunts alleged 1 TB haul
Asus has admitted that a third-party supplier was popped by cybercrims after the Everest ransomware gang claimed it had rifled through the tech titan's internal files. In a statement, Asus said a supplier "was hacked" and the incident "affected some of the camera source code for Asus phones," but insisted there was "no impact" on its own products, internal systems, or customer privacy. READ MORE...
Krebs: SMS Phishers Pivot to Points, Taxes, Fake Retailers
China-based phishing groups blamed for non-stop scam SMS messages about a supposed wayward package or unpaid toll fee are promoting a new offering, just in time for the holiday shopping season: Phishing kits for mass-creating fake but convincing e-commerce websites that convert customer payment card data into mobile wallets from Apple and Google. Experts say these same phishing groups also are now using SMS lures that promise unclaimed tax refunds and mobile rewards points. READ MORE...
Contractors with hacking records accused of wiping 96 govt databases
U.S. prosecutors have charged two Virginia brothers arrested on Wednesday with allegedly conspiring to steal sensitive information and destroy government databases after being fired from their jobs as federal contractors. Twin brothers Muneeb and Sohaib Akhter, both 34, were also sentenced to several years in prison in June 2015, after pleading guilty to accessing U.S. State Department systems without authorization and stealing personal information belonging to dozens of co-workers. READ MORE...
US Organizations Warned of Chinese Malware Used for Long-Term Persistence
A sophisticated China-linked threat actor tracked as Warp Panda has been targeting legal, manufacturing, and technology organizations in the US with BrickStorm and other malware families. Focusing on maintaining long-term access to the compromised networks, the Warp Panda APT is exploiting edge devices for initial access, and moves laterally to VMware vCenter servers using valid credentials or known vulnerabilities. READ MORE...
Officials warn about expansive, ongoing China espionage threat riding on Brickstorm malware
Cybersecurity authorities and threat analysts unveiled alarming details Thursday about a suspected China state-sponsored espionage and data theft campaign that Google previously warned about in September. The outlook based on their limited visibility into China's sustained ability to burrow into critical infrastructure and government agency networks undetected, dating back to at least 2022, is grim. READ MORE...
Engineer proves that Kohler's smart toilet cameras aren't very private
Kohler is facing backlash after an engineer pointed out that the company's new smart toilet cameras may not be as private as it wants people to believe. The discussion raises questions about Kohler's use of the term "end-to-end encryption" (E2EE) and the inherent privacy limitations of a device that films the goings-on of a toilet bowl. In October, Kohler announced its first "health" product, the Dekoda. READ MORE...
Data brokers are exposing medical professionals, and turning their personal lives into open files
Large amounts of personal information about medical professionals are available on people search sites. A new analysis by Incogni's researchers shows how much data about doctors appears online and how easily it can be found. The findings should concern healthcare leaders who support staff safety, workforce protection, and clinical operations. Researchers examined 786 medical doctors working in major U.S. hospitals. 97% of them appeared on at least one people search site. READ MORE...
Beijing-linked hackers are hammering max-severity React bug, AWS warns
Amazon has warned that China-nexus hacking crews began hammering the critical React "React2Shell" vulnerability within hours of disclosure, turning a theoretical CVSS-10 hole into a live-fire incident almost immediately. In a new advisory, AWS said its threat intelligence teams "observed active exploitation attempts by multiple China state-nexus threat groups, including Earth Lamia and Jackpot Panda." READ MORE...
In 1995, a Netscape employee wrote a hack in 10 days that now runs the Internet
Thirty years ago today, Netscape Communications and Sun Microsystems issued a joint press release announcing JavaScript, an object scripting language designed for creating interactive web applications. The language emerged from a frantic 10-day sprint at pioneering browser company Netscape, where engineer Brendan Eich hacked together a working internal prototype during May 1995. The descendants of Eich's initial hack now run on approximately 98.9 percent of all websites with client-side code. READ MORE...
- ...in 1890, Austrian-American director Fritz Lang, best known for making the classics "Metropolis" and "M", is born in Vienna.
- ...in 1933, the 21st Amendment to the US Constitution is ratified, overturning the 18th Amendment and ending the nationwide prohibition on alcohol.
- ...in 1969, the original four-node ARPANET network is established. It later becomes the first to use TCP/IP protocols, the basis of our modern Internet.
- ...in 2014, NASA launches the first flight test of the Orion MPCV (Multi-Purpose Crew Vehicle), which is currently being used in the unmanned Artemis I mission.
