Security News > 2021 > September

A new distributed denial-of-service botnet that kept growing over the summer has been hammering Russian internet giant Yandex for the past month, the attack peaking at the unprecedented rate of 21.8 million requests per second. The botnet received the name Mēris, and it gets its power from tens of thousands of compromised devices that researchers believe to be primarily powerful networking equipment.

A critical security vulnerability in the Zoho ManageEngine ADSelfService Plus platform could allow remote attackers to bypass authentication and have free rein across users' Active Directory and cloud accounts. The Zoho ManageEngine ADSelfService Plus is a self-service password management and single sign-on solution for AD and cloud apps, meaning that any cyberattacker able to take control of the platform would have multiple pivot points into both mission-critical apps and other parts of the corporate network via AD. It is, in other words, a powerful, highly privileged application which can act as a convenient point-of-entry to areas deep inside an enterprise's footprint for both users and attackers alike.

McDonald's customers who won a prize draw competition got more than they hoped for after the burger chain emailed them login credentials for development and production databases used to power the campaign. The first person to report the blunder to McDonald's, startup founder Connor Greig, told The Register: "It's a bit weird," adding that code strings containing the credentials looked as if they had "Been formatted into the email by accident."

Attackers have been targeting the Kurdish ethic group for more than a year through an Facebook-based spyware campaign that disguises backdoors in legitimate Android apps, researchers have found. The campaign disguises the 888 RAT in Android apps using dedicated Facebook profiles, researchers aid.

How do you set up two-step verification for Google? The process isn't difficult but does require a few steps to take and a few choices to make. Figure B. Assuming you chose the code option, the next screen displays your phone number and asks how you wish to receive the code: text message or phone call.

We knew the basics of this story, but it’s good to have more detail. Here’s me in 2015 about this Juniper hack. Here’s me in 2007 on the NSA backdoor.

On Thursday, HP released an HP Wolf Security report titled "Rebellions & Rejection." The findings detail employee pushback due to company cybersecurity policies and operational drawbacks for IT teams overseeing these networks. At the same time, these new operations also presented security risks with remote workers logging on from home on a mixed bag of personal and company devices.

The OpenSSL Project has released OpenSSL 3.0, a major new stable version of the popular and widely used cryptography library. OpenSSL contain an open-source implementation of the SSL and TLS protocols, which provide the ability to secure communications across networks.

Russian internet giant Yandex has been targeted in a massive distributed denial-of-service attack that started last week and reportedly continues this week. A report in Russian media says that the assault is the largest in the short history of the Russian internet, the RuNet, and that it was confirmed by a U.S.-based company.

Recent events such as the SolarWinds breach, Microsoft Exchange server attack and Fastly outage have revealed that conventional third-party risk management programs are not enough to generate the necessary visibility into supply chain risk. Should one of those giants fail, the impact could ripple across multiple vendors, posing a serious risk to a company.