Security News > 2021 > September

Parts of New Zealand were cut off from the digital world today after a major local ISP was hit by an aggressive DDoS attack. Vocus - the country's third-largest internet operator which is behind brands including Orcon, Slingshot and Stuff Fibre - confirmed the cyberattack originated at one of its customers.

Microsoft has released Windows 11 and Windows 10, version 21H2 feature updates for enterprise testing before their general release later this year. "Organizations enrolled in the Windows Insider Program for Business can access these builds through all standard channels, including Windows Update, Windows Server Update Services, Azure Marketplace, and the Windows Insider Program ISO download page," Microsoft said.

The FBI Internet Crime Complaint Center has warned of a massive increase in sextortion complaints since the start of 2021, resulting in total financial losses of more than $8 million until the end of July. The federal agency received over 16,000 sextortion complaints until July 31, almost half of them coming from victims in the 20-39 age group.

The FBI Internet Crime Complaint Center has warned of a massive increase in sextortion complaints since the start of 2021, resulting in total financial losses of more than $8 million until the end of July. The federal agency received over 16,000 sextortion complaints until July 31, almost half of them coming from victims in the 20-39 age group.

Threat actors are compromising up to 100,000 inboxes daily in a campaign that targets gift card and customer-loyalty program data in hopes of reselling it or cashing in on freebies, a security researcher has found. "Whether it's related to hotel or airline rewards or just Amazon gift cards, after they successfully log in to the account their scripts start pilfering inboxes looking for things that could be of value," the researcher told Krebs, according to the post.

"Shah's first advice is that:"A negotiator should never reveal that they are a 'trained negotiator'. Shah sees his role as a conduit for the business to talk to the attackers, rather than a middleman, which means first he has to establish that the Storm team doesn't get involved with working out who was at fault.

A critical vulnerability that affects Cisco Enterprise NFV Infrastructure Software has been patched and Cisco is urging enterprise admins to quickly upgrade to a fixed version, as proof-of-concept exploit code is already available. The bug could be exploited by remote attackers to bypass authentication and log in to an affected device as an administrator.

Domain registrar MarkMonitor had left more than 60,000 parked domains vulnerable to domain hijacking. The parked domains were seen pointing to nonexistent Amazon S3 bucket addresses, hinting that there existed a domain takeover weakness.

Domain registrar MarkMonitor had left more than 60,000 parked domains vulnerable to domain hijacking. The parked domains were seen pointing to nonexistent Amazon S3 bucket addresses, hinting that there existed a domain takeover weakness.

Domain registrar MarkMonitor had left more than 60,000 parked domains vulnerable to domain hijacking. The parked domains were seen pointing to nonexistent Amazon S3 bucket addresses, hinting that there existed a domain takeover weakness.