Security News > 2022 > January

Anycast's advantages were understood in principle, but it took the DDoS attack in 2007 to shift the dial for DNS Anycast as big Content Delivery Networks, and top-level domain registrars adopted the technology at speed. "For Anycast to work, you have to know how Internet global routing and BGP works. But we were DNS guys, not network guys. We had to learn it the hard way over several years. Even now, 50 per cent of the work at RcodeZero DNS is maintaining perfect global routing," agrees Darilion.

Law enforcement authorities from 10 countries took down VPNLab.net, a VPN service provider used by ransomware operators and malware actors. The law operatives seized 15 servers used by the VPNLab.net service and took down its main site, so the platform is no longer available.

Microsoft has patched the patch that broke chunks of Windows and emitted fixes for a Patch Tuesday cock-up that left servers rebooting and VPNs disconnected. On the receiving end of the company's attention were Windows desktop and Windows Server installs left a little broken following Microsoft's latest demonstration of its legendary quality control.

International courier and package delivery company DHL heads the list of most imitated brands by phishers and malware peddlers in Q4 2021, according to Check Point Research. "FedEx also appeared in the top ten list for the first time in Q4 2021, no doubt the result of threat actors trying to target vulnerable online shoppers in the run-up to the festive season as the pandemic remained a key concern," the company has noted.

Providing public Wi-Fi is a great service to offer your customers as it becomes more and more standard in today's society. According to recent statistics, there are about 410,000 public Wi-Fi hotspots in the United States alone, in public places such as parks, libraries, public transportation, and train stations.

Cybersecurity researchers have disclosed details of a now-patched bug in Box's multi-factor authentication mechanism that could be abused to completely sidestep SMS-based login verification. "Using this technique, an attacker could use stolen credentials to compromise an organization's Box account and exfiltrate sensitive data without access to the victim's phone," Varonis researchers said in a report shared with The Hacker News.

Consumers are increasingly utilising Buy Now Pay Later payment options to make online purchases. As a result, BNPL is currently the fastest growing e-commerce payment solution of recent years, now accounting for 2.6% of global e-commerce sales.

In this interview with Help Net Security, Scott Laliberte, Managing Director at Protiviti, talks about the implementation of AI and ML in cybersecurity programs, why this is a good practice and how it can advance cybersecurity overall. To adopt these new technologies, the organization must not only change its existing approaches, but also change the mindset of its people and its culture in order to really embrace them.

The updated standard helps payment card vendors secure the components and sensitive data involved in the production of payment cards, protecting against fraud via the compromise of card materials. PCI Card Production and Provisioning Security Requirements version 3.0 ensure the strongest protections for customer payment information during card production and provisioning.

VPNLab.net, a VPN provider that was used by malicious actors to deploy ransomware and facilitate other cybercrimes, was taken offline following a coordinated law enforcement operation. Europol said it took action against the misuse of the VPN service by grounding 15 of its servers on January 17 and rendering it inoperable as part of a disruptive action that took place across Germany, the Netherlands, Canada, the Czech Republic, France, Hungary, Latvia, Ukraine, the U.S., and the U.K. A second outcome of the seizure is that at least 100 businesses that have been identified as at risk of impending cyber attacks are being notified.