Security News > 2022 > April

Cloudflare on Wednesday disclosed that it acted to mitigate a 15.3 million request-per-second distributed denial-of-service attack. "HTTPS DDoS attacks are more expensive in terms of required computational resources because of the higher cost of establishing a secure TLS encrypted connection," Cloudflare's Omer Yoachimik and Julien Desgats said.

The university, located in Clarksville, Tennessee advised students, staff, and faculty to disconnect their computers and devices from the university network immediately as a precaution. On Wednesday, April 27th, Austin Peay State University, via its official Twitter account, confirmed that it had been hit by a cyberattack.

Info-Tech Research Group has published its annual report on the priorities for security leaders. The report looks into important security trends and the priorities that stem from them to help security leaders better secure their workforce in the remote work environment.

In 2021, threat actors aggressively exploited newly disclosed critical software vulnerabilities to hit a broad set of targets worldwide, says the latest advisory published by the US Cybersecurity and Infrastructure Security Agency. As you might have noticed due to the last few entries, attackers haven't stopped exploiting older publicly known software flaws.

Ransomware operators have reimagined their business model with ransomware as a service, selling related services to other attackers through membership, subscription or customization. Learning from advanced persistent threat campaigns, threat actors are customizing ransomware attacks by using highly experienced attack teams that hit targeted victims with APT-like precision and capability.

Every AppSec leader recognizes and admits that software development is accelerating, and there's no way their current approach is going to keep up. It is much better to prevent incidents than react to them after they have already happened.

In this video for Help Net Security, Tom Kellermann, Head of Cybersecurity Strategy at VMware, talks about threats against financial institutions and the findings of the Modern Bank Heists 5.0 report. There has been a dramatic uptick of attacks, not just specific to spearphishing, but attacks against APIs, attacks where ransomware was distributed inside infrastructure because of the presence of remote access trojans, island hopping, etc.

Security analytics uses data analysis - often aided by machine learning - to detect security threats and measure the effectiveness of security operations. Others deal with assessing the effectiveness of your security operations processes to help you detect inefficiencies or risks within your approach to security management.

Sophos released a survey and review of real-world ransomware experiences in a report which shows that 66% of organizations surveyed were hit with ransomware in 2021, up from 37% in 2020. "There could be several reasons for this, including incomplete backups or the desire to prevent stolen data from appearing on a public leak site. In the aftermath of a ransomware attack there is often intense pressure to get back up and running as soon as possible. Restoring encrypted data using backups can be a difficult and time-consuming process, so it can be tempting to think that paying a ransom for a decryption key is a faster option. It's also an option fraught with risk."

This article will answer that very question as well as why you need a Vulnerability Assessment Report and where you can get one from. What is a Vulnerability Assessment Report and why do you need one?