Security News > 2023 > February

Web infrastructure company Cloudflare on Monday disclosed that it thwarted a record-breaking distributed denial-of-service attack that peaked at over 71 million requests per second. "The majority of attacks peaked in the ballpark of 50-70 million requests per second with the largest exceeding 71 million," the company said, calling it a "Hyper-volumetric" DDoS attack.

Still, getting a job in cybersecurity tends to take time and effort. In this Help Net Security interview, Joseph Cooper, Cybersecurity Recruiter at Aspiron Search, offers practical advice for job seekers and talks about how the cybersecurity profession continues to expand.

Apple on Monday rolled out security updates for iOS, iPadOS, macOS, and Safari to address a zero-day flaw that it said has been actively exploited in the wild. It's not immediately clear as to how the vulnerability is being exploited in real-world attacks, but it's the second actively abused type confusion flaw in WebKit to be patched by Apple after CVE-2022-42856 in as many months, which was closed in December 2022.

The number of DDoS attacks we see around the globe is on the rise, and that trend is likely to continue throughout 2023, according to Corero. We expect to see attackers deploy a higher rate of request-based or packets-per-second attacks.

While the report found that 96% of respondents were satisfied with the quality of threat intelligence their organization is using, respondents declared effectively applying that intelligence throughout the security organization to be one of their greatest challenges. Only 38% of security teams share threat intelligence with a wider group of employees for risk awareness.

In it, a pig butchering romance scammer targets her next victim: Sophos's lead threat researcher. "I was approached by multiple, separate scam operations personally, each running different variations on pig butchering," Sophos's principal threat researcher Sean Gallagher wrote in a blog post today about one of these attempts.

Crooks have breached Pepsi Bottling Ventures' network and, after deploying info-stealing malware, made off with sensitive personal and financial information according to a notification sent to consumers. Pepsi Bottling Ventures - America's largest manufacturer and distributor of Pepsi-Cola beverages - didn't discover the unauthorized activity until January 10, we're told.

Artificial intelligence in the service of security was a major focus at global cybersecurity firm Check Point's annual showcase for customers, CPX 360 2023. Besides pulling the wraps off dozens of new products and services, including Quantum SD-WAN and an Extended Cyber Attack Prevention Platform that covers network, endpoints, emails and more, the event gave stage time to Check Point's ThreatCloud AI generative AI framework.

The controversial Z-Library online eBook repository has once again returned to the web, this time with secret user URLs that attempt to hinder disruption by law enforcement. As first reported by TorrentFreak, Z-library announced on Saturday that the website is now available once again on clearnet sites using personalized domains for each member.

Along with those memory bugs, we also reported on a bug dubbed CVE-2022-4304: Timing Oracle in RSA Decryption. In other words, so-called timing attacks of this sort are always troublesome, even if you might need to send millions or bogus packets and time them all to have any chance at all.