Security News

The Vice Society ransomware operation has claimed responsibility for a cyberattack on Cincinnati State Technical and Community College, with the threat actors now leaking data allegedly stolen during the attack.All documents on the Vice Society site have been made freely accessible to visitors and contain PII in the leaked files.

Review and manage your consent Here's an overview of our use of cookies, similar technologies and how to manage them. The European Parliament has experienced a cyber attack that started not long after it declared Russia to be a state sponsor of terrorism.

Those affected may be unaware that their devices run services using the discontinued Boa web server, and that firmware updates and downstream patches do not address its known vulnerabilities. Boa is an open-source web server designed for embedded applications and used to access settings, management consoles, and sign-in screens in devices.

The website of the European Parliament has been taken down following a DDoS attack claimed by a pro-Russia group of hacktivists calling themselves Anonymous Russia. The Director General for Communication and Spokesperson of the European Parliament, Jaume Dauch, also stated after the website went down that the outage was caused by an ongoing DDoS attack.

A set of five exploitable vulnerabilities in Arm's Mali GPU driver remain unfixed months after the chip maker patched them, leaving potentially millions of Android devices exposed to attacks. The vulnerability impacts Arm Mali GPU kernel drivers Valhall r29p0 to r38p0.

The past few years have witnessed the rapid adoption of new cloud collaboration apps, cloud storage and services for employee productivity and external collaboration as organizations across the world have embraced new work patterns. Threat actors have pivoted their attack toolkits to extend beyond email and the web browser to the new apps and services that enterprises have adopted.

A credential stuffing attack over the weekend that affected sports betting biz DraftKings resulted in as much as $300,000 being stolen from customer accounts. The Boston-based company said that its systems were not breached but that the login information of the impacted customers was stolen elsewhere and applied to their DraftKings accounts, where the same passwords were reused.

Case in point: A large e-commerce website protected by DataDome's bot and online fraud management solution recently remained blissfully unaffected throughout a high volume, highly-distributed DDoS attack. Let's deep dive into a real-life attack to understand the key traits of a DDoS attack, how the threat landscape is evolving, and the implications when choosing a security solution.

Sports betting company DraftKings said today that it would make whole customers affected by a credential stuffing attack that led to losses of up to $300,000. The statement follows an early Monday morning tweet saying that DraftKings was investigating reports [1, 2, 3, 4] of customers experiencing issues with their accounts.

The Google Cloud Threat Intelligence team has open-sourced YARA Rules and a VirusTotal Collection of indicators of compromise to help defenders detect Cobalt Strike components in their networks. "We are releasing to the community a set of open-source YARA Rules and their integration as a VirusTotal Collection to help the community flag and identify Cobalt Strike's components and its respective versions," said Google Cloud Threat Intelligence security engineer Greg Sinclair.