Security News

Health insurance provider Medibank has confirmed that a ransomware attack is responsible for last week's cyberattack and disruption of online services.Medibank Private Limited is one of Australia's largest private health insurance providers, covering over 3.7 million people and having 4,000 employees.

German newspaper 'Heilbronn Stimme' published today's 28-page issue in e-paper form after a Friday ransomware attack crippled its printing systems. On Saturday, the newspaper issued an "Emergency" six-page edition while all planned obituaries were posted on the website.

Lack of transparency, systemic risks weaken national cybersecurity preparednessBob Kolasky, SVP for Critical Infrastructure at Exiger, previously served as Assistant Director for Cybersecurity and Infrastructure Security Agency, and in this Help Net Security interview talks about protecting critical infrastructure, the importance of information-sharing, national cybersecurity preparedness, and more. Weakness in Microsoft Office 365 Message Encryption could expose email contentsWithSecure researchers are warning organizations of a security weakness in Microsoft Office 365 Message Encryption that could be exploited by attackers to obtain sensitive information.

Tata Power Company Limited, India's largest integrated power company, on Friday confirmed it was targeted by a cyberattack. The intrusion on IT infrastructure impacted "Some of its IT systems," the company said in a filing with the National Stock Exchange of India.

Web infrastructure and security company Cloudflare disclosed this week that it halted a 2.5 Tbps distributed denial-of-service attack launched by a Mirai botnet. Characterizing it as a "Multi-vector attack consisting of UDP and TCP floods," researcher Omer Yoachimik said the DDoS attack targeted the Minecraft server Wynncraft in Q3 2022.

A proof-of-concept exploit code has been made available for the recently disclosed critical security flaw affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManager, making it imperative that users move quickly to apply the patches. "FortiOS exposes a management web portal that allows a user to configure the system," Horizon3.

American business magazine Fast Company reached out to its Executive Board members this week to let them know their personal information was not stolen in a September 27 cyberattack that forced it to shut down its website. "The hacked downloaded Fast Company contributor user names and passwords and made the obtained information available for purchase on the web site called Breach Forums," Fast Company said in a notification shared with us by a reader.

A pro-Russian group created a crowdsourced project called 'DDOSIA' that pays volunteers launching distributed denial-of-service attacks against western entities. In hacktivist DDoS attacks, volunteers don't get a monetary reward.

New Alchimist attack framework hits Windows, Linux and Mac. During initialization, all its content is placed in hard coded folders, namely /tmp/Res for the web interface, HTML files and more folders, and /tmp/Res/Payload for its payloads for Windows and Linux operating systems.

Wynncraft, one of the largest Minecraft servers, was recently hit by a 2.5 Tbps distributed denial-of-service attack. It was a multi-vector attack that lasted for about two minutes and consisted of UDP and TCP floods packets attempting to overwhelm the server and keep out hundreds of thousands of players, DDoS mitigation company Cloudflare says.