Security News
A novel data exfiltration technique has been found to leverage a covert ultrasonic channel to leak sensitive information from isolated, air-gapped computers to a nearby smartphone that doesn't even require a microphone to pick up the sound waves. "Our malware generates ultrasonic tones in the resonance frequencies of the MEMS gyroscope," Dr. Guri said in a new paper published this week.
Radware released a report revealing that the number of malicious DDoS attacks climbed by 203% compared to the first six months of 2021. "As Russia invaded Ukraine, the cyber focus changed. It shifted from the consequences of the pandemic, including an increase in attack surfaces driven by work from home and the rise of underground crime syndicates, to a ground swell of DDoS activity launched by patriotic hacktivists and new legions of threat actors."
The security issue is a high-severity risk identified as CVE-2022-0028 that allows a remote threat actor to deploy reflected and amplified denial-of-service attacks without having to authenticate. While exploiting the flaw can only cause a DoS condition on the affected device, it has already been used for at least one attack.
From there they can send phishing messages carrying the AWS name into corporate emails systems to both get past scanners that typically would block suspicious messages and to add greater legitimacy to fool victims, according to email security vendor Avanan. In a report this week, researchers with Avanan - acquired last year by cybersecurity company Check Point - outlined a phishing campaign that uses AWS and unusual syntax construction in the messages to get past scanners.
The Federal Bureau of Investigation warns of a rising trend of cybercriminals using residential proxies to conduct large-scale credential stuffing attacks without being tracked, flagged, or blocked. Because credential stuffing attacks carry specific characteristics that differentiate them from regular login attempts, websites can easily detect and stop them.
The LockBit ransomware group last week claimed responsibility for an attack on cybersecurity vendor in June. LockBitSupp, the public face of LockBit that interacts with companies and cybersecurity researchers, told Shukuhi that the group's data leak site was getting 400 requests a second from more than 1,000 servers and that the group promised to add more resources to the site and to "Drain the ddosers money," he wrote.
How to protect your organization from ransomware-as-a-service attacks. In a report released Monday, Microsoft covers the latest wave of RaaS attacks and offers advice on how to combat them.
The LockBit ransomware operation's data leak sites have been shut down over the weekend due to a DDoS attack telling them to remove Entrust's allegedly stolen data. Soon after they started leaking data, researchers began reporting that the ransomware gang's Tor data leak sites were unavailable due to a DDoS attack.
Researchers have disclosed multiple vulnerabilities impacting Ultra-wideband Real-time Locating Systems, enabling threat actors to launch adversary-in-the-middle attacks and tamper with location data. "If a threat actor exploits these vulnerabilities, they have the ability to tamper with safety zones designated by RTLS to protect workers in hazardous areas."
Google's cloud division on Thursday disclosed it mitigated a series of HTTPS distributed denial-of-service attacks which peaked at 46 million requests per second, making it the largest such recorded to date. The attack, which occurred on June 1, targeting an unnamed Google Cloud Armor customer, is 76% larger than the 26 million RPS DDoS attack repealed by Cloudflare earlier this June.