Security News

In this video for Help Net Security, Tom Van de Wiele, Principal Security Consultant, Cyber Security Services at WithSecure, talks about cyber threats aimed at governmental organizations. Attacks against governments are nothing new, they have been an interesting target since they have existed, for the mere reason that not everyone agrees on how things are ran.

CIS relies on the contributions of these passionate industry experts to create and maintain the CIS Benchmarks. To start these new mappings, CIS focused on two of the most downloaded CIS Benchmarks - Microsoft Windows 10 and Red Hat Enterprise Linux 7 - and drilled in to MITRE ATT&CKtechniques.

The report indicates that 2021 was another record year for DDoS attacks, as Comcast Business DDoS Mitigation Services identified and helped defend 24,845 multi-vector attacks targeting Layers 3,4, and 7 simultaneously. Overall, 69 percent of customers experienced DDoS attacks, a 41 percent increase over 2020, while 55 percent were targets of mulit-vector attacks, as opposed to in 2020 where most customers experienced single vector attacks.

DDoS attacks were at all-time high in Q1 2022 due to war in Ukraine. Kaspersky recently released findings that the number of DDoS attacks are the most frequent they have ever been and dwarf the rate of DDoS attacks from just a year prior.

Although the public interest and focus of the infosec community have moved to newer vulnerabilities and exploits, Log4Shell continues to be a large-scale problem and a grave security risk. The last time we touched the subject of Log4Shell exploitation was roughly two months ago when a Barracuda report highlighted that it was primarily botnets that leveraged it for DDoS and cryptocurrency mining.

Kaspersky has released a report showing Distributed Denial of Service attacks hit an all-time-high in the first quarter of 2022. The attacks detected by the security outfit easily surpassed those of the previous quarter and were up 46 per cent on the same time last year.

A group wielding the Quantum Locker ransomware is hitting targets in a blitzkrieg-like manner, going from intial compromise to domain-wide deployment and execution in under four hours, researchers with The DFIR Report are warning. The threat of ransomware continues unabated and attackers are becoming increasingly adept at executing attacks speedily, giving defenders only a small window of opportunity to detect, respond to and mitigate them.

In this video for Help Net Security, James Mignacca, CEO at Cavelo, talks about cyber asset attack surface management, which Gartner recently identified as an emerging technology. As companies moved to a hybrid workforce model, their assets were not just limited to the office space anymore.

The U.S. Cybersecurity and Infrastructure Security Agency has added seven vulnerabilities to its list of actively exploited security issues, including those from Microsoft, Linux, and Jenkins. The 'Known Exploited Vulnerabilities Catalog' is a list of vulnerabilities known to be actively exploited in cyberattacks and required to be patched by Federal Civilian Executive Branch agencies.

The Quantum ransomware, a strain first discovered in August 2021, were seen carrying out speedy attacks that escalate quickly, leaving defenders little time to react. The technical details of a Quantum ransomware attack were analyzed by security researchers at The DFIR Report, who says the attack lasted only 3 hours and 44 minutes from initial infection to the completion of encrypting devices.