Security News

Telnyx is the latest VoIP telephony provider targeted with distributed denial-of-service attacks, causing worldwide outages since yesterday. Starting November 9th at approximately 11 PM EST, Telnyx was targeted with a DDoS attack causing all telephony services to fail or be delayed.

After what has been a year of averaging more than a thousand ransomware attacks per day, NordLocker said that data released by hackers shows an unexpected industry at the top. Cloud security provider NordLocker has released a report of the 35 industries most hit by ransomware over the past year, and in what may be a surprise to some, the construction industry appears to have been the hardest hit.

A threat actor tracked as Shatak recently partnered with the ITG23 gang to deploy Conti ransomware on targeted systems. The Shatak operation partners with other malware developers to create phishing campaigns that download and infect victims with malware.

During this month's Patch Tuesday, Microsoft has patched an Excel zero-day vulnerability exploited in the wild by threat actors. Microsoft also patched a second Excel security flaw used during the Tianfu Cup hacking contest last month, a remote code execution bug tracked as CVE-2021-40442 and exploitable by unauthenticated attackers.

Over the past year there has been a dramatic rise in ransomware attacks, and while all organizations are a target, large enterprises are bearing the brunt - experiencing an average of 10,000 attacks over the past two years. Respondents cited phishing emails with ransomware attachments, web security, and phishing emails leading to a drive-by download as primary sources of ransomware attacks.

Apiiro released Dependency Combobulator, a modular and extensible open source toolkit to detect and prevent dependency confusion attacks. Dependency confusion compromises the open source software ecosystem by tricking end-users, developers and automation-systems into installing a malicious dependency instead of the correct one they intended to install, resulting in the compromise of their software.

Future malware and ransomware infections will consist of "Shotgun attacks with pinpoint targeting", according to Sophos' 2022 threat report. As if that wasn't enough, the British infosec biz reckons established commodity malware attacks will end up delivering ever more ransomware, while extortion tactics used by ransomware gangs will become more diverse and intense - with the aim of browbeating victims into handing over cash.

Q3 beat every record in terms of daily number of DDoS attacks, according to a new report from Kaspersky. The total number of DDoS attacks was up 24% compared to Q3 2020 while the number of advanced, "Smart" attacks was up 31% over the same time period.

A dozen new vulnerabilities were used in ransomware attacks this quarter, bringing the total number of vulnerabilities associated with ransomware to 278: a 4.5 percent increase over Q2, according to a new report. The news about the new vulnerabilities that have been pounced on by ransomware operators comes from Ivanti's Q3 2021 ransomware index spotlight report, published on Tuesday and conducted with Cyber Security Works and Cyware.

The number of security flaws associated with ransomware rose from 266 to 278 last quarter, according to security firm Ivanti. A report released Tuesday by security firm Ivanti looks at the rise in vulnerabilities exploited by ransomware attacks.