Security News

During the pandemic, cyber attackers targeted industries providing connectivity, services and entertainment to populations forced to shelter-in-place, resulting in a 341% year-over-year increase in distributed denial-of-service attacks, according to Nexusguard. The massive shift in online behavior and reliance on connectivity strained communications service providers and internet service providers that provided the backbone for this remote work, including spikes in ransom DDoS attacks to extort organizations for payment in exchange for staying online.

Foodservice supplier Edward Don has suffered a ransomware attack that has caused the company to shut down portions of the network to prevent the attack's spread. Edward Don and Company is one of the largest distributors of foodservice equipment and supplies, such as kitchen supplies, bar supplies, flatware, and dinnerware. Today, BleepingComputer has learned that Edward Don suffered a ransomware attack earlier this week that has disrupted their business operations, including their phone systems, network, and email.

CD Projekt is warning today that internal data stolen during their February ransomware attack is circulating on the Internet. In February, CD Projekt suffered a ransomware attack that allowed threat actors to steal source code and business data before encrypting devices.

Researchers have disclosed a new type of attack that exploits misconfigurations in transport layer security servers to redirect HTTPS traffic from a victim's web browser to a different TLS service endpoint located on another IP address to steal sensitive information. The attacks have been dubbed ALPACA, short for "Application Layer Protocol Confusion - Analyzing and mitigating Cracks in tls Authentication," by a group of academics from Ruhr University Bochum, Münster University of Applied Sciences, and Paderborn University.

Google is warning that a bug in its Chrome web browser is actively under attack, and it is urging users to upgrade to the latest 91.0.4472.101 version to mitigate the issue. In all, Google rolled out fixes for 14 bugs impacting its Windows, Mac and Linux browsers as part of its June update to the Chrome desktop browser.

Microsoft has spotted a new, widespread, ongoing attack targeting Kubernetes clusters running Kubeflow instances, in order to plant malicious TensorFlow pods that are used to mine for cryptocurrency. The newly discovered attack is similar to a cryptocurrency mining attack that Microsoft reported last June.

Researchers from three universities in Germany have identified a new TLS attack method that can allow a man-in-the-middle attacker to extract user data or execute arbitrary code. The new attack, dubbed ALPACA, has been described as an "Application layer protocol content confusion attack."

Attention readers, if you are using Google Chrome browser on your Windows, Mac, or Linux computers, you need to update it immediately to the latest version Google released earlier today. The internet services company has rolled out an urgent update to the browser to address 14 newly discovered security issues, including a zero-day flaw that it says is being actively exploited in the wild.

Kinetic Business introduced DDoS Mitigation Service, a fully managed service that monitors, detects, validates and mitigates attacks-even on third-party networks -before an outage or related damage occurs. Kinetic's DDoS Mitigation Service uses a network of highly scalable scrubbing centers that ingest and inspect attack traffic upstream from the customer's network.

Microsoft warns of an ongoing series of attacks compromising Kubernetes clusters running Kubeflow machine learning instances to deploy malicious containers that mine for Monero and Ethereum cryptocurrency. The attacks had started towards the end of May when Microsoft security researchers observed a sudden increase in TensorFlow machine learning pod deployments.