Security News

​CISA and the FBI said today that Distributed Denial of Service (DDoS) attacks targeting election infrastructure will, at most, hinder public access to information but will have no impact on the...

Do you have problems configuring Microsoft's Defender? You might not be alone: Microsoft admitted that whatever it's using for its defensive implementation exacerbated yesterday's Azure instability. Microsoft has published its strategy to defend against network-based DDoS attacks, noting it was unique due to the global footprint of the company.

Microsoft confirmed that a nine-hour outage on Tuesday, which disrupted numerous Microsoft 365 and Azure services worldwide, was caused by a distributed denial-of-service (DDoS) attack. Affected services included Microsoft Entra, Intune, Power BI, Power Platform, Azure App Services, and others.The company explained that their DDoS protection mechanisms were triggered, but an error in the implementation of their defenses exacerbated the attack's impact. Once the issue was identified, Microsoft made networking configuration changes and rerouted to alternate paths to mitigate the problem.

A DDoS attack that started on Tuesday has made a number of Microsoft Azure and Microsoft 365 services temporarily inaccessible, the company has confirmed. Microsoft's mitigation statement on the Azure status history page.

A DDoS-for-hire site described by the UK's National Crime Agency as the world's most prolific operator in the field is out-of-action following a law enforcement sting dubbed Operation Power Off. Su - a platform responsible for tens of thousands of DDoS attacks every week - and the arrest of its suspected admin.

DDoS-for-hire service DigitalStress was taken down on July 2 in a joint law enforcement operation led by the United Kingdom's National Crime Agency. The Police Service of Northern Ireland also arrested its owner this month, and NCA agents infiltrated the communication services used to plan distributed denial-of-service attacks, collecting data on DigitalStress's "Customers."

The vulnerability in question is CVE-2024-4577, which allows an attacker to remotely execute malicious commands on Windows systems using Chinese and Japanese language locales. The disclosure comes as Cloudflare said it recorded a 20% year-over-year increase in DDoS attacks in the second quarter of 2024, and that it mitigated 8.5 million DDoS attacks during the first six months.

4 key steps to building an incident response planIn this Help Net Security interview, Mike Toole, head of security and IT at Blumira, discusses the components of an effective security incident response strategy and how they work together to ensure organizations can address cybersecurity issues. Maintaining human oversight in AI-enhanced software developmentIn this Help Net Security interview, Martin Reynolds, Field CTO at Harness, discusses how AI can enhance the security of software development and deployment.

French cloud computing firm OVHcloud said it mitigated a record-breaking distributed denial-of-service (DDoS) attack in April 2024 that reached a packet rate of 840 million packets per second...

Cybersecurity researchers have uncovered a new botnet called Zergeca that's capable of conducting distributed denial-of-service (DDoS) attacks. Written in Golang, the botnet is so named for its...