Security News

DDoS attacks are a nuisance to be sure, but they're also used in a variety of ways that make them a severe threat, says Atlas VPN. DDoS attack data presented by Atlas VPN found that attackers prefer the United States and the computers and internet sectors as targets. In June 2021 alone, more than a third of DDoS attacks worldwide targeted servers in the U.S. DDoS attacks involve using a massive number of internet-connected machines and devices to flood a target server, rendering it unable to keep up with traffic and either making it unusable or taking it offline.

Zoom, the videoconferencing firm, has agreed to settle a class-action US privacy lawsuit for $85 million, it said Sunday. The suit charged that Zoom's sharing of users' personal data with Facebook, Google and LinkedIn was a breach of privacy for millions.

Bug hunters who want to help the US federal government secure their online assets can now source all the relevant information from a vulnerability disclosure policy platform offered by the Cybersecurity and Infrastructure Security Agency. "Through this crowdsourcing platform, Federal Civilian Executive Branch agencies will now be able to coordinate with the security research community in a streamlined fashion and those reporting incidents enjoy a single, usable website to facilitate submission of findings. The platform encourages collaboration and information sharing between the public and private sectors by allowing uniquely skilled researchers to submit vulnerability reports, which agencies will use to understand and address vulnerabilities that were previously unidentified," Eric Goldstein, Executive Assistant Director for Cybersecurity, CISA, explained.

Huawei has decided to school America on cyber-security, and its lesson is to co-operate with China so its vendors - including Huawei - can be trusted around the world. Purdy, a former White House adviser on cyber security, makes some decent points - especially when pointing out that the Executive Order is only binding on federal agencies and their private sector suppliers.

The US Department of Justice says that the Microsoft Office 365 email accounts of employees at 27 US Attorneys' offices were breached by the Russian Foreign Intelligence Service during the SolarWinds global hacking spree. Even though other districts were also affected by the attacks to a lesser degree, the Russian SVR state hackers managed to breach the O365 email accounts of at least 80 percent of employees from US Attorneys' offices located in the Eastern, Northern, Southern, and Western Districts of New York.

US President Joe Biden today issued a national security memorandum designed to help strengthen the security of critical infrastructure by setting baseline performance goals for critical infrastructure owners and operators. It directs the Department of Homeland Security's CISA and the Department of Commerce's NIST, in collaboration with other federal agencies, to develop cybersecurity performance goals and guidance for critical infrastructure orgs.

The Biden administration is taking steps to harden cybersecurity defenses for critical infrastructure, announcing on Wednesday the development of performance goals and a voluntary public-private partnership to protect core sectors. The actions, outlined in an order from President Joe Biden, are an acknowledgment of the cybersecurity vulnerabilities of critical industries - a reality made clear by the May hack of the nation's largest pipeline, which delivers about 45% of the fuel consumed on the East Coast.

The U.S. government and its allies are pleading with defenders to pay attention to gaping holes in perimeter-type devices, warning that advanced threat actors are feasting on known security defects in VPN appliances, network product gateways and enterprise cloud applications. In a joint advisory published Wednesday, cybersecurity response agencies from the U.S., the U.K., and Australia called special attention to flaws in network perimeter tech from Citrix, Fortinet, Pulse, F5 Networks and MobileIron.

The British government wants to make Amazon, Google, and other digital service providers report cybersecurity breaches to the Information Commissioner, according to newly published plans. Due to Brexit, the government can amend the UK's Network and Information Security Regulations to let the Information Commissioner's Office, the local data watchdog, dictate what kind of cybersecurity breaches must be reported to it.

In contrast, the Twitter hack we're referring to ultimately led to the takeover of just 45 accounts. The suspects were alleged to have previous form in hacking and trading in so-called OG accounts, where OG is short for original gangster.