Monthly Archives: November 2022

Cybercriminals are cashing in on FIFA World Cup-themed cyberattacks

The hype and popularity of the FIFA World Cup has attracted audiences from across the globe. And this, in turn attracts a variety of cybercriminals, who want to exploit the varied fan following, and the organizations participating, to make a quick buck. Advanced persistent threat (APT) campaigns, phishing, credit card/cryptocurrency fraud, DDoS attacks, and identity theft are among the threats faced by organizations and audiences, CloudSEK reports. The cybercriminals are motivated by financial gain, ideology, … More ? The post Cybercriminals are cashing in on FIFA World Cup-themed cyberattacks appeared first on Help Net Security .

Week in review: 5 free CISA resources, surviving a DDoS attack, Google to make Cobalt Strike useless

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Google seeks to make Cobalt Strike useless to attackers Google Cloud’s intelligence research and applications team has created and released a collection of 165 YARA rules to help defenders flag Cobalt Strike components deployed by attackers. Fake subscription invoices lead to corporate data theft and extortion A threat actor dubbed Luna Moth has been leveraging social engineering and legitimate software … More ? The post Week in review: 5 free CISA resources, surviving a DDoS attack, Google to make Cobalt Strike useless appeared first on Help Net Security .

Originally posted here:
Week in review: 5 free CISA resources, surviving a DDoS attack, Google to make Cobalt Strike useless

European Parliament Putin things back together after cyber attack

DDoS started not long after Russia was declared a state sponsor of terrorism The European Parliament has experienced a cyber attack that started not long after it declared Russia to be a state sponsor of terrorism.…

Out of the blue: Surviving an 18-hour, 39M-request DDoS attack

No online business can afford to neglect malicious bot threats. Attackers and fraudsters increasingly leverage bots to automate and coordinate attacks, driving IT teams and ill-equipped security tools to their limits. Only a full-endpoint, 360° bot protection solution that leverages aggregate global detection signals can save you from unexpected threats. Case in point: A large e-commerce website protected by DataDome’s bot and online fraud management solution recently remained blissfully unaffected throughout a high volume, highly-distributed … More ? The post Out of the blue: Surviving an 18-hour, 39M-request DDoS attack appeared first on Help Net Security .

Original post:
Out of the blue: Surviving an 18-hour, 39M-request DDoS attack

Google wins lawsuit against alleged Russian botnet herders

Judge tells tale of two men, their lawyer, and a ‘willful campaign… to mislead the court’ A New York judge has issued a default judgment against two Russian nationals who are alleged to have helped create the “Glupteba” botnet, sold fraudulent credit card information, and generated cryptocurrency using the network.…

View article:
Google wins lawsuit against alleged Russian botnet herders

Notorious Emotet botnet returns after a few months off

And it’s been sending out hundreds of thousands of malicious emails a day The Emotet malware-delivery botnet is back after a short hiatus, quickly ramping up the number of malicious emails it’s sending and sporting additional capabilities, including changes to its binary and delivering a new version of the IcedID malware dropper.…

See original article:
Notorious Emotet botnet returns after a few months off

API abuses and attacks create new challenges for retailers

Imperva releases The State of Security Within eCommerce 2022 report, a 12-month analysis by Imperva Threat Research of cybersecurity threats targeting the retail industry. Retail industry cybersecurity threats A range of automated threats – from account takeover, credit card fraud, web scraping, API abuses, Grinch bots, and distributed denial of service (DDoS) attacks – were a persistent challenge for the eCommerce industry, threatening online sales and customer satisfaction. The continued barrage of attacks on retailers’ … More ? The post API abuses and attacks create new challenges for retailers appeared first on Help Net Security .

Continue Reading:
API abuses and attacks create new challenges for retailers

FBI: Russian hacktivists achieve only ‘limited’ DDoS success

OK, so you’ve got a botnet. That don’t impress me much Pro-Russia hacktivists’ recent spate of network-flooding bot traffic aimed at US critical infrastructure targets, while annoying, have had “limited success,” according to the FBI.…

See original article:
FBI: Russian hacktivists achieve only ‘limited’ DDoS success

US Treasury thwarts DDoS attack from Russian Killnet group

Yet another pathetic ‘stunt’ from pro-Kremlin criminals The US Treasury Department has thwarted a distributed denial of service (DDoS) attack that officials attributed to Russian hacktivist group Killnet.…

High-severity OpenSSL vulnerabilities fixed (CVE-2022-3602, CVE-2022-3786)

Version 3.0.7 of the popular OpenSSL cryptographic library is out, with fixes for CVE-2022-3602 and CVE-2022-3786, two high-severity buffer overflow vulnerabilities in the punycode decoder that could lead to crashes (i.e., denial of service) or potentially remote code execution. CVE-2022-3602, whose existence was preannounced by the OpenSSL Project team a week ago, has luckily turned out to be less dangerous than initially thought. So the much feared *Critical* #OpenSSL turns out to be “just” a … More ? The post High-severity OpenSSL vulnerabilities fixed (CVE-2022-3602, CVE-2022-3786) appeared first on Help Net Security .

More:
High-severity OpenSSL vulnerabilities fixed (CVE-2022-3602, CVE-2022-3786)