Tim Starks writes: A trio of internet giants revealed on Tuesday that they had fought off an “unprecedented” distributed denial-of-service (DDoS) attack — used to disrupt the availability of systems like websites and services — that registered as the biggest on record, by far. Cloudflare, Google and Amazon Web Services (AWS) said the attack relied…
Category: Commentaries and Analyses
Justice department wants to fight R5 million fine over ransomware attack in court
Myles Illidge reports: The Department of Justice and Constitutional Development (DoJ&CD) is taking the Information Regulator to court to appeal the R5 million fine the agency slapped it with after falling prey to a ransomware attack in 2021, TechCentral reports. Departmental spokesperson Steven Mahlangu reportedly said the court application was issued on 29 September 2023…
North Korea Suspected in Massive Hack of DeFi Project Mixin (1)
Katrina Manson reports: The massive breach of a decentralized finance project bears the hallmarks of a North Korean attack, according to a senior White House official. Mixin Network, which helps blockchains handle transactions more efficiently, said it had lost less than $150 million in a late-September attack. Originally the company estimated it lost $200 million…
NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations
Alert Code AA23-278A EXECUTIVE SUMMARY The National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint cybersecurity advisory (CSA) to highlight the most common cybersecurity misconfigurations in large organizations, and detail the tactics, techniques, and procedures (TTPs) actors use to exploit these misconfigurations. Through NSA and CISA Red and Blue…
HC3: Monthly Cybersecurity Vulnerability Bulletin
October 05, 2023 TLP:CLEAR Report: 202310051200 September Vulnerabilities of Interest to the Health Sector In September 2023, vulnerabilities to the health sector have been released that require attention. This includes the monthly Patch Tuesday vulnerabilities released by several vendors on the second Tuesday of each month, along with mitigation steps and patches. Vulnerabilities for September…
Record Numbers of Ransomware Victims Named on Leak Sites
James Coker reports: The number of victims named on ransomware leak sites reached “unprecedented levels” in the four months from March to June 2023, according to Secureworks’ 2023 State of the Threat report. At current levels, 2023 is on course to be the biggest year on record for victim naming on so-called ‘name and shame’ sites since…