OVHcloud Sees Record 840 Mpps DDoS Attack
OVHcloud says it mitigated the largest ever DDoS attack leveraging packet rate, which peaked at 840 Mpps.
The post OVHcloud Sees Record 840 Mpps DDoS Attack appeared first on SecurityWeek.
OVHcloud says it mitigated the largest ever DDoS attack leveraging packet rate, which peaked at 840 Mpps.
The post OVHcloud Sees Record 840 Mpps DDoS Attack appeared first on SecurityWeek.
Censys has discovered more than 380,000 hosts, including major platforms, still referencing the malicious polyfill.io domain.
The post Over 380k Hosts Still Referencing Malicious Polyfill Domain: Censys appeared first on SecurityWeek.
Enterprise data security platform Odaseva raises $54 million in a Series C funding round led by Silver Lake Waterman.
The post Odaseva Raises $54 Million for Salesforce Enterprise Data Security Platform appeared first on SecurityWeek.
Florida Community Health Centers says the information of 300,000 individuals was stolen in a June 2023 ransomware attack.
The post 300k Affected by Year-Old Data Breach at Florida Community Health Centers appeared first on SecurityWeek.
Patelco Credit Union shuts down banking systems and suspends electronic operations in response to a ransomware attack.
The post Patelco Credit Union Scrambling to Restore Systems Following Ransomware Attack appeared first on SecurityWeek.
Google ships an Android security update with fixes for 15 vulnerabilities, including a critical-severity flaw in Framework.
The post Google Patches 25 Android Flaws, Including Critical Privilege Escalation Bug appeared first on SecurityWeek.
Splunk has patched multiple vulnerabilities in Splunk Enterprise, including high-severity remote code execution bugs.
The post Splunk Patches High-Severity Vulnerabilities in Enterprise Product appeared first on SecurityWeek.
EVA Information Security has shared details on three CocoaPods vulnerabilities impacting millions of macOS and iOS applications.
The post Critical CocoaPods Flaws Exposed Many iOS, macOS Apps to Supply Chain AttacksΒ appeared first on SecurityWeek.
Cisco has patched an NX-OS command injection zero-day exploited by China-linked cyberespionage group Velvet Ant.
The post Cisco Patches NX-OS Zero-Day Exploited by Chinese Cyberspies appeared first on SecurityWeek.
Life insurance company Landmark Admin says personal, medical, and insurance information was compromised in a May data breach.
The post Landmark Admin Discloses Data Breach Impacting Personal, Medical Information appeared first on SecurityWeek.
GreyNoise observes the first attempts to exploit a path traversal vulnerability in discontinued D-Link DIR-859 WiFi routers.
The post Hackers Target Vulnerability Found Recently in Long-Discontinued D-Link Routers appeared first on SecurityWeek.
Juniper Networks warns of a critical authentication bypass flaw impacting Session Smart routers and conductors.
The post Juniper Networks Warns of Critical Authentication Bypass Vulnerability appeared first on SecurityWeek.
Prudential Financial has updated the February data breach impact estimate to 2.5 million individuals.
The post Prudential Financial Data Breach Impacts 2.5 Million appeared first on SecurityWeek.
Incubated for two years by Ballistic Ventures, GetReal Labs has launched to combat manipulated content and deepfakes.
The post GetReal Labs Emerges From Stealth to Tackle Deepfakes appeared first on SecurityWeek.
Permissions management technology startup AuthZed has raised $12 million in a Series A funding round led by General Catalyst.
The post AuthZed Raises $12 Million for Permissions Management Technology appeared first on SecurityWeek.
Fortra has patched a critical-severity vulnerability in FileCatalyst Workflow leading to the creation of administrator accounts.
The post Fortra Patches Critical SQL Injection in FileCatalyst Workflow appeared first on SecurityWeek.
Namecheap shut down polyfill.io amid reports of malicious activity, but the Chinese owner claims it has good intentions.
The post Polyfill Domain Shut Down as Owner Disputes Accusations of Malicious Activity appeared first on SecurityWeek.
The US Justice Department has announced charges against Amin Stigal for conducting wiper cyberattacks on Ukraine in 2022.
The post US Announces Charges, Reward for Russian National Behind Wiper Attacks on Ukraine appeared first on SecurityWeek.
GitLab CE and EE updates resolve 14 vulnerabilities, including a critical- and three high-severity bugs.
The post GitLab Security Updates Patch 14 Vulnerabilities appeared first on SecurityWeek.
Most critical open source software contains code written in a memory unsafe language, US, Australian, and Canadian government agencies warn.
The post US, Allies Warn of Memory Unsafety Risks in Open Source Software appeared first on SecurityWeek.
CISA on Wednesday warned that three older flaws in GeoServer, Linux kernel, and Roundcube webmail are exploited in the wild.
The post CISA Warns of Exploited GeoServer, Linux Kernel, and Roundcube Vulnerabilities appeared first on SecurityWeek.
Aqua Security shows that code in repositories remains accessible even after being deleted or overwritten, continuing to leak secrets.
The post βPhantomβ Source Code Secrets Haunt Major Organizations appeared first on SecurityWeek.
Google has disrupted over 175,000 YouTube and Blogger instances related to the Chinese influence operation Dragonbridge.
The post Google Disrupts More China-Linked Dragonbridge Influence Operations appeared first on SecurityWeek.
The P2Pinfect worm targeting Redis servers has been updated with ransomware and cryptocurrency mining payloads.
The post P2Pinfect Worm Now Dropping Ransomware on Redis Servers appeared first on SecurityWeek.
More than 100,000 websites are affected by a supply chain attack injecting malware via a Polyfill domain.
The post Polyfill Supply Chain Attack Hits Over 100k WebsitesΒ appeared first on SecurityWeek.
A Mirai-like botnet has started exploiting a critical-severity vulnerability in discontinued Zyxel NAS products.
The post Recent Zyxel NAS Vulnerability Exploited by Botnet appeared first on SecurityWeek.
CoinStats says North Korean hackers drained $2 million in virtual assets from 1,590 cryptocurrency wallets.
The post Hackers Steal Over $2 Million in Cryptocurrency From CoinStats Wallets appeared first on SecurityWeek.
Five WordPress plugins were injected with malicious code that creates a new administrative account.
The post Several Plugins Compromised in WordPress Supply Chain AttackΒ appeared first on SecurityWeek.
Google has released a Chrome security update to resolve four high-severity use-after-free vulnerabilities.
The post Chrome 126 Update Patches Memory Safety Bugs appeared first on SecurityWeek.
LivaNova USA says the personal and medical information of 130,000 individuals was compromised in an October 2023 data breach.
The post LivaNova USA Discloses Data Breach Impacting 130,000 Individuals appeared first on SecurityWeek.
The US has announced charges against four Vietnamese nationals for hacking businesses and causing $71 million in losses.
The post Vietnamese Members of FIN9 Hacking Group Charged in US appeared first on SecurityWeek.
The Los Angeles County Department of Health Services discloses a data breach caused by push notification spamming attack.
The post Push Notification Fatigue Leads to LA County Health Department Data Breach appeared first on SecurityWeek.
A hacker claims to have stolen the information of 30 million users from TEG subsidiary Ticketek.
The post Hacker Claims Theft of 30M User Records From Australia Ticketing Company TEG appeared first on SecurityWeek.
Santander US is notifying over 12,000 employees that their personal information was compromised in a data breach.
The post Santander Employee Data Breach Linked to Snowflake Attack appeared first on SecurityWeek.
Threat actors are exploiting a recent path traversal vulnerability in SolarWinds Serv-U using public PoC code.
The post Recent SolarWinds Serv-U Vulnerability Exploited in the Wild appeared first on SecurityWeek.
CISA says CFATS program data was likely accessed after an Ivanti Connect Secure appliance was hacked in January.
The post Personal and Chemical Facility Information Potentially Accessed in CISA Hack appeared first on SecurityWeek.
A years-long espionage campaign has targeted telecoms companies in Asia with tools associated with Chinese groups.
The post Cyber Assault on Asian Telecoms Traced to Chinese State Hackers appeared first on SecurityWeek.
Pomerium raises $13.75 million in Series A funding for dynamic user identity verification and access management platform.
The post Access Management Startup Pomerium Raises $13.75 Million appeared first on SecurityWeek.
LockBit appears to once again be the most active ransomware group, but experts believe the hackers may just be inflating their numbers.Β
The post LockBit Ransomware Again Most Active β Real Attack Surge or Smokescreen? appeared first on SecurityWeek.
A threat actor targeting Chinese-speaking victims has been using the SquidLoader malware loader in recent attacks.
The post Highly Evasive SquidLoader Malware Targets China appeared first on SecurityWeek.
Atlassian has released Confluence, Crucible, and Jira updates to address multiple high-severity vulnerabilities.
The post Atlassian Patches High-Severity Vulnerabilities in Confluence, Crucible, Jira appeared first on SecurityWeek.
National passenger railroad company Amtrak is notifying customers that hackers have breached their Guest Rewards Accounts.
The post Amtrak Says Guest Rewards Accounts Hacked in Credential Stuffing Attacks appeared first on SecurityWeek.
Government agencies in the US, New Zealand, and Canada have published new guidance on improving network security.
The post US, Allies Publish Guidance on Securing Network Access appeared first on SecurityWeek.
Google has released a Chrome 126 security update with six fixes, including four for externally reported high-severity flaws.
The post Chrome 126 Update Patches Vulnerability Exploited at Hacking Competition appeared first on SecurityWeek.
Sagar Steven Singh and Nicholas Ceraolo pleaded guilty to hacking a database maintained by a US federal law enforcement agency.
The post Two Men Plead Guilty to Hacking Law Enforcement Database for Doxing appeared first on SecurityWeek.
The BadSpace backdoor is being distributed via drive-by attacks involving infected websites and JavaScript downloaders.
The post New BadSpace Backdoor Deployed in Drive-By Attacks appeared first on SecurityWeek.
China-linked threat actor Velvet Ant leveraged a legacy F5 BIG-IP appliance for three-year access to a victimβs network.
The post Chinese Hackers Leveraged Legacy F5 BIG-IP Appliance for Persistence appeared first on SecurityWeek.
Blackbaud was ordered to pay $6.75 million to the California Attorney Generalβs Office over the 2020 data breach.
The post Blackbaud Settles With California for $6.75 Million Over 2020 Data Breach appeared first on SecurityWeek.
The US cybersecurity agency CISA has conducted a tabletop exercise with the private sector focused on AI cyber incident response.
The post CISA Conducts First AI Cyber Incident Response Exercise appeared first on SecurityWeek.