DDoS Attacks Doubled in Q2 Compared with Prior Quarter
Denial-of-service (DDoS) attacks in the network layer, like other threat categories, doubled in the last quarter in the previous three months.
Denial-of-service (DDoS) attacks in the network layer, like other threat categories, doubled in the last quarter in the previous three months.
The WordPress plugin has several vulnerabilities that can hijack your site when executing code.
https://threatpost.com/newsletter-wordpress-plugin-site-takeover/158025/
The Emotet banking Trojan has reappeared after a five-month hiatus.
https://threatpost.com/a-cyber-vigilante-is-sabotaging-emotets-return/158023/
As critical gateway devices grow in deploying off-site computing, companies will have to adapt to the new threat landscape.
https://www.bleepingcomputer.com/news/security/vulnerable-perimeter-devices-a-huge-attack-surface/
A “Taidoor” remote access tool used for cyber espionage campaigns has been spotted by security researchers (CISA).
The most faked brands by the attackers are Google and Amazon, ahead of Apple. The brand phishing attack is spreading.
https://threatpost.com/apple-most-imitated-brand-phishing-attacks/158006/
The FBI has reported a growing number of reports from victims of online shopping fraud.
It will never stop if hackers monetize the attacks.
Cybersecurity experts consider paying ransom an irresponsible practice. Even if we are sure that other victims of a specific threat regained access to the data after paying the ransom, it may turn out that the hackers have abandoned their project and no longer want to distribute decryption codes. Therefore, even if we have the right antivirus package, we should create backups as often as possible – in companies, this should be the absolute norm. In-home applications, it is also worth ensuring that our copies contain the most up-to-date information possible – the scale of damage caused by ransomware mainly depends on this.
https://www.itproportal.com/news/garmin-paid-for-wastedlocker-ransomware-decryption-key/
Checkmarx researchers found API security issues such as lack of resources and data timing and exposure, several severe vulnerabilities, and several cross-site critical vulnerabilities in the popular Meetup.com service.
https://threatpost.com/critical-meetup-website-flaws-takeover-payment-theft/157934/
The new attack technique is time-based, remote side-channel attack is time-based, and is more productive regardless of network congestion between the enemy and the target server.
https://thehackernews.com/2020/07/http2-timing-side-channel-attacks.html