[THN Webinar] New AI DDoS Attacks Are Smarter. Learn How to Fight Back
Every single day, hackers are finding new ways to crash websites and steal data
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Every single day, hackers are finding new ways to crash websites and steal data
Authorities in Europe and North America have announced the dismantling of a criminal virtual private network (VPN) service used by criminal actors to obscure the origins of ransomware attacks, data theft, scanning, and denial-of-service attacks
Cybersecurity researchers have discovered four new npm packages containing information-stealing malware, one of which is a clone of the Shai-Hulud worm open-sourced by TeamPCP
A vulnerability in the popular Python-based tool for building AI agents and workflows is under active exploitation, allowing for full system compromise, DDoS attacks, and potential loss or theft of sensitive data
Cybersecurity researchers have disclosed six security flaws in the Ollama artificial intelligence (AI) framework that could be exploited by a malicious actor to perform various actions, including denial-of-service, model poisoning, and model theft
31 million folks' usernames, email addresses, salted-encrypted passwords now out there The Internet Archive had a bad day on the infosec front, after being DDoSed and having had its user data stolen in a security breach.…
Several of the flaws enable remote code execution and denial-of-service attacks while others enable data theft, session hijacking, and other malicious activity.
With 14 serious security flaws found, what a gift for spies and crooks Fourteen bugs in DrayTek routers — including one critical remote-code-execution flaw that received a perfect 10 out of 10 CVSS severity rating — could be abused by crooks looking to seize control of the equipment to then steal sensitive data, deploy ransomware, and launch denial-of-service attacks.…
Hacktivism-related DDoS attacks have risen 70% in the region, most often targeting the public sector, while stolen data and access offers dominate the Dark Web.
Wireless service providers prioritize uptime and lag time, occasionally at the cost of security, allowing attackers to take advantage, steal data, and worse.
Also: Hacker Sells Data Obtained Through Snowflake AttackThis week, Microsoft deprecated NTLM authentication, a hacker put apparently stolen Snowflake data up for sale, Ticketmaster confirmed its breach, Cisco patched Webex vulnerabilities, pro-Russian hacktivists claimed a DDoS attack in Spain and Kaspersky launched a free virus removal tool for Linux.
Multiple security vulnerabilities have been disclosed in the TCP/IP network protocol stack of an open-source reference implementation of the Unified Extensible Firmware Interface (UEFI) specification used widely in modern computers
Cyberattackers could exploit CVE-2023-20238 to carry out a variety of nefarious deeds, from data theft and code execution to phishing, fraud, and DoS.
Plus: Court-ordered domain seizures of DDoS-for-hire sites Intel is investigating reports that BootGuard private keys, used to protect PCs from hidden malware, were leaked when data belonging to Micro-Star International (MSI) was stolen and dumped online. …
A group of academics has demonstrated novel attacks that leverage Text-to-SQL models to produce malicious code that could enable adversaries to glean sensitive information and stage denial-of-service (DoS) attacks
An ongoing analysis of the KmsdBot botnet has raised the possibility that it's a DDoS-for-hire service offered to other threat actors
A new Chrome browser botnet named 'Cloud9' has been discovered in the wild using malicious extensions to steal online accounts, log keystrokes, inject ads and malicious JS code, and enlist the victim's browser in DDoS attacks. [...]
The Robin Banks phishing-as-a-service (PhaaS) platform is back in action with infrastructure hosted by a Russian internet company that offers protection against distributed denial-of-service (DDoS) attacks. [...]
The previously identified ransomware builder has veered in an entirely new direction, targeting consumers and business of all sizes by exploiting known CVEs through brute-forced and/or stolen SSH keys.
We saw a bit of ransomware drama this week, mostly centered around LockBit, who saw their data leak sites taken down by a DDoS attack after they started leaking the allegedly stolen Entrust data. [...]