One of the internet's worst websites is down following a weekend hack that may have exposed the email, password and IP address of Kiwi Farms users. A statement on the site says hackers gained access to site administrator Joshua Moon's account. Site users stalk transgender and nonbinary people.
Attackers could block access to every Contec patient monitoring device connected to a hospital network by sending a single malformed packet, security researchers warn. U.S. authorities say China-based Contec hasn't responded to outreach to fix the flaws.
In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including implications of the Russia-Ukraine cyberwar, the former CISA director’s somber message to the industry at Black Hat, and how the cryptocurrency landscape is changing.
Attackers could take advantage of a misconfiguration in Palo Alto firewalls to launch amplification DDoS attacks, a vulnerability that led the U.S. Cybersecurity and Infrastructure Security Agency added the vulnerability its catalog of actively exploited vulnerabilities.
Ransomware karma: The notorious LockBit 3.0 ransomware gang's site has been disrupted via a days-long distributed-denial-of-service attack, with administrator LockBitSupp reporting that it appears to be retribution for the gang leaking files stolen from a recent victim: security firm Entrust.
Google detected and stopped one of the largest distributed denial-of-service incidents yet in a likely sighting of the Mēris botnet. Google is not releasing the identity of the victim, whose web servers faced 46 million https requests per second in the attack, which lasted for more than an hour.
As the Russia-Ukraine war continues, Ukrainian government cybersecurity official Victor Zhora says that the country's computer emergency response team has tracked more than 1,600 online attacks and that defensively, "wipers continue to be the biggest challenge."
Sandy Carielli, principal analyst at Forrester, shares research on the latest bot management trends. Forrester found that while bots affect security, e-commerce, marketing, fraud and other teams, security professionals are still the most common bot management users.
Lithuanian state energy company Ignitis Group was the victim of a distributed denial-of-service attack; a pro-Russian hacker group claimed responsibility. The Baltic nation is a supply chain chokepoint for Kaliningrad. Last month, it began enforcing EU sanctions on the Russian exclave.
Three months after Russia’s ongoing invasion of Ukraine began, a report from the State Cyber Defense Center's Cyber Rapid Response Team takes a look back at the turbulence the nation has faced in its cyber sphere during Q1 2022 and considers the way ahead.
Russia's use of wiper malware, DDoS attacks and targeted disinformation show it no longer depends on traditional methods in its war with Ukraine. John Walker, a professor and counterintelligence expert, says organizations need to be "more realistic" about how they handle cyberattacks.
The Computer Emergency Response Team of Ukraine and the National Bank of Ukraine are warning of massive DDoS attacks against pro-Ukrainian targets. The intelligence service in Romania, SRI, also warns of a similar type of attack targeting sites belonging to its national authorities.
With so much at stake, organizations have to formulate a framework of cybersecurity strategies that can adapt to new and evolving threats. Cybersecurity involves not just technological defenses but a comprehensive process that keeps employees updated about security policies, ensures there's a thorough evaluation of...
With Ukraine having called on the world to join its "IT Army" and help it hack Russia and ally Belarus, what could possibly go wrong? For starters, launching distributed denial-of-service attacks - at least from outside Ukraine - remains illegal and risks triggering an escalation by Moscow.
As Western cybersecurity officials warn that Russia's Ukraine invasion poses an elevated cybersecurity risk to all, kudos to Cloudflare, CrowdStrike and Ping Identity for offering free endpoint security and other defenses to the healthcare sector and power sectors, for at least four months.