Attack News, Articles and Updates

Microsoft Office flaw exploited by suspected Iranian APT group

Researchers believe a suspected Iranian APT group is responsible for a recent cyber-espionage operation that targeted a Middle Eastern government organisation.

Satori Botnet able to launch crippling attacks at any time

A massive new IoT botnet dubbed Satori has emerged, which security researchers fear, can launch crippling attacks at any time. According to the IBT the botnet has already infected more than 280,000 IP addresses in just 12 hours.

Market-leading security products broken by Doppelganging attack

New Doppelganging attack process memory attack methodology not only defeats market-leading security products but breathes new life into old threats at the same time.

Understanding the human element behind cyber-attacks: indicators of attack

Joep Gommers explains why focusing on the actor will help businesses to protect themselves from a potential cyber-attack, hence the need to understand indicators of attack, in addition to indicators of compromise.

How long must we wait for Tesco to reveal cyber-heist attack data?

The Tesco Bank cyber-heist was Britain's biggest attack to date but the information on how the attack was perpetrated is not being shared with those who need to know, reports Davey Winder.

120k strong botnet found in the wild

Networking and telecomms specialists Level 3 have discovered a botnet of 120,000 devices in the course of conducting DDoS research.

Unlimited size message vulnerability found in Telegram

Two researchers have found a rather annoying exploit in the Telegram encrypted communications app

£442 billion potential loss in UK power sector cyber-attack

Report examines how the direct and indirect economic costs accrue for a hypothetical cyber-attack on the UK's critical national infrastructure.

Triada trojan on Android devices "complex as Windows malware"

Nearly two-thirds of Android phones and tablets susceptible to attacks by the complex Triada Trojan

Dammit Janet: University network suffers DDoS attacks

Infrastructure supporting academic services under sustained distributed denial of service attack coming from an unknown quarter.

JD Wetherspoon attack took 15 mins says hacker 'Ropertus'

Last Friday it was reported that British pub chain JD Wetherspoon suffered a data breach causing a leak of more than 650,000 customer details; now the hacker responsible explains how easy it was.

Video: Chris Wysopal on how long it would take to break the internet

From hacker to security researcher and CTO of a major cyber-security software company, Chris Wysopal has developed strong views on what works and doesn't work and how the world needs to wise up to security.

Massive traffic attack: botnet-powered Layer 7 HTTP flood

Previously 'only-theoretical' attack made real; impact consumes server resources to make websites implode

BitTorrent moves to patch reflective DDoS attack flaw

Vulnerable libuTP protocol could have been used to force torrent apps to send malicious traffic

DD4BC are DDoS attack driving force, new report claims

A new report on DDoS trends points the finger at one group as the driving force behind many attacks. So, who is DD4BC?

GitHub seeks to contain DDoS attack

Second DDoS attack this year against GitHub code repository - site offline for several hours.

Man-in-the-cloud attacks can compromise enterprise cloud storage

A man-in-the-cloud attack vector has been uncovered by security analysis firm Imperva which it claims could compromise cloud storage security.

61% of critical infrastructure execs 'could detect attack in less than a day'

A majority of critical infrastructure executives believe their systems appeal to cyber-criminals, but also that they could detect any attack according to Tripwire findings just published.

iCloud hole closed following brute force attack

A hole in iCloud's security allowed attackers to access any iCloud account via a brute force attack that side-stepped blocks - but it is now reported to have been patched.

FBI warning on 'destructive' attack that wipes all data

FBI alert follows Sony Pictures hack for which North Korea refuses to deny involvement.

ICO report: Too many companies fail 'security basics'

The Information Commissioner's Office (ICO) has highlighted eight of the most common IT security vulnerabilities in a new report which reveals that businesses are often failing at 'basic' security measures.

Windigo malware infects 25,000 Unix servers

Systems administrators urged to take the 'tough medicine' and wipe all affected computers

Hackers focus on stealing money, especially via mobiles

Cyber criminals are "obsessed" with stealing money from banking apps and organisations "don't have a clue" where the next advanced attack is coming from, according to authoritative reports released this week.

B-Sides SF: 'You suck at your job'

"You suck at your job" was the Michael Roytman's controversial opening line to the audience of white hat hackers at the B-Sides event run prior to RSA San Francisco.

Honeypot Valentine

From being drawn in by a honypot, through to being compromised, lessons from life can have parallels with what happens online suggests Calum MacLeod.

NetTraveler attacks compromise private sector and embassies

A series of advanced attacks have been detected against more than 350 high profile victims in 40 countries.

DDoS attacks to knock you offline - when, not if?

In a story I did a month ago, I looked at research that suggested that distributed denial-of-service (DDoS) attacks were not being taken seriously at all levels of business.

FT suspends Twitter feed after apparent Syrian Electronic Army attack

A Twitter feed of the Financial Times has been suspended after it was hacked and malicious links posted.

Social news website Reddit downed by DDoS attack

The website for social news website Reddit experienced an outage on Friday after being hit with a strong distributed denial-of-service (DDoS) attack.