Posted on Leave a comment

Microsoft Blocks Record 2.4 Tbps DDoS Attack On Azure Customers.

Amir Dahan, Senior programme manager for Azure Networking, stated in a blog post  describing it as a “UDP reflection” that lasted around 10 minutes. That’s 140 percent more than 2020’s 1 Tbps attack and better than any previous community volumetric event detected on Azure.

Microsoft said on Monday that its Azure cloud platform neutralised a 2.4 Tbps distributed denial-of-service (DDoS) attack against an unidentified user in Europe in the final week of August, exceeding a 2.3 Tbps attack prevented by … Read more

Posted on Leave a comment

The NSA Releases Advisory on Protecting From Wildcard TLS Certificates and ALPACA attacks.

NSA is releasing this guidance as part of the mission to help secure the DoD,  NSS and DIB. Administrators should warn the organisation against the use of wildcard TLS certificates and the ALPACA TLS attack.

The ALPACA method which attacks hardened web applications through  non-HTTP services secured by a TLS certificate with the same scope as the web application, raises the danger of employing wildcard certificates with a broad scope.

This technique allows a threat actor to trick web servers … Read more

Posted on Leave a comment

Google  Issues Warning on Attack Attempts By APT28 on 14,000 Gmail Accounts.

Shane Huntley, the head of Google’s Threat Analysis Group which reacts to  Government-Backed Attack warnings that Google delivers to targeted consumers each month due to a limited number of targeted attacks that were prevented.

Google has issued a warning to around 14,000 of its users around multiple businesses  about being targeted in a state-sponsored phishing attack by APT28, a threat organisation linked to Russia.

Google reads the blog post that there is an increase in cyberattacks targeting high-profile persons and … Read more

Posted on Leave a comment

Operation GhostShell Uses MalKamak APT to Target Aerospace And Telco Firms .

Operation GhostShell is a highly targeted cyber espionage campaign that mainly targeted companies in the Middle East and also in the United States, Russia, and Europe. The purpose of the attacks  is to steal information about the victims infrastructure, technology and important resources.

During the investigation, the Nocturnus Team discovered ShellClient, a previously unknown and covert RAT that was used as the main espionage instrument.

“During the investigation, efforts were made to identify instances of the ShellClient code and to Read more

Posted on Leave a comment

Locked iPhones Can Be Misused For Contactless Payments Via Apple Pay .

According to a group of academics from the Universities of Birmingham and Surrey, “The attacker requires no cooperation from the merchant and our test payments have not been prevented by backend fraud detection procedures. An attacker requires a stolen iPhone that is turned on. The transactions might also be communicated without their knowledge through an iPhone in their bag.

Contactless Payments by Europay, Mastercard, and Visa (EMV) are a quick and easy way to make purchases, and they are … Read more