#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Yandex | Breaking Cybersecurity News | The Hacker News

Mēris Botnet Hit Russia's Yandex With Massive 22 Million RPS DDoS Attack

Mēris Botnet Hit Russia's Yandex With Massive 22 Million RPS DDoS Attack

Sep 11, 2021
Russian internet giant Yandex has been the target of a record-breaking distributed denial-of-service (DDoS) attack by a new botnet called Mēris. The botnet is believed to have pummeled the company's web infrastructure with millions of HTTP requests, before hitting a peak of 21.8 million requests per second (RPS), dwarfing a recent botnet-powered attack that came to light last month,  bombarding  an unnamed Cloudflare customer in the financial industry with 17.2 million RPS. Russian DDoS mitigation service Qrator Labs, which disclosed details of the attack on Thursday, called  Mēris  — meaning "Plague" in the Latvian language — a "botnet of a new kind."  "It is also clear that this particular botnet is still growing. There is a suggestion that the botnet could grow in force through password brute-forcing, although we tend to neglect that as a slight possibility. That looks like some vulnerability that was either kept secret before the massive campaign&#
Yandex Employee Caught Selling Access to Users' Email Inboxes

Yandex Employee Caught Selling Access to Users' Email Inboxes

Feb 13, 2021
Russian Dutch-domiciled search engine, ride-hailing and  email service provider Yandex on Friday disclosed a data breach that compromised 4,887 email accounts of its users. The company blamed the incident on an unnamed employee who had been providing unauthorized access to the users' mailboxes for personal gain. "The employee was one of three system administrators with the necessary access rights to provide technical support for the service," Yandex said in a statement. The company said the security breach was identified during a routine audit of its systems by its security team. It also said there was no evidence that user payment details were compromised during the incident and that it had notified affected mailbox owners to change their passwords. It's not immediately clear when the breach occurred or when the employee began offering unauthorized access to third-parties. "A thorough internal investigation of the incident is under way, and Yandex will be
How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities

How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities

Feb 15, 2024SaaS Security / Risk Management
With many of the highly publicized 2023 cyber attacks revolving around one or more SaaS applications, SaaS has become a cause for genuine concern in many boardroom discussions. More so than ever, considering that GenAI applications are, in fact, SaaS applications. Wing Security (Wing), a SaaS security company, conducted an analysis of 493 SaaS-using companies in Q4 of 2023.  Their study reveals  how companies use SaaS today, and the wide variety of threats that result from that usage. This unique analysis provides rare and important insights into the breadth and depth of SaaS-related risks, but also provides practical tips to mitigate them and ensure SaaS can be widely used without compromising security posture.  The TL;DR Version Of SaaS Security 2023 brought some now infamous examples of malicious players leveraging or directly targeting SaaS, including the North Korean group UNC4899, 0ktapus ransomware group, and Russian Midnight Blizzard APT, which targeted well-known organizat
Cybersecurity Resources