distributed denial-of-service | Breaking Cybersecurity News | The Hacker News

What would it take for hackers to significantly disrupt the US' 911 emergency call system? It only takes 6,000 Smartphones. Yes, you heard it right! According to new research published last week, a malicious attacker can leverage a botnet of infected smartphone devices located throughout the country to knock the 911 service offline in an entire state, and possibly the whole United States, for days. The attacker would only need 6,000 infected smartphones to launch automated Distributed Denial of Service (DDoS) attacks against 911 service in an entire state by placing simultaneous calls from the botnet devices to the emergency numbers. However, as little as 200,000 infected mobile phones could knock the 911 emergency call system offline across the entire US. Where does the Problem Lies? Researchers from Ben-Gurion University of the Negev's Cyber-Security Research Center say the problem is in the fact that current US Federal Communications Commission (FCC) regula

Cyber criminals are using new malware variants by exploiting GNU Bash vulnerability referred to as ShellShock ( CVE-2014-6271 ) in order to infect embedded devices running BusyBox software, according to a researcher. A new variant of " Bashlite " malware targeting devices running BusyBox software was spotted by the researchers at Trend Micro shortly after the public disclosure of the ShellShock vulnerability. BusyBox provides set of command line utilities that are specifically designed to run in constrained embedded environments. At compile time, different capabilities can be left out, reducing the size of the binaries, and efforts are made to make them memory efficient. This makes the software an excellent candidate for use in consumer electronics devices, which seem to have been the items of interest in this case. The malware variant, detected as ELF_BASHLITE.A (ELF_FLOODER.W) , when executed on victim's machine, scans compromised networks for device

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

Tse Man- lai,  28-year-old businessman, owner of an information technology company, launched denial-of-service (DoS) attacks on Hong Kong stock exchange last year on August 12 and 13 , was sentenced to nine months in jail on Friday. According to SCMP , Tse Man- lai, who had pleaded not guilty to two counts of obtaining access to a computer with criminal or dishonest intent, was convicted of both counts in the District Court on October 24.  The attacked website is one of the most important economic platform of Hong Kong. Trading in the shares of seven companies was suspended. The seven companies, which included HSBC, Cathay Pacific Airways and HKEx itself, had a combined market value of HK$1.5 trillion. Trading was also halted on a debt security and 419 warrants and derivatives linked to the suspended stocks. Trading in the stocks were suspended, as the companies had tried to make price-sensitive announcements during the lunchtime trading break, which investors might not have seen be

One of Anonymous hacker groups " FawkesSecurity " who claim responsibility for a DDOS cyber attack on HSBC Bank says that they also manage to get 20,000 debit card details. When HSBC said , " This denial-of-service attack did not affect any customer data , but did prevent customers using HSBC online services, including Internet banking.", Anonymous tweeted on Friday. " We also managed to log 20,000 debit card details ." On asking, is there any proof of this claim , they replied ,"  We're debating whether to release them or not, HSBC knows debit details were intercepted, They probz won't admit it tho, ". On the other hand, A group that calls itself Izz ad-Din Al Qassam  , which has claimed responsibility for recent cyberattacks on at least nine other banks, also took responsibility for the assault on HSBC. Who ever the real hitman behind this, but according to hacker's warnings - RBS, Lloyds TSB and Barclays Banks are next targets.

As warned by Izz ad-Din al-Qassam Cyber Fighters They launched another distributed denial-of-service (DDOS) attack against the website of Regions Financial Corp (regions.com) and SunTrust. The computer attacks burden the bank websites with heavy traffic volume that causes slow service for the sites or makes them completely unavailable. In a Pastebin post dated Oct. 8, the hacktivist group announced the planned Oct. 9 attack against Capital One, the Oct. 10 attack against SunTrust and an Oct. 11 takedown date for Regions Financial Corp and THEY DID IT. SunTrust ( suntrust.com ) spokesman Michael McCoy confirmed SunTrust's site had been hit by an uptick in traffic. "We have seen increased online traffic today and experienced intermittent service availability of some online functions," he said. A couple of days ago, Regions representatives told Fox Business that the organization was aware of the threats. At the time, they claimed they were "taking every mea