-->
#1 Trusted Cybersecurity News Platform
Followed by 5.70+ million
The Hacker News Logo
Get the Latest News
cybersecurity

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Microsoft Mitigated Record-Breaking 3.47 Tbps DDoS Attack on Azure Customers

Microsoft Mitigated Record-Breaking 3.47 Tbps DDoS Attack on Azure Customers

Jan 28, 2022
Microsoft this week revealed that it had fended off a record number of distributed denial-of-service (DDoS) attacks aimed at its customers in 2021, three of which surpassed 2.4 terabit per second (Tbps). One of the DDoS attacks took place in November, targeting an unnamed Azure customer in Asia and lasted a total of 15 minutes. It hit a peak throughput of 3.47 Tbps and a packet rate of 340 million packets per second (pps), making it the largest attack ever reported in history. "This was a distributed attack originating from approximately 10,000 sources and from multiple countries across the globe, including the United States, China, South Korea, Russia, Thailand, India, Vietnam, Iran, Indonesia, and Taiwan," Alethea Toh, product manager of Azure Networking,  said . DDoS attacks occur when several compromised devices are employed as a conduit to overwhelm a targeted server, service, or network with a flood of internet traffic with the goal of overloading the systems and d...
QNAP Warns of DeadBolt Ransomware Targeting Internet-Facing NAS Devices

QNAP Warns of DeadBolt Ransomware Targeting Internet-Facing NAS Devices

Jan 28, 2022
Taiwanese company QNAP has warned customers to secure network-attached storage (NAS) appliances and routers against a new ransomware variant called DeadBolt . "DeadBolt has been widely targeting all NAS exposed to the Internet without any protection and encrypting users' data for Bitcoin ransom," the company  said . "QNAP urges all QNAP NAS users to […] immediately update QTS to the latest available version." A query on IoT search engine Censys shows that at least 3,687 devices have been encrypted by the DeadBolt ransomware so far, with most NAS devices located in the U.S., Taiwan, France, Italy, the U.K., Hong Kong, Germany, the Netherlands, Poland, and South Korea. In addition, QNAP is also urging users to check if their NAS devices are public-facing, and if so, take steps to turn off the port forwarding function of the router and disable the Universal Plug and Play ( UPnP ) function of the QNAP NAS. The advisory comes as  Bleeping Computer  revealed t...
Patching the CentOS 8 Encryption Bug is Urgent – What Are Your Plans?

Patching the CentOS 8 Encryption Bug is Urgent – What Are Your Plans?

Jan 27, 2022
There are three things you can be sure of in life: death, taxes – and new CVEs. For organizations that rely on CentOS 8, the inevitable has now happened, and it didn’t take long. Just two weeks after reaching the official end of life, something broke spectacularly, leaving  CentOS 8  users at major risk of a severe attack – and with no support from CentOS. You’d think that this issue no longer affects a significant number of organizations because by now, companies would have migrated away from CentOS 8 to an OS that is actively supported by vendors. After all, vendor support is critical for security and compliance. But as it always is with these things, you can count on the fact that a big chunk of CentOS 8 users are soldiering on with an unsupported OS, despite being aware of the risks. With that risk now crystallizing we’re using this article to examine  CVE-2021-4122 , the newly discovered vulnerability in LUKS encryption, and to discuss your options for mitigating ...
cyber security

Take the AI Sprawl CISO Survey. Get fast track to BlackHat swag

websiteRecoAI Security / SaaS Security
Answer questions on AI sprawl. First access to the peer benchmark report.
cyber security

Zscaler ThreatLabz 2026 VPN Risk Report with Cybersecurity Insiders

websiteZscalerAI Security / Network Security
VPN Risk Report reveals attackers using AI to move at machine speed, leaving legacy VPNs exposed.
Chaes Banking Trojan Hijacks Chrome Browser with Malicious Extensions

Chaes Banking Trojan Hijacks Chrome Browser with Malicious Extensions

Jan 27, 2022
A financially-motivated malware campaign has compromised over 800 WordPress websites to deliver a banking trojan dubbed Chaes targeting Brazilian customers of Banco do Brasil, Loja Integrada, Mercado Bitcoin, Mercado Livre, and Mercado Pago. First documented by  Cybereason  in November 2020, the info-stealing malware is delivered via a sophisticated infection chain that's engineered to harvest sensitive consumer information, including login credentials, credit card numbers, and other financial information. "Chaes is characterized by the multiple-stage delivery that utilizes scripting frameworks such as JScript, Python, and NodeJS, binaries written in Delphi, and malicious Google Chrome extensions," Avast researchers Anh Ho and Igor Morgenstern  said . "The ultimate goal of Chaes is to steal credentials stored in Chrome and intercept logins of popular banking websites in Brazil." The attack sequence is triggered when users visit one of the infected websites...
Widespread FluBot and TeaBot Malware Campaigns Targeting Android Devices

Widespread FluBot and TeaBot Malware Campaigns Targeting Android Devices

Jan 27, 2022
Researchers from the Bitdefender Mobile Threats team said they have intercepted more than 100,000 malicious SMS messages attempting to distribute  Flubot  malware since the beginning of December. "Findings indicate attackers are modifying their subject lines and using older yet proven scams to entice users to click," the Romanian cybersecurity firm  detailed  in a report published Wednesday. "Additionally, attackers are rapidly changing the countries they are targeting in this campaign." The new wave of attacks is said to have been most active in Australia, Germany, Poland, Spain, Austria, and Italy, among others, with attacks spreading to newer countries like Romania, the Netherlands, and Thailand starting mid-January. FluBot (aka Cabassous) campaigns use smishing as the primary delivery method to target potential victims, wherein users receive an SMS message with the question "Is this you in this video?" and are tricked into clicking a link that inst...
⚡ Top Stories This Week
Expert Insights Articles Videos
Cybersecurity Resources