CUPS Vulnerability Could Amplify DDoS Attacks by 600 Times
A
recently patched vulnerability in the Common Unix Printing System
(CUPS) has emerged as a potential tool for cyber criminals. This flaw
can be exploited to launch Distributed Denial-of-Service (DDoS) attacks
with a significant amplification factor of 600 times. This means
attackers can use a small amount of traffic to overwhelm a targeted
server with a much larger volume, making it inaccessible to legitimate
users.
Researchers discovered that chaining this CUPS flaw with
three other vulnerabilities could potentially allow remote code
execution on Unix-like systems. However, the primary concern lies in its
DDoS amplification capabilities. Thankfully, patches are available to
address this issue. System administrators are urged to update their CUPS
installations to mitigate the risk and prevent their servers from being
used in DDoS attacks.
"Pig Butchering" Apps Preying on App Store Users
"Pig butchering" scams have been discovered on both the Google Play Store and Apple's App Store. These fraudulent trading apps lure victims with promises of high returns on fake cryptocurrencies. Once users invest, their funds are stolen by the scammers. It's important to be cautious when downloading investment apps and to research the developer and user reviews before investing any money.
To avoid falling victim to these scams, users should be wary of unsolicited investment offers. It's also important to verify the legitimacy of the trading platform and the cryptocurrency before investing. Additionally, users should never share their personal or financial information with strangers.
Cloudflare Blocks 3.8 Tbps DDoS Attack, Setting New Record
Cloudflare, a web security company, recently thwarted a record-breaking distributed denial-of-service (DDoS) attack. The attack peaked at a staggering 3.8 terabits per second (Tbps) and lasted for 65 seconds. The attackers launched the attack by exploiting a network of vulnerable devices, including Asus routers and Mikrotik systems. This attack is the largest publicly recorded DDoS attack ever observed.
In comparison to previous large-scale DDoS attacks, this attack stands out due to its volume and duration. DDoS attacks work by overwhelming a target server with traffic, making it unavailable to legitimate users.
Evasive Linux Malware Enables Widespread Cryptomining
A stealthy malware campaign targeting Linux servers for years has finally come to light. The malware, dubbed "perfctl," has likely infected millions of servers and caused significant disruption. Researchers believe perfctl has been active for at least three years, exploiting vulnerabilities in Polkit (CVE-2021-4043) to escalate privileges and install cryptomining software.
Perfctl is particularly dangerous due to its evasive tactics. It avoids detection by stopping its activities when a new user logs in, only resuming once the user becomes idle again. Additionally, it deletes its own binary after execution, further enhancing its stealth. This highlights the importance of keeping systems updated and implementing strong security measures to protect against evolving cyber threats like perfctl.
FIN7 Targets Users with Deepfake Nude Generators to Spread Malware
There is a new tactic used by FIN7 hackers to spread malware. FIN7 is a cybercrime group known for sophisticated phishing and social engineering attacks. In this new campaign, FIN7 is creating fake AI-powered deepnude generator sites. These sites are designed to lure people interested in generating nude images using deepfakes. When users try to download the generated images, they are unknowingly downloading malware instead.
This is not the first time FIN7 has used social engineering to spread malware. FIN7 has been distributing NetSupport RAT and other malware through similar tactics. NetSupport RAT is a remote access trojan that allows attackers to take control of infected devices.
UMC Health System Impacted by Ransomware, Patients Diverted
The UMC Health System in Texas was recently impacted by a ransomware attack. This disrupted their IT infrastructure, forcing them to take critical measures to contain the incident. While their facilities remained open, some emergency and non-emergency patients had to be diverted to other locations.
UMC took immediate action to disconnect their systems and launched an investigation. As of now, no major ransomware group has claimed responsibility for the attack. This incident highlights the potential consequences of cyberattacks on critical infrastructure like healthcare systems. The disruption caused by the attack emphasizes the importance of robust cybersecurity measures in protecting patient care and hospital operations.
LockBit Ransomware Gang Hit with Global Crackdown
In a global effort to crack down on the LockBit ransomware gang, law enforcement from twelve countries have joined forces. This resulted in the arrest of four individuals connected to the cyber criminal group. These arrests included a developer, a bulletproof hosting service administrator, and two others associated with LockBit activity.
The operation not only involved arrests but also the seizure of LockBit infrastructure and the release of a decryption tool. This tool allows victims to recover their encrypted files for free. Additionally, authorities issued indictments targeting other LockBit affiliates and offered a substantial reward for information leading to the capture of the gang's leadership. These actions demonstrate international cooperation in combating ransomware threats and potentially offer relief to victims of LockBit attacks.
Hacker Steals Confidential Data for Profit
A British citizen, Robert B. Westbrook, has been charged by the U.S. Securities and Exchange Commission (SEC) for hacking into the computer systems of five public American companies. His goal was to access confidential earnings information before it was made public.
Westbrook allegedly used this stolen information to make profitable stock trades ahead of earnings announcements. Over a period of 18 months, between January 2019 and August 2020, he made an estimated $3.75 million in illegal profits through insider trading. The SEC alleges that Westbrook reset the passwords of senior executives to gain access to documents and emails containing financial reports. He then used anonymous email accounts, VPN services, and Bitcoin to conceal his identity while making the illicit investments. However, the SEC was eventually able to track him down using data analytics.
No comments:
Post a Comment