Citrix has issued an emergency advisory warning its customers of a security issue affecting its NetScaler application delivery controller (ADC) devices that attackers are abusing to launch amplified distributed denial-of-service (DDoS) attacks against several targets. "An attacker or bots can overwhelm the Citrix ADC [Datagram Transport Layer Security] network throughput, … [Read more...] about Attackers Abusing Citrix NetScaler Devices to Launch Amplified DDoS Attacks
attacks
Experts Uncover ‘Crutch’ Russian Malware Used in APT Attacks for 5 Years
Cybersecurity researchers today took the wraps off a previously undocumented backdoor and document stealer that has been deployed against specific targets from 2015 to early 2020. Codenamed "Crutch" by ESET researchers, the malware has been attributed to Turla (aka Venomous Bear or Snake), a Russia-based advanced hacker group known for its extensive attacks against governments, … [Read more...] about Experts Uncover ‘Crutch’ Russian Malware Used in APT Attacks for 5 Years
SAD DNS — New Flaws Re-Enable DNS Cache Poisoning Attacks
A group of academics from the University of California and Tsinghua University has uncovered a series of critical security flaws that could lead to a revival of DNS cache poisoning attacks. Dubbed "SAD DNS attack" (short for Side-channel AttackeD DNS), the technique makes it possible for a malicious actor to carry out an off-path attack, rerouting any traffic originally … [Read more...] about SAD DNS — New Flaws Re-Enable DNS Cache Poisoning Attacks
North Korean Hackers Used ‘Torisma’ Spyware in Job Offers-based Attacks
A cyberespionage campaign aimed at aerospace and defense sectors in order to install data gathering implants on victims' machines for purposes of surveillance and data exfiltration may have been more sophisticated than previously thought. The attacks, which targeted IP-addresses belonging to internet service providers (ISPs) in Australia, Israel, Russia, and defense contractors … [Read more...] about North Korean Hackers Used ‘Torisma’ Spyware in Job Offers-based Attacks
New Chrome Zero-Day Under Active Attacks – Update Your Browser
Google has patched a second actively exploited zero-day flaw in the Chrome browser in two weeks, along with addressing nine other security vulnerabilities in its latest update. The company released 86.0.4240.183 for Windows, Mac, and Linux, which it said will be rolling out over the coming days/weeks to all users. The zero-day flaw, tracked as CVE-2020-16009, was reported by … [Read more...] about New Chrome Zero-Day Under Active Attacks – Update Your Browser
FBI, DHS Warn Of Possible Major Ransomware Attacks On Healthcare Systems
The US Federal Bureau of Investigation (FBI), Departments of Homeland Security, and Health and Human Services (HHS) issued a joint alert Wednesday warning of an "imminent" increase in ransomware and other cyberattacks against hospitals and healthcare providers. "Malicious cyber actors are targeting the [Healthcare and Public Health] Sector with TrickBot malware, often leading … [Read more...] about FBI, DHS Warn Of Possible Major Ransomware Attacks On Healthcare Systems
New Framework Released to Protect Machine Learning Systems From Adversarial Attacks
Microsoft, in collaboration with MITRE, IBM, NVIDIA, and Bosch, has released a new open framework that aims to help security analysts detect, respond to, and remediate adversarial attacks against machine learning (ML) systems. Called the Adversarial ML Threat Matrix, the initiative is an attempt to organize the different techniques employed by malicious adversaries in … [Read more...] about New Framework Released to Protect Machine Learning Systems From Adversarial Attacks
New Chrome 0-day Under Active Attacks – Update Your Browser Now
Attention readers, if you are using Google Chrome browser on your Windows, Mac, or Linux computers, you need to update your web browsing software immediately to the latest version Google released earlier today. Google released Chrome version 86.0.4240.111 today to patch several security high-severity issues, including a zero-day vulnerability that has been exploited in the wild … [Read more...] about New Chrome 0-day Under Active Attacks – Update Your Browser Now
Popular Mobile Browsers Found Vulnerable To Address Bar Spoofing Attacks
Graphic for illustrationCybersecurity researchers on Tuesday disclosed details about an address bar spoofing vulnerability affecting multiple mobile browsers, such as Apple Safari and Opera Touch, leaving the door open for spear-phishing attacks and delivering malware. Other impacted browsers include UCWeb, Yandex Browser, Bolt Browser, and RITS Browser. The flaws were … [Read more...] about Popular Mobile Browsers Found Vulnerable To Address Bar Spoofing Attacks
India Witnessed Spike in Cyber Attacks Amidst Covid-19
The COVID-19 outreach is turning out to be not only health, social, and economic hazard but also a cybersecurity crisis. The pandemic has presented new challenges for businesses in the areas of remote collaboration and business continuity. With increased remote working for better business continuity, employees are using numerous Internet tools. As businesses and people have … [Read more...] about India Witnessed Spike in Cyber Attacks Amidst Covid-19