Round Up of Major Breaches and Scams
A bank in Europe was the target of a huge distributed denial-of-service (DDoS) attack that sent to its networking gear a flood of 809 million packets per second (PPS). The attack can easily be a contender for the largest DDoS incident to date, despite not being a bandwidth-intensive attack, with a footprint of just 418Gbps.
Bharati Airtel, India’s major telecom service provider has upgraded its cyber security to a higher threat level for the next week in the aftermath of various cyber-attacks. They have increased their SOC (System On Chip) to withstand upcoming attacks and are working on eliminating any vulnerability that could welcome an attack.
Round Up of Major Malware and Ransomware Incidents
Dubbed GoldenSpy, the malware was observed as part of a campaign that supposedly started in April 2020, but some of the identified samples suggest the threat has been around since at least December 2016. One of the compromised organizations, a global technology vendor which recently opened offices in China, became infected after installing “Intelligent Tax,” a piece of software from the Golden Tax Department of Aisino Corporation, which a local bank required for paying local taxes.
The US Federal Bureau of Investigation sent out on Tuesday a security alert to K12 schools about the increase in ransomware attacks during the coronavirus (COVID-19) pandemic, and especially about ransomware gangs that abuse RDP connections to break into school systems.
Round Up of Major Vulnerabilities and Patches
The dust is far from settled following the disclosure of the 19 vulnerabilities in the TCP/IP stack from Treck, collectively referred to as Ripple20, which could help attackers take full control of vulnerable devices on the network. The company has notified its customers and issued patches but a week after the Ripple20 announcement from security research group JSOF, the full impact remains unclear.
GeoVision, a Taiwanese manufacturer of video surveillance systems and IP cameras, recently patched three of the four critical flaws impacting its card and fingerprint scanners that could’ve potentially allowed attackers to intercept network traffic and stage man-in-the-middle attacks.