Cybersecurity

CISA, FBI, and MS-ISAC updated their DDoS guide, adding insights on Volumetric, Protocol, and Application attacks, aiding IT leaders and executives in defense strategies.

NVD may be in peril and while alternatives exist, enterprise security managers will need to plan accordingly to stay on top of new threats.

Since the beginning of this year, the company has disclosed some seven critical bugs so far, almost all of which attackers have quickly exploited in mass attacks.

Armed with little more than an email address, scammers are trying to trick small businesses and the self employed into giving up Social Security numbers.

Researchers have discovered a new variant of the AcidRain Linux malware, named AcidPour, which targets a broader range of devices, including NAS storage and other network appliances. Sharing about 30% of its code with AcidRain, both are capable of erasing data, but in distinct ways. AcidPour is aimed at systems with flash memory and has the potential to impact data centers, raising security concerns.

In 2023, the IC3 recorded a record of 880,418 cybercrime complaints in the USA, with losses exceeding $12.5 billion, a 10% increase in complaints and a 22% increase in losses compared to 2022. Investment fraud led the losses, followed by business email compromise and technical support scams.

out-of-bounds write in Fortinet FortiOS CVE-2024-21762 vulnerability

Three cybersecurity researchers discovered close to 19 million plaintext passwords exposed on the public internet by misconfigured instances of Firebase, a Google platform for hosting databases, cloud computing, and app development.

cross-posted from: https://lemmy.world/post/13311716

cross-posted from: https://lebowski.social/post/463762