Web security services provider Cloudflare says it mitigated a distributed denial-of-service (DDoS) attack that peaked at almost 2 terabytes per second (Tbps). The multi-vector assault was launched by a botnet of approximately 15,000 machines infected with a variant of the original Mirai malware. The bots included Internet of Things (IoT) devices and GitLab instances, Cloudflare ..
A newly discovered Golang-based malware is using over 30 exploits in attacks, potentially putting millions of routers and Internet of Things (IoT) at risk of malware infection, according to a warning from AT&T Alien Labs. Dubbed BotenaGo, the threat deploys a backdoor on the compromised device, and then waits for commands – either from a ..
The NSA and the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released the first in a series of guidance documents for securing 5G cloud infrastructure. The guidance comes from the Enduring Security Framework (ESF), a public-private partnership between the NSA, CISA, the Defense Department, the intelligence community, as well as IT, communications, and ..
Tech giant Microsoft has rolled out new security offering to provide non-profit organizationss with additional security in the event of a nation-state attack. Microsoft said the new program would deliver monitoring and notifications for state-sponsored malware activity, assessment of organizational and infrastructure risks to help improve posture, and provide security training, for both IT employees ..
At SecurityWeek’s 2021 CISO Forum, a high-powered panel of experts discussed specific ways an SBOM can improve supply chain security and where expectations may be overblown. The conversation covers edge cases that are turning out to be more troublesome than anticipated and what might come next after SBOM and where there are opportunities for innovation (e.g., new ..
Looking to build stronger responses against cyberattacks in the Asia Pacific (APAC) region, Microsoft on Monday announced the creation of a cybersecurity council for the public sector in the region. The Asia Pacific Public Sector Cybersecurity Executive Council consists of policy makers and influencers from Brunei, Indonesia, Korea, Malaysia, Philippines, Singapore, and Thailand. It seeks seeks to ..
Threat actors are constantly targeting new vulnerabilities in SAP applications within days after the availability of security patches, according to a joint report issued by SAP and Onapsis. In some cases, exploitation attempts were observed shortly after the security bugs are made public: scanning for vulnerable systems started 48 hours after patches were released, with ..
A pair of unpatched vulnerabilities in QNAP small office/home office (SOHO) network attached storage (NAS) devices could allow attackers to execute code remotely, according to a warning from security researchers at SAM Seamless Network. The bugs were found to affect QNAP TS-231 SOHO NAS devices running firmware version 184.108.40.2066, but potentially impact other QNAP devices ..
A proposed executive order would set new rules on the disclosure of data breaches that also affect United States government agencies, according to a Reuters news report. The report said the executive order, which could be released as soon as the next week, would require software vendors to notify U.S. government customers of cyber-security breaches ..
Chipmaker AMD on Monday announced the launch of its new EPYC 7003 series server processors — codenamed Milan — and the company has shared some information about new and improved security features. The new CPUs are based on the Zen 3 architecture and AMD says they bring significantly improved performance for enterprise, cloud and HPC ..