Attackers can use a newly disclosed domain name server (DNS) vulnerability publicly known as TsuNAME as an amplification vector in large-scale reflection-based distributed denial of service (DDoS) attacks targeting authoritative DNS servers. In simpler terms, authoritative DNS servers translate web domains to IP addresses and pass this info to recursive DNS servers that get queried…
Cryptocurrency Fraud , Fraud Management & Cybercrime , Ransomware Panel Also Tackles Critical Ransomware Issues Anna Delaney (annamadeline) • May 7, 2021 Clockwise, from top left: Scott Ferguson, Anna Delaney, Marianne Kolbasuk McGee and Tom Field Four editors at Information Security Media Group discuss…
Endpoint Security , Hardware / Chip-level Security After Researchers Release Report, Chipmakers Assert That No New Defenses Are Needed Doug Olenick (DougOlenick) • May 6, 2021 Intel and AMD are disputing the findings of researchers from two universities who say they’ve discovered new attacks on Intel and AMD processors that can bypass most…
Application Security , Endpoint Security , Incident & Breach Response Pen Test Partners: Millions Could Have Had Data Exposed Marianne Kolbasuk McGee (HealthInfoSec) • May 6, 2021 Photo: Peloton Security researchers say API flaws could have exposed the private data of millions of Peloton fitness equipment online service users for months before they…
Application Security , Endpoint Security , Incident & Breach Response Pen Test Partners: Millions Could Have Had Data Exposed Marianne Kolbasuk McGee (HealthInfoSec) • May 6, 2021 Photo: Peloton Security researchers say API flaws could have exposed the private data of millions of Peloton fitness equipment online service users for months before they…
Endpoint Security , Governance & Risk Management , Patch Management Dell Has Patched Driver Issue Found by SentinelOne Jeremy Kirk (jeremy_kirk) • May 5, 2021 Dell’s headquarters in Round Rock, Texas (Photo: Jjpwiki via Wikipedia/CC) Dell has patched five flaws in a vulnerable firmware update driver that has shipped in millions of laptops,…
Softpedia News / Security 5. May 2021 Multiple critical vulnerabilities have been discovered in the Exim email server software by the Qualys Research Team. Some of these flaws can be chained together to achieve full remote unauthenticated code execution and root privileges. Exim is a widely used mail transfer agent (MTA) that even comes pre-installed…
The attack overwhelmed the systems of a Belgian ISP, leading to widespread service outages and disruptions Many government websites and services in Belgium were knocked offline on Tuesday after Belnet, the internet service provider (ISP) for the country’s public sector, was hit by a massive distributed denial-of-service (DDoS) attack. According to Belnet, the attack started…
Breach Notification , Business Continuity Management / Disaster Recovery , Fraud Management & Cybercrime SEC Filing Predicts $10 Million to $15 Million Impact Marianne Kolbasuk McGee (HealthInfoSec) • May 5, 2021 SmileDirectClub, which sells teeth-straightening appliances, expects that a recent cyberattack, which disrupted the manufacturing of its products, will take a $10 million…
A new academic study has highlighted a number of privacy and security pitfalls associated with recycling mobile phone numbers that could be abused to stage a variety of exploits, including account takeovers, conduct phishing and spam attacks, and even prevent victims from signing up for online services. Nearly 66% of the recycled numbers that were…
