Staying cyber aware and implementing cyber security practices will help you stay protected against potential attacks, so you remainempowered in this ever-changing technology world.
There have been some interesting developments in the cyber security landscape, and cyber attacks are an ever-growing threat to businesses of all sizes.
Stay ahead of the curve, solve your current IT issues, secure your business from threats, and enhance your overall technology infrastructure.
The Most Recent Cyber Security News Stories
Have you updated your Apple devices lately? If not, it’s time to do so!
Apple just released security updates for iOS, iPadOS, macOS, and Safari. The update is to fix a zero-day vulnerability that hackers have been exploiting.
This vulnerability, tracked as CVE-2023-23529, is related to a type confusion bug in the WebKit browser engine.
What does this mean? Well, it means that if you visit a website with malicious code, the bug can be activated, leading to arbitrary code execution. In other words, hackers can take control of your device and access all your data.
It’s scary to think that simply visiting a website could lead to a security breach. This is why it’s essential to keep your devices updated with the latest security patches.
In a recent discovery by cybersecurity firm Censys, more than 500 hosts have fallen victim to the ESXiArgs ransomware strain.
Most of these compromised hosts are located in France, Germany, the Netherlands, the U.K., and Ukraine. What’s particularly concerning is that Censys found two hosts with ransom notes dating back to mid-October 2022, shortly after ESXi versions 6.5 and 6.7 reached their end of life.
This means that the attackers behind ESXiArgs have been active for several months, and were able to gain a foothold in these hosts during a time when they were no longer receiving security updates or patches.
It also shows that ransomware attacks can take a while to gain traction, and can often go undetected for months before they are discovered.
What’s even more alarming is that the ransom notes on the two hosts were updated on January 31, 2023, with a revised version that matches the ones used in the current wave of attacks. This suggests that the attackers have been refining their tactics and improving their ransomware strain to make it more effective.
Ransomware attacks like ESXiArgs can be devastating for organizations, causing data loss, financial losses, and reputational damage. It’s important for organizations to stay vigilant and ensure that their systems are always up to date with the latest security patches and updates.
Additionally, having a solid backup and disaster recovery plan can help organizations quickly recover from an attack and minimize its impact.
Cloudflare, a web infrastructure company, has reported that they have successfully stopped a massive distributed denial-of-service (DDoS) attack.
This attack, which peaked at over 71 million requests per second, is the largest HTTP DDoS attack that has been recorded so far, breaking the previous record of 46 million requests per second.
The attack was so large that Cloudflare has dubbed it a “hyper-volumetric” DDoS attack. The attack was targeted at websites that were secured by Cloudflare’s platform, and it is believed that the attack originated from a botnet that was made up of more than 30,000 IP addresses from various cloud providers.
This attack is a reminder that DDoS attacks remain a significant threat to websites and online services, and it is crucial for companies to have robust security measures in place to protect against such attacks.
Microsoft has been busy this week, releasing security updates to fix a whopping 75 vulnerabilities in its products. That’s a lot of potential ways for cybercriminals to wreak havoc on our devices and systems!
Three of the flaws have already been exploited in the wild, so it’s crucial that users update their software as soon as possible. In total, nine of the vulnerabilities are rated as Critical, which means they could allow attackers to take over a device remotely.
37 of the flaws are what are known as remote code execution (RCE) vulnerabilities. These are particularly dangerous because they allow attackers to execute code on a victim’s device without any interaction or permission.
So, if you’re using any Microsoft products, it’s best to update them as soon as possible.
A new variant of the infamous Mirai botnet has been spotted wreaking havoc in the world of Linux and IoT devices. This new version, dubbed V3G4 by the experts at Palo Alto Networks Unit 42, is making use of 13 security vulnerabilities to spread itself far and wide.
As we know, the Mirai botnet has a notorious history, having been responsible for several high-profile attacks in the past.
This new variant only serves to underscore the importance of keeping our devices and systems up to date with the latest security patches and measures.
Cybercriminals have launched a new type of attack targeting Chinese-speaking individuals in Southeast and East Asia.
Using rogue Google Ads, they are tricking people looking for popular applications like Google Chrome, WhatsApp, and Skype and directing them to fake websites that download malware onto their machines.
The attacks are particularly insidious because they use seemingly legitimate Google Ads to lure in victims. The malware being downloaded is a remote access trojan called FatalRAT, which gives the attackers complete control over the infected machine.
Security researchers are urging people to be cautious when downloading applications, especially from unfamiliar websites.
As always, remember that cybersecurity is not just a one-time event or a quick fix, every small action can make a big difference in safeguarding your online security. You’ll need to implement security practices such as:
- Using strong passwords
- Regularly updating your software
- Staying aware of phishing scams
- Firewalls and Antivirus
Let’s continue to stay curious, stay vigilant, and stay safe in the ever-changing digital landscape and above all, remember that cybersecurity is a community effort.
Thank you for joining us on this cybersecurity journey, and we look forward to sharing more insights and updates with you in the weeks ahead. BVA is always here to answer your questions and address your concerns.