Lifeboat Foundation

A computer based in Russia was able to breach the Washington, D.C., Metro system earlier this year, the Metro’s Office of the Inspector General (OIG) said in a new report.

The partially redacted report, released Wednesday and first reported by The Washington Post, said the Washington Metropolitan Area Transit Authority’s (WMATA) cybersecurity group detected “abnormal network activity originating in Russia” in January.

SideWinder, a state-sponsored group, uses a network of phishing domains to target government and financial sectors in Pakistan and China.

Water Orthrus group returns, leveraging pay-per-install networks to deploy the new CopperStealth & CopperPhish malware.

Join top executives in San Francisco on July 11–12, to hear how leaders are integrating and optimizing AI investments for success. Learn More

Patch management approaches that aren’t data-driven are breaches waiting to happen. Attackers are weaponizing years-old CVEs because security teams are waiting until a breach happens before they prioritize patch management.

Cyberattackers’ growing tradecraft now includes greater contextual intelligence about which CVEs are most vulnerable. The result: Manual approaches to patch management — or overloading endpoints with too many agents — leaves attack surfaces unprotected, with exploitable memory conflicts.

Distributed denial-of-service (DDoS) attacks are growing in frequency and sophistication, thanks to the number of attack tools available for a couple of dollars on the Dark Web and criminal marketplaces. Numerous organizations became victims in 2022, from the Port of London Authority to Ukraine’s national postal service.

Security leaders are already combating DDoS attacks by monitoring network traffic patterns, implementing firewalls, and using content delivery networks (CDNs) to distribute traffic across multiple servers. But putting more security controls in place can also result in more DDoS false positives — legitimate traffic that’s not part of an attack but still requires analysts to take steps to mitigate before it causes service disruptions and brand damage.

Rate limiting is often considered the best method for efficient DDoS mitigation: URL-specific rate limiting prevents 47% of DDoS attacks, according to Indusface’s “State of Application Security Q4 2022” report. However, the reality is that few engineering leaders know how to use it effectively. Here’s how to employ rate limiting effectively while avoiding false positives.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned today of a critical remote code execution (RCE) flaw in the Ruckus Wireless Admin panel actively exploited by a recently discovered DDoS botnet.

While this security bug (CVE-2023–25717) was addressed in early February, many owners are likely yet to patch their Wi-Fi access points. Furthermore, no patch is available for those who own end-of-life models affected by this issue.

Attackers are abusing the bug to infect vulnerable Wi-Fi APs with AndoryuBot malware (first spotted in February 2023) via unauthenticated HTTP GET requests.

Attention Netgear RAX30 users! Five new flaws revealed! Hackers could hijack your devices, tamper with settings, and control your smart home.

‘Star Trek: Picard’ is set 400 years in the future, but, like most science fiction, it deals with issues in the here and now. The show’s third and final season provides a lens on cybersecurity.

The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.

Intro

In February 2022, Microsoft disabled VBA macros on documents due to their frequent use as a malware distribution method. This move prompted malware authors to seek out new ways to distribute their payloads, resulting in an increase in the use of other infection vectors, such as password-encrypted zip files and ISO files.