Cyber Bites

New data has found that the number of global weekly cyberattacks has reached the highest record to date. The data has shown that there were 925 attempts per organization in Q4 2021. The data also revealed that the number of attempted attacks has been on a steady increase since Q2 2020, having seen 50% more attacks per week on corporate networks in 2021 in comparison to 2020. The data from CheckPoint was gathered from millions...

Users of dating sites have been warned to be weary of romance scams between Christmas Day and Valentine's Day. This is because during this time, scammers are out in full force seeking to establish contact and build rapport with victims and extort them for money. According to the National Fraud Intelligence Bureau (NFIB), just last year, losses soared from £8.7m last March to £14.6m in May. Losses for the entire year were recorded at astonishing...

Distributed denial-of-service (DDoS) attacks are increasingly being accompanied by huge demands against their marks, according to an annual survey from Cloudflare. Ransom-motivated DDoS attacks increased 29% year-on-year and 175% between Q3 2021 and Q4 2021, according to the research on cyberattack trends showing that companies must do more to prevent DDoS attack vectors. The manufacturing industry was the most targeted vector in Q4 of 2021 by application-layer DDoS attacks, racking up a concerning seven-fold (641%)...

Applications using the open-source libraries 'colors' and 'faker' have been breaking and printing gibberish. These libraries serve hundreds of thousands of projects, with millions of weekly downloads for open-source projects like Amazon's Cloud Development Kit. Projects that were using the code began to print messages, including text, such as 'LIBERTY LIBERTY LIBERTY', to the surprise of their developers and teams. It was thought that these libraries had been compromised. However, it appears that the developer...

The threat posed by the Log4j vulnerability hasn't gone away over the holidays, with the UK's National Health Service (NHS) issuing a warning that hackers are actively targeting the security flaw and recommending that organisations within the health service apply the necessary updates in order to protect themselves. "Affected organisations should review the VMware Horizon section of the VMware security advisory VMSA-2021-0028 and apply the relevant updates or mitigations immediately or subsequently consult the NHS Digital...

An emergency notice was filed by Bernalillo County in federal court last week, after a ransomware attack affected the Metropolitan Detention Center. The incident made it impossible for the MDC to comply with terms of a settlement agreement in a lawsuit over the jail conditions. The attack impacted the offices and systems in a variety of country government operations, including county buildings and services which were closed until further notice. Consequently, the MDC has been...

Around 7.5 million DatPiff users' account credentials and emails are available to download on RaidForum, a popular hacking forum. DatPiff is a mixtape hosting site that allows users to upload or download samples for free. The site has gained over 15 million users since launching in 2005. It appears that DatPiff's users' data has been available to buy publicly since July 2020, according to a report from BleepingComputer. Currently, it is unclear when the breach...

The Information Commissioner's Office (ICO) in the UK has appointed former New Zealand privacy commissioner John Edwards to head position, taking over from Elizabeth Denham. He started his five year term this week and said in a statement that he wants to "empower people to understand and influence how they want their data to be used, and to make it easy for people to access remedies if things go wrong."   In what is sure...

Messages from corporate emails were being undelivered at the start of the new year due to a Microsoft Exchange Server bug. Microsoft published an update on 1st January 2022, stating that emails were getting stuck in transport queues of on-premise Exchange Servers. This problem was caused by a "date check failure" in the servers malware scanning engine. Microsoft has published 2 solutions for users to fix the problem. The first solution is an automated one,...

Researcher Seif Elsallamy recently discovered a vulnerability in Uber's emailing system, which allows anyone to send an email on behalf of the company. If exploited, threat actors would be able to email the 57 million Uber users and drivers whose data was leaked in the 2016 data breach. Uber has been made aware of the flaw, although a fix has yet to be issued. Any emails sent using this flaw would appear as legitimate to...