Network Security


NEWS 
  • Akira ransomware overview

    October 12, 2023

    Akira is a relatively new ransomware variant with Windows and Linux versions that came out in April 2023. Like many attackers, the gang behind this variant only uses the ransomware to encrypt files after first breaking into a network and stealing data. This group also employs a double extortion tactic, demanding a ransom from victims ...

  • 10 zero-day vulnerabilities in industrial cell router could lead to code execution, buffer overflows

    October 11, 2023

    Cisco Talos recently disclosed 11 vulnerabilities, 10 of which are zero-days without a patch in an industrial cellular router. Attackers could exploit these vulnerabilities in the Yifan YF325 to carry out a variety of attacks, in some cases gaining the ability to execute arbitrary shell commands on the targeted device. The one other security issue Talos ...

  • How it works: The novel HTTP/2 ‘Rapid Reset’ DDoS attack

    October 10, 2023

    A number of Google services and Cloud customers have been targeted with a novel HTTP/2-based DDoS attack which peaked in August. These attacks were significantly larger than any previously-reported Layer 7 attacks, with the largest attack surpassing 398 million requests per second. The attacks were largely stopped at the edge of our network by Google’s ...

  • IZ1H9 Campaign Enhances Its Arsenal with Scores of Exploits

    October 9, 2023

    In September 2023, our FortiGuard Labs team observed that the IZ1H9 Mirai-based DDoS campaign has aggressively updated its arsenal of exploits. Thirteen payloads were included in this variant, including D-Link devices, Netis wireless router, Sunhillo SureLine, Geutebruck IP camera, Yealink Device Management, Zyxel devices, TP-Link Archer, Korenix Jetwave, and TOTOLINK routers. Based on the trigger counts ...

  • NSA, FBI, CISA, and Japanese Partners Release Advisory on PRC-Linked Cyber Actors

    September 27, 2023

    Today, the U.S. National Security Agency (NSA), Federal Bureau of Investigation (FBI), and Cybersecurity and Infrastructure Security Agency (CISA), along with the Japan National Police Agency (NPA) and the Japan National Center of Incident Readiness and Strategy for Cybersecurity (NISC) released joint Cybersecurity Advisory (CSA) People’s Republic of China-Linked Cyber Actors Hide in Router Firmware. The ...

  • ICS protocol coverage using Snort 3 service inspectors

    September 26, 2023

    With more devices on operational technology (OT) networks now getting connected to wide-reaching IT networks, it is more important than ever to have effective detection capabilities for ICS protocols. However, there are a few issues that usually arise when creating detection for ICS protocol traffic. Oftentimes, the protocols connecting these devices on modern networks originate ...

  • CISA Releases Update to Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells

    September 6, 2023

    The Cybersecurity and Infrastructure Security Agency (CISA) has released an update to a previously published Cybersecurity Advisory (CSA), Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells. The CSA—originally released to warn network defenders of critical infrastructure organizations about threat actors exploiting CVE-2023-3519, an unauthenticated remote code execution (RCE) vulnerability affecting NetScaler (formerly Citrix) Application Delivery ...

  • CISA Releases Capacity Enhancement Guide to Strengthen Agency Resilience to DDoS Attack

    September 6, 2023

    CISA has released actionable guidance for Federal Civilian Executive Branch (FCEB) agencies to help them evaluate and mitigate the risk of volumetric distributed denial-of-service (DDoS) attacks against their websites and related web services. The Capacity Enhancement Guide: Volumetric DDoS Against Web Services Technical Guidance: Helps agencies prioritize DDoS mitigations based on mission and reputational impact. Describes DDoS ...

  • CyberDSA 2023: Forging a Resilient Digital Future Through Unprecedented Collaboration

    August 16, 2023

    Over 5,000 cybersecurity professionals and leaders convene to promote greater collaboration within the sector Kuala Lumpur, 16 August 2023 — The highly anticipated inaugural Cyber Digital Services Defence & Security Asia (CyberDSA) 2023 has officially commenced at the Kuala Lumpur Convention Centre, graced by the Minister of Communications and Digital, YB Fahmi Fadzil. Embracing the theme ...

  • The 10th Annual Cyber Senate Control Systems Cybersecurity USA conference is coming to Nashville on the 19th and 20th of September.

    August 7, 2023

    This operational technology cyber security event is attended by leading Subject Matter Experts from the asset owner, technology and government sphere. This year’s focus will be on sharing collective experiences that can help organisations design and implement their transition plan to Zero Trust architecture, better manage IT and OT convergence, improve technology selection and how ...