The latest Nexusguard DDoS Trend Report for 2024 has unveiled a significant escalation in the size of Distributed Denial of Service (DDoS) attacks throughout 2023, with an average increase of 233.33% compared to the previous year. Despite a 54.74% drop in the total number of attacks, the dramatic rise in attack size indicates a strategic shift towards more potent and disruptive cyber assaults. In 2023, the digital landscape witnessed a transformative wave of DDoS attacks, challenging the conventional understanding of cyber threats. Industries ranging from gaming to financial services were targ ..read more

Researchers have identified a new form of cyberattack termed “LLMjacking,” which exploits stolen cloud credentials to hijack cloud-hosted large language models (LLMs). This sophisticated attack leads to substantial financial losses and poses significant risks to data security. LLMjacking involves attackers gaining unauthorized access to cloud environments through compromised credentials, initially sourced from vulnerabilities in widely used frameworks like Laravel (CVE-2021-3129). Once inside, the attackers target LLM services such as Anthropic’s Claude models, manipulating these resources to ..read more

The North Korean hacking group known as Kimsuky has been reported to employ sophisticated methods involving social media platforms and system management tools to conduct espionage activities. This revelation highlights the evolving tactics of cyber adversaries and the increasing complexity of protecting digital assets. Utilizing Facebook for Initial Infiltration According to a recent report from Genians, Kimsuky, a notorious cyber-espionage group, has recently been observed using Facebook to target individuals involved in North Korean human rights and security affairs. Facebook to target indiv ..read more

Dell Technologies recently disclosed a data breach involving a company portal that contained limited customer information related to purchases. The breach exposed customer names, physical addresses, and detailed order information, including service tags, item descriptions, order dates, and warranty details. However, Dell has confirmed that no financial data, email addresses, phone numbers, or other highly sensitive information were accessed during the incident. Upon discovering the breach, Dell promptly initiated security response procedures, began an investigation to assess its extent, and t ..read more

Several Stack Overflow users have begun deleting their contributions from the platform, a move that has sparked widespread debate within the developer community. This action follows a newly announced partnership between Stack Overflow and OpenAI, detailed in a press release on May 6, 2024. The collaboration aims to integrate Stack Overflow’s vast repository of developer knowledge with OpenAI’s cutting-edge artificial intelligence models. Both organizations believe that this union will significantly enhance the developer experience across both platforms. However, the announcement has not been m ..read more

Google released a critical security update for its Chrome web browser to address attackers exploiting a high-severity vulnerability. The update brings Chrome to version 124.0.6367.201 for Windows, Mac, and Linux users on the Stable release channel. The vulnerability, tracked as CVE-2024-4671, is a “use after free” flaw in the browser’s Visuals component that could allow an attacker to execute arbitrary code on a victim’s system. Successful exploitation would give the attacker the same privileges as the logged-in user, potentially enabling them to install malware, steal data, or create new user ..read more

Researchers found several points of entry for potential attackers, one of which was Apple’s Book Travel portal, where they took advantage of a significant SQL injection vulnerability. Experimenting with the Masa/Mura CMS revealed the attack surface, primarily the one available within Apple’s environment.  The JSON API was the main focus because it provides access to certain functions available within Apple’s environment. A JSON API should be the source of any potentially susceptible sink researchers discover. Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting yo ..read more

Guardant Health, a leading cancer screening and precision medicine company, has disclosed a data breach that left sensitive patient information publicly accessible online for over three years. The California-based firm, which has performed over 500,000 blood tests, is notifying an undisclosed number of individuals that an employee inadvertently exposed their private medical data. The data, which included patient names, ages, medical record numbers, treatment details, and test results, was related to samples collected in late 2019 and 2020. Free Webinar on Live API Attack Simulation: Book ..read more

Critical operational elements such as data storage, processing, backups, and recovery heavily rely on Australian industrial organizations’ data centers. These facilities support various business functions, including productivity tools, transaction-intensive applications, big-data processing systems, and artificial intelligence (AI). The importance of data centers is manifest in the fact that the SOCI Act 2018 identifies them as critical infrastructure sectors for data storage and processing. Cybersecurity analysts at Dragos recently affirmed that although cloud adoption provides numerous advan ..read more

A sprawling cybercrime network, “BogusBazaar,” has stolen credit card details from over 850,000 online shoppers, mainly in Western Europe and the United States, by operating tens of thousands of fraudulent e-commerce websites. Security researchers estimate that since 2021, the hackers have processed over 1 million fake orders totaling more than $50 million. Document Free Webinar : Live API Attack Simulation 94% of organizations experience security problems in production APIs, and one in five suffers a data breach. As a result, cyber-attacks on APIs increased from 35% in 2022 to 46% in 2023, an ..read more