Issue #108 - July 29, 2024
- Weekly INK
- Aug 1, 2024
- 2 min read
Microsoft: Azure DDoS Attack Amplified by Cyber-Defense Error
Source: Dark Reading
The sustained cyberattack, likely made worse by a mitigation snafu, disrupted several Azure cloud services for nearly eight hours on July 30. Microsoft blamed an implementation error for amplifying the impact of a distributed denial-of-service (DDoS) attack yesterday, which ended up disrupting the company's Azure cloud services for nearly eight hours.
Sitting Ducks DNS attacks let hackers hijack over 35,000 domains
Source: Bleeping Computer
Threat actors have hijacked more than 35,000 registered domains in so-called Sitting Ducks attacks that allow claiming a domain without having access to the owner's account at the DNS provider or registrar. In a Sitting Ducks attack, cybercriminals exploit configuration shortcomings at the registrar level and insufficient ownership verification at DNS providers.
Ransomware Hit on Florida Blood Center Affects Supplies
Source: Data Breach Today
A Florida-based blood donation center is urging hundreds of hospitals in the southeastern United States to activate critical blood shortage protocols as the nonprofit organization deals with a ransomware attack that's disrupting its blood collection, inventory and related processes.
BEC Attacks Surge 20% Annually Thanks to AI Tooling
Source: Infosecurity Magazine
Business email compromise (BEC) attacks have risen sharply over the past year thanks to the use of AI tools to generate scam messages, according to a new study from Vipre Security Group. The vendor processed 1.8 billion emails globally, detecting 226 million spam messages and nearly 17 million malicious URLs during the period.
OneDrive Phishing Scam Tricks Users into Running Malicious PowerShell Script
Source: The Hacker News
Cybersecurity researchers are warning about a new phishing campaign that targets Microsoft OneDrive users with the aim of executing a malicious PowerShell script. "This campaign heavily relies on social engineering tactics to deceive users into executing a PowerShell script, thereby compromising their systems," Trellix security researcher Rafael Pena said in a Monday analysis.