Record-Breaking DDoS Attack Reached 5.6 Tbps
Source: Security Week
The largest DDoS attack blocked during the last three months of 2024 was a 5.6 terabit per second (Tbps) UDP DDoS assault launched by a Mirai-variant botnet against an internet service provider in Eastern Asia. The attack lasted 80 seconds and originated from 13,000 unique source IP addresses, each contributing, on average, around 1 gigabit per second.
PowerSchool Faces 23 Lawsuits Over Schools' Mega Data Breach
Source: Data Breach Today
Educational software-maker PowerSchool faces at least 23 lawsuits seeking class-action status, filed in the wake of a massive data breach involving student and faculty data. The Folsom, California-based company began warning multiple schools and districts around Jan. 8 that an attacker stole student and faculty database tables from the PowerSchool student information system platform sometime between Dec. 10 and Dec. 28, 2024.
Ransomware attackers are “vishing” organizations via Microsoft Teams
Source: Help Net Security
The “email bombing + posing as tech support via Microsoft Teams” combination is proving fruitful for two threat actors looking to deliver ransomware to organizations, and they seem to be ramping up their efforts. The threat actors are social-engineering their way in.
Black 'Magic' Targets Enterprise Juniper Routers With Backdoor
Source: Dark Reading
Such routers typically lack endpoint detection and response protection, are in front of a firewall, and don't run monitoring software like Sysmon, making the attacks harder to detect. Dozens of organizations have been infected with router malware that uses a packet-sniffing technique to minimize its footprint.
Tesla EV charger hacked twice on second day of Pwn2Own Tokyo
Source: Bleeping Computer
Security researchers hacked Tesla's Wall Connector electric vehicle charger twice on the second day of the Pwn2Own Automotive 2025 hacking contest. PHP Hooligans were the first to crash the Tesla Wall Connector after using a Numeric Range Comparison Without Minimum Check zero-day bug to take over the device.