The Biggest DDoS Attack in History Hit Russian Tech Giant Yandex
As in the tree implications of The SB 8 abortion law in Texas was found, internet infrastructure companies have become an impossible main point. There are many hosting and domain registration providers refuses to offer services on an abortion ‘whistleblower’ site for violation of the terms of service in connection with the collection of data about third parties. The site, which aims to collect tips from people who have received, performed or hastened abortions in Texas, was completed in more than a week.
Meanwhile, according to Apple fighting controversy as it suggests – but stopped now—Plans for scan iPhones for child sexual abuse material, WhatsApp moved this week plug the most encryption loophole at the end. The entire secure communication platform will not be able to view your messages at any point on their digital journey, but if you back up your chats to a cloud-third party service, such as iCloud or Google Cloud, messages never end. finished encrypted. With some clever cryptography, the service has finally created a method for encrypting the backup before it is sent to the cloud for storage.
After handing over the IP address of a law enforcement activist, secure email service ProtonMail said this week that it was updating its policies to make it clearer what customer metadata it can be that is strongly forced to collect. However, the service emphasizes that the actual content of emails sent by the platform is always encrypted and unreadable, even by ProtonMail itself.
And 20 years after the attacks on September 11, 2001, privacy researchers still think the tragedy continues. influence of attitudes toward observation in the United States.
But wait, there’s more! Each week we focus on all the WIRED security news not covered in depth. Click on the news headlines to read the full stories, and stay safe there.
Russian tech giant Yandex said this week that in August and September it was hit with the most recorded distributed denial-of-service or DDoS attacks. The flood of garbage traffic, meant to fill the systems and lower them, which came on Sept. 5, but Yandex successfully defended even the most barrage. “Our experts were able to prevent a record attack of nearly 22 million requests per second,” the company said in a statement. “This is the most widely known attack in internet history.”
A Russian national believed to be collaborating with the notorious malware gang TrickBot was arrested last week at Seoul’s international airport. Known only as G. A in the local media, the man attempted to fly to Russia after spending more than a year and a half in South Korea. By February 2020, Mr. A was imprisoned in Seoul for international travel bans related to the COVID-19 pandemic. At this time his passport expired and Mr. A had to take an apartment in Seoul while working with the Russian embassy on a surrogate basis. Meanwhile, U.S. law enforcement has opened an investigation into TrickBot activity, specifically in relation to a botnet created by the group and used to help speed up ransomware attacks in 2020. During investigating officers gathered evidence of Mr. A’s alleged work on TrickBot, including the possible 2016 development of a malicious browser tool.
A bug in the UK version of McDonald’s Monopoly VIP game unlocks usernames and passwords for the game databases of all winners. The error caused data about both the game creation and server conversations to show up in the prize redemption emails. The disclosed information includes the details and credentials of the Microsoft Azure SQL database. A winner who receives credentials will likely not be able to log in to the production server due to a firewall, but will be able to access the standing server and possibly retrieve winning codes to retrieve multiple prize.
Hackers printed 500,000 Fortinet VPN credentials, usernames and passwords, collected last summer from vulnerable devices. The bug they have been taking advantage of to collect data since plastered, but some of the stolen credentials may still be valid. This will allow malicious artists to log into organizations ’Fortinet VPNs and access their networks to install malware, steal data, or launch other attacks. The data dump, published by a well-known ransomware gang offshoot called “Orange,” was posted for free. “CVE-2018-13379 is an old vulnerability that was resolved in May 2019,” Fortinet said in a statement to Sleeping Computer. “If customers haven’t already, we urge them to immediately implement the upgrade and downgrade.”
More WIRED Stories