• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
  • ChatGPT
    • Does ChatGPT Save Data?
AskCyber Home » News » News » Cyber Security News Update 3/2/2018

Cyber Security News Update 3/2/2018

2018-03-02 by Max

GitHub has survived the largest Denial of Service (DDoS) attack ever recorded, coming in at an astounding 1.3 Tbs of traffic. This is nearly five times larger than the next biggest DDoS attack, and it GitHub came through in one piece. DDoS attacks are used to deny others the service of a website; they work by overloading the servers used to host a particular website and forcing them offline. The DDoS attack against GitHub worked by exploiting unprotected memcached servers, which help make up the backbone of the internet. These servers respond to traffic with a large volume of response data, and while they’re supposed to be protected and kept behind firewalls, many are left unguarded or outside of their owner’s security. This allowed them to be given simple commands that directed their response traffic at GitHub’s servers. GitHub has worked to increase its bandwidth as the site grows more popular, and its service provider had additional servers on-hand to provide overflow capacity. GitHub also relies on anti-DDoS software that picks out malicious traffic and redirects it dead-ends or empty servers. This adaptive defense helped GitHub remain up despite a DDoS attack of unprecedented size and intensity. The use of memcached servers for a DDoS amplification attack like this is troubling; many of memcached servers remain unprotected, even after multiple warnings and requests to move them behind a firewall.
Source: GitHub rides out record-breaking DDoS attack that leveraged memcached servers

The FS-ISAC fell victim to a phishing attack after an employee clicked on a malicious email, which cloned his credentials and used them to send our malicious emails to other accounts. FS-ISAC is a security company that specializes in physical and cyber threats; it provides assistance and know-how to financial companies. This makes it particularly egregious that an employee of theirs fell for a phishing scheme; as we’ve said before, do not open emails if you don’t know the sender. If you must open them, don’t download any of the attachments. FS-ISAC reported that the breach was contained and no sensitive information was stolen, as other employees noted the odd email and reported it as malicious. FS-ISAC currently believes that the attack wasn’t targeted specifically at them and is nothing to be concerned about.
Source: FS-ISAC hit with phishing attacks

As technology advances so do the tools that cyber-criminals use. Trojans and packet sniffers are joined by fileless malware attacks and SMS phishing. Fileless malware relies on file types that don’t normally have malware in them, such as Microsoft Word Documents, to slip through antivirus software. These dangerous Word documents have proto-malware hidden in their Macros. When the victim downloads the document and enables editing the macros spring into action and begin downloading things from online, or they mess with system settings. Before anti-virus software can react they’ve disabled important parts of the system or the protective software. This sort of attack and other more innovative ways are becoming more common, and cyber security must adapt if it wants to remain effective and relevant.
Source: Fileless Malware: Why You Should Care

Filed Under: News

About Max

Max is a Data Privacy Coordinator at a major global law firm and a science fiction author residing in the Philadelphia area. He has been writing for https://www.askcybersecurity.com since early 2017.


LinkedInTwitterFacebook

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version