Cyber Weekly Digest - 2022 Week #4


In this week’s Digest, we take a look at some of the latest Distributed Denial of Service (DDoS) attacks to join the growing list, including one of the largest attacks reported in history. Keep reading the stay up to date on the latest cyber security stories from around the world.


1. The Nobel Foundation site was hit by a DDoS attack on award day.

The Nobel Foundation and the Norwegian Nobel Institute have disclosed an attack that unfolded during the award ceremony on December 10, 2021. The DDoS attack aimed to prevent the ability to update and publish new information about the Nobel Prize and the achievements of the Nobel Laureate on the award day. There is no information about who is behind the attack, however, media has speculated a state actor could be involved due to the criticism the Nobel Foundation has faced in the past.


2. Apple released iOS and macOS updates to patch 13 security vulnerabilities.

Apple on Wednesday released 13 patches for serious security bugs in macOS and 10 for flaws in iOS/iPadOS. They include patches for two zero-day vulnerabilities, one of which Apple believes may have been exploited by attackers in the wild. Tracked as CVE-2022-22587, the vulnerability relates to a memory corruption issue in the IOMobileFrameBuffer component that could be abused by a malicious application to execute arbitrary code with kernel privileges.


3. QNAP warns of DeadBolt ransomware targeting internet-facing NAS devices.

On Tuesday, Taiwanese company QNAP has warned customers to secure network-attached storage (NAS) appliances and routers against a new ransomware variant called DeadBolt. QNAP said that DeadBolt has been widely targeting all NAS exposed to the Internet without any protection and encrypting users' data for Bitcoin ransom. The DeadBolt ransomware has been exploiting a zero-day vulnerability in the device's software. Later in the week QNAP took drastic action and force-updated the firmware for all customers' NAS devices to the latest version.


4. Dark Souls 3 servers temporarily shut down due to a critical RCE flaw.

Earlier this week the Dark Souls 3 role-playing game temporarily deactivated PvP servers after a critical remote code execution vulnerability came to light. The vulnerability allows an attacker to execute almost any program on the victim’s computer, so they’re able to steal confidential data or execute any program. The developers have said that the bug is only relevant for PC users and that Xbox and PlayStation consoles are unaffected. The flaw came to light when a fan of the game demonstrated the exploit on Twitch.


5. Microsoft mitigated a record 3.47 Tbps DDoS attack on Azure users.

Microsoft has said its Azure DDoS protection platform mitigated a massive 3.47 terabits per second DDoS attack targeting an Azure customer from Asia last November. Alethea Toh, an Azure Networking Product Manager said that they “believe this to be the largest attack ever reported in history." The attack originated from approximately 10,000 sources and from multiple countries across the globe, including the United States, China, South Korea, Russia, Thailand, India, Vietnam, Iran, Indonesia, and Taiwan.




27 views