Microsoft: Azure DDoS Attack Amplified by Cyber-Defense Error

The sustained cyberattack, likely made worse by a mitigation snafu, disrupted several Azure cloud services for nearly eight hours on July 30. [TechWeb]( Follow Dark Reading: [RSS]( August 01, 2024 LATEST SECURITY NEWS & COMMENTARY [Microsoft: Azure DDoS Attack Amplified by Cyber-Defense Error]( The sustained cyberattack, likely made worse by a mitigation snafu, disrupted several Azure cloud services for nearly eight hours on July 30. [North Koreans Target Devs Worldwide With Spyware, Job Offers]( DEV#POPPER is back, looking to deliver a comprehensive, updated infostealer to coding job seekers by way of a savvy social engineering gambit. [Smart Cars Share Driver Data, Prompting Calls for Federal Scrutiny]( Two US senators accuse carmakers of deceptive language and shifty practices in sharing and resale of driver data. [Dynamically Evolving SMS Stealer Threatens Global Android Users]( A network of more than 2,600 Telegram bots has helped exfiltrate one-time passwords and data from devices for more than two years. [Siri Bug Enables Data Theft on Locked Apple Devices]( Malicious actors could potentially exploit this vulnerability if they gain physical access to a user's device. [Dangerous XSS Bugs in RedCAP Threaten Academic & Scientific Research]( The security vulnerabilities, CVE-2024-37394, CVE-2024-37395, and CVE-2024-37396, could lay open proprietary and sensitive research to data thieves. [Would Making Ransom Payments Illegal Result in Fewer Attacks?]( If paying a ransom is prohibited, organizations won't do it — eliminating the incentive for cybercriminals. Problem solved, it seems. Or is it? [Australian Companies Will Soon Need to Report Ransom Payments]( Significant upcoming legislation promises to tighten the screws on cyber incident response in Australia, mirroring CIRCIA in the US. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Ransomware Gangs Exploit ESXi Bug for Instant, Mass Encryption of VMs]( With sufficient privileges in Active Directory, attackers only have to create an "ESX Admins" group in the targeted domain and add a user to it. [7 Sessions Not to Miss at Black Hat USA 2024]( This year's conference will be a treasure trove of insights for cybersecurity professionals. [Cyberattackers Accessed HealthEquity Customer Info via Third Party]( Data thieves heisted the HSA provider's data repository for 4.5 million people's HR information, including employer and dependents intel. [The CrowdStrike Meltdown: A Wake-up Call for Cybersecurity]( The incident serves as a stark reminder of the fragility of our digital infrastructure. By adopting a diversified, resilient approach to cybersecurity, we can mitigate the risks and build a more secure digital future. [MORE]( PRODUCTS & RELEASES [AI-Driven Executive Impersonations Emerge As Significant Threat to Business Payment Processes]( [Protect AI Acquires SydeLabs to Red Team Large Language Models]( [ESET Reveals Latest Cloud-Native Authentication Solution]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE Your Voice Heard!]( Tell Dark Reading about your cybersecurity budget challenges and concerns, such as a rise in cyberattacks, ransomware, or attacks on software supply chains and partners. Take our survey, and you could could win one of 10 $50 Amazon gift cards to be given away through a random drawing. LATEST FROM THE EDGE [Google Will Not Remove Third-Party Cookies From Chrome]( Cookies aren't going away, after all. After years of saying it will do so, Google has decided to not remove third-party cookies from Chrome. LATEST FROM DR TECHNOLOGY [Could Intel Have Fixed Spectre & Meltdown Bugs Earlier?]( Intel works closely with academic researchers on hardware flaws and coordinates efforts with other vendors to roll out fixes for emerging vulnerabilities. That wasn't always the case. LATEST FROM DR GLOBAL [India-Linked SideWinder Group Pivots to Hacking Maritime Targets]( The nation-state espionage group known for attacking Pakistan has expanded its reach to targets in Egypt and Sri Lanka. WEBINARS - [The Rise of AI-Powered Malware and Application Security Best Practices]( - [CISO Perspectives: How to make AI an Accelerator, Not a Blocker]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [Ten Elements of Insider Risk in Highly Regulated Industries]( - [Boston Beer Company Transforms OT Security & Reduces Costs]( - [OT Cybersecurity Glossary & Quick Start Guide]( - [IT Risk & Compliance Platforms: A Buyer's Guide]( - [The Forrester Wave™: External Threat Intelligence Service Providers, Q3 2023]( - [Generative AI Gifts]( - [5 Essential Insights into Generative AI for Security Leaders]( [View More White Papers >>]( FEATURED REPORTS - [Managing Third-Party Risk Through Situational Awareness]( - [2024 InformationWeek US IT Salary Report]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=124922&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_08.01.24&sp_cid=54544&utm_content=DR_NL_Dark%20Reading%20Daily_08.01.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#59 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)