#Cyberattack
Explore tagged Tumblr posts
Visit Tumblr Blog
Explore Tumblr blogs with no restrictions, modern design and the best experience.
Last Seen Tumblr Blogs
Fun Fact
Hackers stole 65M passwords from Tumblr in 2013.
Text
"Eric Noonan, CEO of cybersecurity provider CyberSheath, told CNN it’s likely too early to tell if an attack caused the issues.
“One of the things that should always be taken with a grain of salt is any statements made in the short period of time, immediately after, or even in this case during an attack,” Noonan said.
Musk has a history of attributing technical snafus to cyberattacks. When his conversation with Donald Trump on X started 42 minutes late in August 2024, he said there was a “probability” of an attack."
CNN
Sky News
POLITICO
#destiel meme news#destiel meme#news#united states#us news#world news#elon musk#fuck elon#elongated muskrat#x twitter#twitter#x#cyber attack#cyberattack#cyber security#tech industry#computer technology#computer security#i hope it's just the gutted hollowed out shell of twitter's code finally giving out
191 notes
·
View notes
Text
So many of our welfare and social security programs are digitally managed, like at some point couldn’t we just redistribute wealth through exploiting the tech and the ebt disposable cards and just force the system to spend the money even if its funding is pulled?
Like I know they would fight tooth and nail to recover that money, but the point here is that we don’t necessarily need physical violence for revolution in a digitally run world. We just need enough anonymous black or grey hat hackers who are willing to attack for long enough to crash the system.
#cybersecurity#us politics#politics#cyberattack#social security#social services#donald trump#anti capitalism
20 notes
·
View notes
Text
Canadian residents whose personal data was compromised in a 2019 LifeLabs data breach can now apply for up to $150 in compensation from a multi-million dollar class action settlement approved in October. The private medical diagnostics company and its subsidiaries were the target of a cyberattack on Dec. 17, 2019, that compromised patient data for around 15 million customers, mostly in British Columbia and Ontario. Hackers accessed personal information, including health numbers and test results, according to the claim. LifeLabs has denied claims of negligence brought in the class action lawsuit. The company will now pay at least $4.9 million in the negotiated settlement — and up to $9.8 million — depending on the number of claims made.
Continue Reading
Tagging @politicsofcanada
#cdnpoli#canada#canadian politics#canadian news#cybersecurity#cyberattack#class action settlement#lifelabs
124 notes
·
View notes
Text
[email protected] isn't getting a single cent from me, but a warning in case my accounts start acting weird in the next 48 hours. :p
39 notes
·
View notes
Text
Be Careful Putting Your Phone Down At Panera Bread Locations
I noticed my phone buzzing repeatedly when I'd have it open on the table at Panera, and on further review I realized that my phone was repeatedly scanning an NFC tag on the underside of the table. I'm assuming the servers use these as a shorthand way of confirming that food has been delivered to the correct table.
This is all well and good; this is a prime use case for NFC tags, and using an NFC reader app I was able to see that they're just basic numeric codes. As long as the tags aren't rewritable by anyone, they're not a security risk.
The NFC tags at Panera Bread are rewritable. Like, easily. Using a simple app you can get from the Google Play Store.
What this means is that someone can rewrite the NFC tags to redirect to a download link for malware, or a phishing website, or any number of other attack vectors.
I have more information about this issue on my personal website, as well as a video demonstrating the effect. My recommendation is to keep NFC turned off on your phone unless and until you're actively using it (for touchless payments, bus tickets, etc.).
39 notes
·
View notes
Text
Critical Cisco ISE Vulnerabilities Expose Devices to Remote Code Execution
Two severe flaws in Cisco's Identity Services Engine (ISE) could let attackers execute arbitrary code with root access, all without authentication.
Both vulnerabilities, tracked as CVE-2025-20281 and CVE-2025-20282, are rated 10/10 on the severity scale. Exploiting these flaws could allow unauthenticated attackers to take control of affected systems by submitting crafted requests or uploading malicious files. Cisco urges users to patch affected devices immediately to avoid potential breaches.
Sources: SecurityWeek | Cisco Advisory
5 notes
·
View notes
Text
Mazel tov to agents Natan Kod and Mik Oded on their cyberattack on Iran!
Please, share the news far and wide!
15 notes
·
View notes
Text
A Lesson in Cybersecurity
#polandball#countryballs#comic art#memes#comics#humor#web comic#comedy#usa#china#cyberattack#cybersecurity
12 notes
·
View notes
Text
TRAIN’S DEATH!
Read now at: https://www.cnn.com/2023/10/05/living/cyberattack-amtrak-train-derail/index.html
4 notes
·
View notes
Text
A North Korean military intelligence operative has been indicted in a conspiracy to hack into American health care providers, NASA, U.S. military bases and international entities, stealing sensitive information and installing ransomware to fund more attacks, federal prosecutors announced Thursday. The indictment of Rim Jong Hyok by a grand jury in Kansas City, Kansas, accuses him of laundering the money through a Chinese bank and then using it to buy computer servers and fund more cyberattacks on defense, technology and government entities around the world.
Continue Reading
13 notes
·
View notes
Text
IRS blocks Musk aide from accessing taxpayer data
Like the IRS, Social Security is labour intensive and essential.
#IRS#Elon Musk#privacy#taxpayer data#DOGE#News#Social Security#Hackers#Social Safety Net#Cyberattack#Cyber Security
7 notes
·
View notes
Text
⚠️ SHARE - HAPPENING NOW: Emergency service phone numbers are DOWN across Israel due to a suspected cyberattack.
In case of an emergency send an SMS message to the following authorities:
Israel Police: 052-2020100
Magen David Adom (EMS): 052-7000101
Fire Department: 050-5960735
Electric Utility: 055-7000103
Home Front Command: 052-9104104
38 notes
·
View notes
Text
UPDATE — May 10, 2024: The head of B.C.'s public service has announced that there is a high degree of confidence a state or state-sponsored actor attempted to breach government systems in a cyberattack.
EARLIER STORY:
B.C.'s premier said Wednesday that the government has recently identified "sophisticated cybersecurity incidents" involving government networks.
In a statement, Premier David Eby said the provincial government is working with the Canadian Centre for Cyber Security to find out the extent of the cyberattacks, and implement safety measures.
Eby said that there is no evidence, as of Wednesday, that sensitive information has been compromised in the attack.
Full article
Tagging: @newsfromstolenland
#cdnpoli#canada#canadian politics#canadian news#canadian#british columbia#BC#cybersecurity#cyberattacks#cyberattack#david eby
13 notes
·
View notes
Text
Weekly Malware & Threats Roundup | 24 Feb - 02 Mar 2025
1️⃣ 𝗡𝗼𝗿𝘁𝗵 𝗞𝗼𝗿𝗲𝗮𝗻 𝗛𝗮𝗰𝗸𝗲𝗿𝘀 𝗟𝗶𝗻𝗸𝗲𝗱 𝘁𝗼 $𝟭.𝟱 𝗕𝗶𝗹𝗹𝗶𝗼𝗻 𝗕𝘆𝗕𝗶𝘁 𝗖𝗿𝘆𝗽𝘁𝗼 𝗛𝗲𝗶𝘀𝘁 North Korea's Lazarus hacking group has been identified as responsible for the largest cryptocurrency heist in history, stealing over $1.5 billion from ByBit. Source: https://www.bleepingcomputer.com/news/security/north-korean-hackers-linked-to-15-billion-bybit-crypto-heist/
2️⃣ 𝗚𝗶𝘁𝗩𝗲𝗻𝗼𝗺 𝗖𝗮𝗺𝗽𝗮𝗶𝗴𝗻 𝗗𝗶𝘀𝘁𝗿𝗶𝗯𝘂𝘁𝗲𝘀 𝗠𝗮𝗹𝘄𝗮𝗿𝗲 𝘃𝗶𝗮 𝗙𝗮𝗸𝗲 𝗚𝗶𝘁𝗛𝘂𝗯 𝗥𝗲𝗽𝗼𝘀𝗶𝘁𝗼𝗿𝗶𝗲𝘀 Attackers are using fake GitHub projects to distribute stealers, backdoors, and cryptocurrency wallet clippers, targeting developers globally. Source: https://securelist.com/gitvenom-campaign/115694/
3️⃣ 𝟮,𝟱𝟬𝟬+ 𝗧𝗿𝘂𝗲𝘀𝗶𝗴𝗵𝘁.𝘀𝘆𝘀 𝗗𝗿𝗶𝘃𝗲𝗿 𝗩𝗮𝗿𝗶𝗮𝗻𝘁𝘀 𝗘𝘅𝗽𝗹𝗼𝗶𝘁𝗲𝗱 𝘁𝗼 𝗗𝗲𝗽𝗹𝗼𝘆 𝗛𝗶𝗱𝗱𝗲𝗻𝗚𝗵𝟬𝘀𝘁 𝗥𝗔𝗧 A large-scale campaign abuses a vulnerable Windows driver to evade EDR systems and deploy remote access trojans. Source: https://research.checkpoint.com/2025/large-scale-exploitation-of-legacy-driver/
4️⃣ 𝗡𝗲𝘄 𝗠𝗮𝗹𝘄𝗮𝗿𝗲 𝗖𝗮𝗺𝗽𝗮𝗶𝗴𝗻 𝗨𝘀𝗲𝘀 𝗖𝗿𝗮𝗰𝗸𝗲𝗱 𝗦𝗼𝗳𝘁𝘄𝗮𝗿𝗲 𝘁𝗼 𝗦𝗽𝗿𝗲𝗮𝗱 𝗟𝘂𝗺𝗺𝗮 𝗮𝗻𝗱 𝗔𝗖𝗥 𝗦𝘁𝗲𝗮𝗹𝗲𝗿 Cybercriminals are distributing malware via cracked software downloads, leveraging Dead Drop Resolver techniques to avoid detection. Source: https://asec.ahnlab.com/en/86390/
5️⃣ 𝗚𝗿𝗮𝘀𝘀𝗖𝗮𝗹𝗹 𝗠𝗮𝗹𝘄𝗮𝗿𝗲 𝗗𝗿𝗮𝗶𝗻𝘀 𝗖𝗿𝘆𝗽𝘁𝗼 𝗪𝗮𝗹𝗹𝗲𝘁𝘀 𝘃𝗶𝗮 𝗙𝗮𝗸𝗲 𝗝𝗼𝗯 𝗜𝗻𝘁𝗲𝗿𝘃𝗶𝗲𝘄𝘀 A Russian cybercrime group deceived Web3 job seekers into downloading malware through a fraudulent interview platform. Source: https://www.bleepingcomputer.com/news/security/grasscall-malware-campaign-drains-crypto-wallets-via-fake-job-interviews/
Additional Cybersecurity News:
🟢 𝟮𝟬𝟮𝟱 𝗨𝗻𝗶𝘁 𝟰𝟮 𝗜𝗻𝗰𝗶𝗱𝗲𝗻𝘁 𝗥𝗲𝘀𝗽𝗼𝗻𝘀𝗲 𝗥𝗲𝗽𝗼𝗿𝘁: 𝗖𝘆𝗯𝗲𝗿 𝗔𝘁𝘁𝗮𝗰𝗸𝘀 𝗦𝗵𝗶𝗳𝘁 𝘁𝗼 𝗗𝗶𝘀𝗿𝘂𝗽𝘁𝗶𝗼𝗻 86% of major cyber incidents in 2024 resulted in downtime or financial loss, with attackers increasingly focusing on sabotage and data exfiltration. Source: https://www.paloaltonetworks.com/blog/2025/02/incident-response-report-attacks-shift-disruption/
🟠 𝗖𝗵𝗶𝗻𝗲𝘀𝗲 𝗖𝘆𝗯𝗲𝗿 𝗘𝘀𝗽𝗶𝗼𝗻𝗮𝗴𝗲 𝗝𝘂𝗺𝗽𝘀 𝟭𝟱𝟬%, 𝗖𝗿𝗼𝘄𝗱𝗦𝘁𝗿𝗶𝗸𝗲 𝗥𝗲𝗽𝗼𝗿𝘁𝘀 Chinese state-backed cyber espionage activities surged in 2024, targeting finance, media, and manufacturing sectors. Source: https://www.crowdstrike.com/en-us/global-threat-report/
🔴 𝟲𝟭% 𝗼𝗳 𝗛𝗮𝗰𝗸𝗲𝗿𝘀 𝗨𝘀𝗲 𝗡𝗲𝘄 𝗘𝘅𝗽𝗹𝗼𝗶𝘁 𝗖𝗼𝗱𝗲 𝗪𝗶𝘁𝗵𝗶𝗻 𝟰𝟴 𝗛𝗼𝘂𝗿𝘀 𝗼𝗳 𝗗𝗶𝘀𝗰𝗹𝗼𝘀𝘂𝗿𝗲 Cybercriminals are exploiting newly released vulnerabilities faster than ever, with ransomware attacks targeting healthcare at record levels. Source: https://www.sonicwall.com/threat-report
#CyberSecurity#ThreatIntelligence#Malware#CyberAttack#Ransomware#APT#DataBreach#CyberThreats#ThreatHunting
6 notes
·
View notes
Text
Prevention Techniques for Top 10 Common Cyber Attacks
In the ever-escalating war against cybercriminals, staying informed about the most common attack vectors is half the battle. The other half is implementing robust prevention techniques. As we navigate 2025, the threat landscape continues to evolve, but many foundational attack methods remain prevalent due to their effectiveness.
Here's a breakdown of the top 10 common cyber attacks and the essential prevention techniques to keep you and your organization secure.
1. Phishing & Smishing (SMS Phishing)
The Attack: Attackers impersonate trusted entities (banks, colleagues, popular services) via email or text messages to trick recipients into revealing sensitive information, clicking malicious links, or downloading malware. Modern phishing often uses AI to generate hyper-realistic content.
Prevention Techniques:
Vigilant User Education: Train employees to scrutinize sender email addresses, hover over links to check destinations, and be suspicious of urgent or generic requests. Conduct regular simulated phishing tests.
Multi-Factor Authentication (MFA): Even if credentials are stolen, MFA can block unauthorized access. Enforce it widely.
Email & SMS Security Solutions: Deploy advanced email filters (e.g., Microsoft Defender for Office 365, secure email gateways) that scan for suspicious patterns, attachments, and URLs. Forward suspicious texts to 7726 (SPAM).
DMARC, SPF, DKIM: Implement these email authentication protocols to prevent email spoofing of your own domain.
2. Malware (Viruses, Worms, Trojans)
The Attack: Malicious software designed to disrupt, damage, or gain unauthorized access to computer systems. Malware can be delivered via downloads, malicious websites ("drive-by" attacks), or attachments.
Prevention Techniques:
Antivirus/Endpoint Detection & Response (EDR): Install and keep robust antivirus and EDR solutions updated on all devices.
Regular Software Updates: Patch operating systems, applications, and browsers promptly to close security loopholes that malware exploits.
Firewalls: Use network and host-based firewalls to control incoming and outgoing network traffic.
Download Caution: Only download software and files from trusted, official sources. Scan all downloads before opening.
3. Ransomware
The Attack: A type of malware that encrypts a victim's files or locks their system, demanding a ransom (usually in cryptocurrency) for decryption or restoration of access. It often enters via phishing or exploiting unpatched vulnerabilities.
Prevention Techniques:
Robust Backups: Implement a 3-2-1 backup strategy (3 copies, on 2 different media, with 1 copy off-site and isolated/immutable). Regularly test recovery.
MFA & Strong Passwords: Crucial for protecting remote access services (like RDP) often targeted by ransomware operators.
Vulnerability Management: Continuously scan for and patch vulnerabilities, especially on internet-facing systems.
Network Segmentation: Divide your network into isolated segments to prevent ransomware from spreading laterally if it gains a foothold.
Security Awareness Training: Educate employees about ransomware's common entry points (phishing).
4. Distributed Denial of Service (DDoS) Attacks
The Attack: Overwhelming a target server, service, or network with a flood of internet traffic from multiple compromised computer systems (a botnet), aiming to disrupt normal operations and make services unavailable.
Prevention Techniques:
DDoS Protection Services: Utilize specialized DDoS mitigation services (e.g., Cloudflare, Akamai) that can absorb and filter malicious traffic.
Content Delivery Networks (CDNs): CDNs distribute traffic and cache content, helping to absorb some attack volume and improve resilience.
Rate Limiting: Configure servers and network devices to limit the number of requests they will accept from a single IP address or source over a given time.
Network Redundancy: Ensure your infrastructure has redundant systems and sufficient bandwidth to handle traffic spikes.
5. Man-in-the-Middle (MitM) Attacks
The Attack: An attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other. This often happens over unsecured Wi-Fi.
Prevention Techniques:
Always Use HTTPS: Ensure websites you visit use HTTPS (look for the padlock icon in the browser address bar) to encrypt communication.
Avoid Public Wi-Fi for Sensitive Tasks: Refrain from accessing banking, email, or other sensitive accounts over unsecured public Wi-Fi networks.
Use VPNs (Virtual Private Networks): VPNs encrypt your internet traffic, creating a secure tunnel even over public networks.
Strong Authentication: Implement MFA and passwordless authentication to mitigate credential theft even if traffic is intercepted.
6. SQL Injection (SQLi)
The Attack: An attacker injects malicious SQL code into input fields of a web application to manipulate the database, potentially leading to unauthorized access, data theft, or data corruption.
Prevention Techniques (primarily for developers):
Prepared Statements & Parameterized Queries: The most effective defense. Treat user input as data, not executable code.
Input Validation & Sanitization: Validate and sanitize all user input on both the client and server sides to ensure it conforms to expected formats and removes malicious characters.
Least Privilege: Grant database accounts only the minimum necessary privileges required for their function.
Web Application Firewall (WAF): WAFs can detect and block common web-based attacks like SQLi.
7. Cross-Site Scripting (XSS)
The Attack: Attackers inject malicious client-side scripts (e.g., JavaScript) into web pages viewed by other users. This can lead to session hijacking, defacement of websites, or redirection to malicious sites.
Prevention Techniques (primarily for developers):
Output Encoding/Escaping: Properly encode or escape all user-supplied data before rendering it in HTML to prevent it from being interpreted as executable code.
Input Validation: Validate user input to ensure it doesn't contain malicious scripts.
Content Security Policy (CSP): Implement a CSP to restrict which sources are allowed to execute scripts on your website.
Sanitize HTML: If your application allows users to input HTML, use robust libraries to sanitize it and remove dangerous tags/attributes.
8. Zero-Day Exploits
The Attack: Exploits that target newly discovered software vulnerabilities for which a patch is not yet available. They are extremely dangerous because there's no immediate defense.
Prevention Techniques:
Layered Security (Defense-in-Depth): Rely on multiple security controls (firewalls, EDR, IDS/IPS, network segmentation) so if one fails, others can still detect or contain the attack.
Behavioral Analysis: Use security tools (like EDR, UEBA) that monitor for anomalous behavior, even if the specific exploit is unknown.
Application Whitelisting: Allow only approved applications to run on your systems, preventing unauthorized or malicious executables.
Rapid Patch Management: While a patch doesn't exist initially, be prepared to deploy it immediately once released.
9. Insider Threats
The Attack: A security breach or data loss caused by a person with authorized access to an organization's systems and data, whether malicious or accidental.
Prevention Techniques:
Principle of Least Privilege (PoLP): Grant users only the minimum access necessary to perform their job functions.
User Behavior Analytics (UBA/UEBA): Monitor user activity for anomalous behaviors (e.g., accessing unusual files, working outside normal hours).
Data Loss Prevention (DLP): Implement DLP solutions to prevent sensitive data from leaving the organization's controlled environment.
Employee Training: Educate employees on security policies, data handling best practices, and recognizing social engineering.
Offboarding Procedures: Have strict procedures for revoking access immediately when an employee leaves.
10. Brute Force & Credential Stuffing
The Attack:
Brute Force: Systematically trying every possible combination of characters until the correct password or encryption key is found.
Credential Stuffing: Using lists of stolen usernames and passwords (from previous breaches) to try and log into accounts on other services.
Prevention Techniques:
Multi-Factor Authentication (MFA): The most effective defense, as attackers need a second factor beyond just the password.
Strong Password Policies: Enforce complex, unique passwords that are difficult to guess.
Account Lockout Mechanisms: Implement policies that temporarily lock accounts after a certain number of failed login attempts.
Rate Limiting: Restrict the number of login attempts from a single IP address over a period.
CAPTCHA Challenges: Introduce CAPTCHAs or other challenge-response mechanisms during login to differentiate humans from bots.
Threat Intelligence: Monitor dark web forums for compromised credentials and prompt affected users to reset their passwords.
By proactively addressing these common attack vectors with a layered and comprehensive security strategy, individuals and organizations can significantly strengthen their defenses and foster a more secure digital environment. Stay informed, stay vigilant, and make cybersecurity a continuous priority.
2 notes
·
View notes