Record DDoS attack of 5.6 Tbps. HPE sourcecode maybe breached. Trying different format.  

News

Hi folks,

I hope you're doing well. I got some feedback to ask for. I'm thinking of simplifying the newsletter, I feel like I let it grow from something that gave a brief overview to something that's a chore to catch up on, especially with the long lists of breaches and issues.

Granted, there is a lot more news now than when I started this back in 2016, but all the more reason to make sure I save you time.

I'm thinking a maximum of 5 summarized articles and 5 quick links, breaches and issues included. Enough to make sure you've gotten the most important items of the week, with some interesting extras if there is room. I'm giving it a try this week, let me know what you think.

Thanks!

Dieter

Cloudflare mitigated a record-breaking 5.6 Tbps DDoS attack

We've got a new record! This one peaked at 5.6 terabits per second and came from a Mirai-based botnet with 13,000 compromised devices. It surprised me to read that it lasted only 80 seconds, and that that is normal these days. A sort of "blitz DDoS" if you will, making it harder for humans to respond.

bleepingcomputer.com

HPE probes hacker claim involving trove of sensitive company data

There was some news from a hackergroup called IntelBroker that they stole HPE source code, Docker builds, and more, but so far HPE hasn't been able to find any evidence of this. Possibly to be continued.

cybersecuritydive.com

Costa Rica refinery cyberattack was first deployment for new US response program, ambassador says

I didn't know (or had forgotten) that the U.S. State Department has a rapid incident response team, called FALCON, that's meant to be sent out to allied nations or organisation that are under attack. Pretty cool. A recent ransomware attack on RECOPE, Costa Rica's state-run energy company, was the first real-world test for that team.

therecord.media

Hackers exploit 16 zero-days on first day of Pwn2Own Automotive 2025

Always fun to read those. The first day seems to have focused on EV chargers, with security researchers exploiting 16 unique zero-days and collecting $382,750 in cash. More can be read on the Pwn2Own blog here.

bleepingcomputer.com

Biden administration puts quotas on global AI chip sales

I had missed this one last week, and who knows what Trump will make of it, but I found it interesting nonetheless. From the article:

"The new regulations set specific numerical limits on AI chip exports. While first-tier countries (the 18 key US allies) face no restrictions, countries in the second tier can receive up to 50,000 so-called "advanced computing chips," with the possibility to double that cap to 100,000 if they sign technology security agreements with the US.

For most buyers, orders of up to 1,700 advanced chips will not require licenses or count against these national caps—a policy designed to speed up purchases by universities, medical institutions, and research organizations."

arstechnica.com

Quick links

  • Cisco warns of denial of service flaw in ClamAV with PoC exploit code: link.
  • Google Cloud links poor credentials to nearly half of all cloud-based attacks: link.
  • Trump pardons Silk Road founder Ross Ulbricht: link.
  • BreachForums founder to be resentenced after court vacates previous punishment: link.

1Password: the password manager with (to me) the best UX

I'm not going to write a long marketing-heavy paragraph on this one. I just love using 1Password. The UX, the support, the integrations, it all works wonderfully. Highly recommended. (Sponsored)

1password.com

No spam, ever. We'll never share your email address and you can opt out at any time.