Placeholder
In today’s cybersecurity news…
‘2.5 billion Gmail users at risk’? Entirely false, says Google
Google dismissed claims that 2.5 billion Gmail users were at risk from a major attack, calling them “entirely false.” The rumors seems to have stemmed from a Salesforce-related breach tied to ShinyHunters, which led to phishing and vishing attacks, but Google says Gmail itself was never compromised, adding that its protections block 99.9% of such threats and urged users to remain vigilant against scams. (ZDNet)
Cloudflare blocks largest recorded DDoS attack peaking at 11.5 Tbps
Cloudflare says it blocked the largest DDoS attack ever recorded, which peaked at 11.5 Tbps in a short-lived UDP flood, largely originating from Google Cloud. The company noted it has fended off hundreds of “hyper-volumetric” attacks in recent weeks, following previous records of 7.3 Tbps in June and 3.8 Tbps in 2024. Cloudflare reported a sharp rise in DDoS activity overall, with network-layer attacks up more than 500% year-over-year. (Bleeping Computer)
Jaguar Land Rover says cyberattack ‘severely disrupted’ production
Jaguar Land Rover says a cyberattack “severely disrupted” its production and retail systems, forcing the company to shut down operations at sites, including its Solihull plant in the UK. The automaker stressed there’s no evidence customer data was stolen and is working to restore systems, but offered no timeline or details on the type of attack. (Bleeping Computer)
Amazon stymies APT29 credential theft campaign
Amazon says it disrupted a credential theft campaign by a Russian state-linked group behind the SolarWinds hack. Attackers compromised legitimate websites to redirect visitors to fake Cloudflare verification pages, exploiting Microsoft’s device code authentication flow to gain account access. The campaign used obfuscation and selective targeting to avoid detection, but Amazon tracked and dismantled its infrastructure, urging organizations to review Microsoft’s guidance and restrict device authentication if not needed. (Dark Reading)
Huge thanks to our sponsor, ThreatLocker
CISA taps Nicholas Andersen for executive assistant director of cybersecurity
Nicholas Andersen has been appointed executive assistant director of cybersecurity at CISA, safeguarding federal networks and critical infrastructure. Andersen previously served in the Department of Energy during the current US President’s first term, and was most recently president and COO of Invictus International Consulting. CISA officials say his government and private-sector experience will help strengthen engagement with infrastructure partners. (CyberScoop)
JSON Config file leaks Azure ActiveDirectory credentials
A misconfigured appsettings.json file in ASP.NET Core exposed Azure Active Directory credentials, letting potential attacker access through Microsoft’s OAuth 2.0 endpoints. With these secrets, attackers could steal data, escalate privileges, or deploy malicious apps. Experts say the case underscores ongoing risks from cloud misconfigurations and hardcoded secrets. (Dark Reading)
Pennsylvania AG says recovery continues after office refused to pay ransomware gang
Pennsylvania Attorney General David Sunday said his office has largely restored operations after a ransomware attack on August 11th, rejecting calls to pay the ransom. While some court cases were delayed, he confirmed prosecutions and investigations aren’t expected to be affected. The attack was linked to Citrix Bleed 2 vulnerabilities and looks like a broader trend of ransomware targeting state and local governments. (The Record)
Sangoma patches critical Zero-Day exploited to hack FreePBX servers
Sangoma released emergency patches for a critical zero-day in FreePBX that allowed attackers to access the admin panel, manipulate databases, and execute code remotely. The flaw has been exploited in the wild since August 21st, affecting versions 15–17 and stemmed from insufficient sanitization of user-supplied data. CISA added the vulnerability to its Known Exploited Vulnerabilities catalog, urging federal agencies to patch it by September 19th. Sangoma provided IOCs and mitigation guidance. (SecurityWeek)