Cybersecurity Weekly: DNS flaw, Natura data leak, ZLoader banking malware
A new DNS vulnerability lets attackers launch large-scale DDoS attacks. Cosmetic brand Natura exposes personal details of its users. The ZLoader banking malware has been deployed in over 100 campaigns. All this, and more, in this week’s edition of Cybersecurity Weekly.
1. New DNS vulnerability lets attackers launch large-scale DDoS attacks
Cybersecurity researchers disclosed details about a new flaw impacting DNS protocol that can be exploited to launch amplified, large-scale DDoS attacks to take down targeted websites. Called NXNSAttack, the flaw hinges on the DNS delegation mechanism to force DNS resolvers to generate more DNS queries to authoritative servers of attacker’s choice.
Read more »
2. Cosmetic brand Natura exposes personal details of its users
Brazil’s biggest cosmetics company, Natura, accidentally left hundreds of gigabytes of its customers’ personal and payment-related information accessible online that could have been accessed by anyone without authentication. Security researchers found over 1.5 terabytes of data in a public-facing database.
Read more »
3. ZLoader banking malware deployed in over 100 campaigns
A banking malware called ZLoader, last seen in early 2018, has been spotted in more than 100 email campaigns since the beginning of the year. The trojan is under active development with 25 versions seen in the wild since its comeback in December 2019, with the latest observed this month. The malicious email campaigns target users with COVID-19 topics and invoices.
For more cybersecurity news stories like these, check out the blog »
Looking for certification prep and technical skills development content? Visit our website to check out Infosec Skills! The platform has 70 learning paths, 600 courses and 150 virtual labs where you can try out new skills in a sandboxed environment. Try it free for 30 days with promo code: infoseccommunity