Following the release of Windows 10 2004, users have reported experiencing performance issues and even crashes when Malwarebytes 4.1 is installed on their systems.

The official Malwarebytes support forum has seen numerous users reporting problems with MBAM 4.1 after Microsoft released its latest Windows update back in May.

The issues caused by having the security company's software installed include random freezes, general slowness, video stuttering, blue screen of death (BSOD) crashes and Windows 10 becoming unresponsive.

• Microsoft admits Windows 10 May 2020 Update already has a load of problems
• This could be the most secure VPN around today
• "Corona antivirus" infects victims with malware

However, not all users running Windows 10 2004 and Malwarebytes' software seem to be affected but there are enough requests for help on the company's forums to indicate that there is a problem.

Potential fixes

In a post on Malwarebytes forum, one user explained that they were experiencing issues after installing Windows 10 2004. However, they were able to mitigate these issues by disabling the software's ransomware protection feature.

To resolve the issues users are having, Malwarebytes also released a new beta version (4.1.1.71) of its security software at the beginning of June.

If you're a Malwarebytes user that is having similar issues, you can install the new beta version by going into the software's settings and enabling the “beta updates” setting under the General tab. After enabling this setting, you will need to check for new updates to install the beta version and its components package.

However, if you're still experiencing issues after installing the beta, then you should probably head over to the Malwarebytes forum for additional help.

• We've also highlighted the best antivirus software

Via BleepingComputer

Sophos Labs has discovered a new software installer for macOS that installs multiple unwanted applications or “bundleware” on users' systems under the guide of installing one legitimate application.

The installer, which is primarily targeting macOS Catalina users, includes a total of seven “potentially unwanted applications” (PUAs) including three that target Apple's Safari web browser to inject ads, hijack download links and redirect search queries with the aim of stealing users' clicks to generate income. In at least one case, the injected content was used for malvertising by showing a malicious ad that prompted users to download a fake Adobe Flash update.

Sophos has identified the installer as belonging to the Bundlore family. Bundlore is a common macOS bundleware installer family that accounts for nearly seven percent of all attacks detected by the security company targeting Apple's operating system.

• These malicious Android apps were able to crack Google's anti-adware code
• Ransomware group deploys virtual machines to hide from antivirus software
• These are the best Mac antivirus apps

Bundlore is also used to target Windows users through extensions for Google Chrome and some of the code used to target Chrome is shared with the versions of the adware that target macOS.

Bundlelore

The recent macOS samples discovered by Sophos stand out from previous versions of Bundlore due to the fact that they have been updated to keep up with recent changes in macOS and Safari, particularly Apple's changes to the format for Safari browser extensions.

The Bundlore sample analyzed contained multiple Safari extension payloads including two in the new App Extension format. However, these extensions were adware that contained code which injected new advertisements and download links and even redirected search queries from certain search engines. Based on code taken from a remote server that supports two extensions, Sophos discovered dozens of search affiliate names related to the ad injector and search modification payload as well as affiliate codes used to profit from visits to other sites.

PUAs are among the most common security threats to macOS because they can steal personal data and act as a pathway for both malvertising and other malware. Thankfully though, endpoint protection software is able to block PUAs and Apple's XProtect feature in macOS can block known Bundlore payloads.

Sophos' Sean Gallagher and Xinran Wu provided further insight on the security company's findings in a blog post, saying:

“Based on these and other samples we’ve observed, it’s clear that adware developers are clearly embracing the transition to Safari App Extension format and are updating their payload scripts. Browser extensions are increasingly popular as applications move to the cloud, and web browsers become the most heavily-used component of operating systems. So they will correspondingly continue to be a target for scams such as adware.”

• Also check out our complete list of the best antivirus software

Arm has fired the boss of its Chinese joint venture Arm China following allegations that he covertly set up a Cayman Islands private equity fund to raise millions from Chinese investors without consent from its parent company.

As reported by The Telegraph, the UK-based chip designer has been trying to regain control of Arm China for the past few weeks.

At the beginning of June, chairman and chief executive of Arm's China business Allen Wu was fired by Arm's board members and by local investor Hopu. He was replaced by Ken Phua and Phil Tang who will serve as Arm China's interim co-CEOs after being appointed by the board.

• Arm reveals the hardware that will power the smartphones of 2021
• Nvidia and Arm team up on supercomputers
• Apple to sell ARM powered Macs in 2021

The decision to fire and replace Wu has now led to a tense standoff between Arm and Arm China. Wu has refused to vacate his position and he has even gone as far as to rally Arm China's staff around him.

Alphatecture

Following Wu's decision not to step down, Arm revealed that an investigation had uncovered undisclosed conflicts of interest as well as violations of employee rules. Arm China responded by calling the allegations of its parent company groundless and it also claimed that Phil Tang had already been dismissed from the company back in May for unspecified “major violations”.

Sources also informed The Telegraph that Wu had set up his own independent investment fund called Alphatecture without the knowledge of Arm, Hopu or SoftBank, which is now the parent company of Arm Holdings. According to documents from Shanghai securities and the SEC, Alphatecture was registered under Wu's name and the Cayman Islands-based investment fund has already raised at least $10m.

When the existence of Wu's independent investment fund was discovered, ethical concerns were raised over a conflict of interest and whistleblowers brought their claims before the board and this ultimately led to Wu's firing. However, Arm China claims that it is an independent company and that Wu is still its CEO. In fact, local media even report that Wu continues to run the company from its head office.

We'll likely hear more on the matter as Arm tries to take back control of its Chinese joint venture from Wu.

• Also check out our roundup of the best business laptops

Via The Telegraph

Honeywell has delivered on its promise to release a quantum computer with a quantum volume of 64 after announcing its plans to do so back in March.

The company's quantum computer is the highest performing device of its kind currently available and it is also twice as powerful as the next alternative in the industry. This means that Honeywell is now even closer to allowing industries to leverage its quantum computer to solve problems that are impractical to solve with traditional computers.

In a blog post, president of Honeywell Quantum Solutions, Tony Uttley explained what makes its quantum computer so powerful, saying:

• Microsoft launches quantum computing network
• Google’s quantum computing hardware chief departs
• How quantum computing will challenge security

“What makes our quantum computers so powerful is having the highest quality qubits, with the lowest error rates. This is a combination of using identical, fully connected qubits and precision control.”

Highest quality qubits

When Honeywell first set out to build a quantum computer, the company made creating the highest quality quantum bits or qubits its top priority. It did this by focusing on eliminating errors present within the system on smaller number of qubits and then working to scale up the number of qubits.

Since there were such low errors in Honeywell's quantum operations, the quantum volume expanded with each new qubit it added to its quantum computer. Quantum volume measures computational ability to indicate the relative complexity of a problem that can be solved by a quantum computer. 

Through its partnership with Microsoft's Azure Quantum, Honeywell will soon be able to offer organizations access to its quantum computer both directly through its interface as well as through the Azure Quantum portal. 

At the same time, the corporate venture arm of the North Carolina-based company, Honeywell Ventures has invested in Cambridge Quantum Computing and Zapata Computing. Cambridge Quantum Computing focuses on chemistry, machine learning and augmented cybersecurity while Zapata Computing invents algorithms and builds quantum software to challenge today's top supercomputers.

While it might not be here yet, the quantum age is quickly approaching and Honeywell is preparing to become one of the first businesses to offer quantum computing as a service.

• These are the best cloud computing services available

Netgear has issued patches to fix security vulnerabilities in two of its routers which can be exploited by an attacker to take full control of the devices remotely.

The two devices that have received patches are the R6400v2 and R6700v3. However, 77 of Netgear's other routers reportedly still remain vulnerable to a zero-day vulnerability that was reported to the company back in January of this year.

The vulnerability, which lies in the HTTPD daemon used to manage the routers, was discovered independently by both Grimm's Adam Nichols and d4rkn3ss from Vietnam's VNPT ISC through the Zero Day Initiative (ZDI).

• Netgear Nighthawk M5 Mobile Router brings 5G to your workplace
• Where to buy a router: work remotely without interruption
• Need additional security? These are the best secure routers

ZDI has released a report that includes some information about the vulnerability while Nichols has written a lengthy blog post describing it in detail, a Proof of Concept (PoC) exploit and even scripts to find vulnerable routers online.

Zero-day vulnerability

Based on the reports about the vulnerability, affected router models have an HTTPD daemon which does not adequately check the length of data supplied by a user and this allows an attacker to create a buffer overflow when data is copied to a fixed-length variable.

To exploit the flaw in Netgear's routers, an attacker would need to create a specially crafted string capable of executing commands on the device without having to authenticate first. In his blog post, Nichols explained that while stack cookies would normally be able to mitigate this vulnerability, many of Netgear's routers don't use them, saying:

“In most modern software, this vulnerability would be unexploitable. Modern software typically contains stack cookies which would prevent exploitation. However, the R7000 does not use stack cookies. In fact, of all of the Netgear products which share a common codebase, only the D8500 firmware version 1.0.3.29 and the R6300v2 firmware versions 1.0.4.12-1.0.4.20 use stack cookies. However, later versions of the D8500 and R6300v2 stopped using stack cookies, making this vulnerability once again exploitable.”

By default, the HTTPD Daemon these routers is only accessible via LAN, although router admins can enable it so it can be accessed remotely over the internet. However, attackers can still create malicious websites using JavaScript to perform DNS rebinding attacks which would allow them to execute commands remotely on routers that are not accessible over the internet.

If you have Netgear's R6400v2 or R6700v3 router you can download hot-fixes for the vulnerability now but if you have one of the 77 other affected routers, you're out of luck until the company releases patches for them.

• We've also highlighted the best small business routers

Via BleepingComputer

Mozilla has announced that its VPN service will officially launch later this summer following the end of Firefox Private Network's beta testing phase.

The product has also been renamed from Firefox Private Network and will now be called Mozilla VPN going forward. 

While Firefox Private Network was initially an extension for Mozilla's Firefox browser, Mozilla VPN will be a full-device VPN with clients available for Windows, Chrome OS, Android and iOS. 

• VPN usage soars across the world
• Mozilla boosts anti-tracking protection in Firefox update
• These are the best cheap VPN providers

During Firefox Private Network's beta, testers requested the company also release a Mac client and Mozilla has now said that it will bring its VPN to Mac as well as Linux.

Mozilla VPN

When Mozilla VPN launches, Mozilla to continue to use its current pricing model of $4.99 per month for a limited time. For this price, users can protect up to five devices on Windows, Android and iOS. 

However, just like with Firefox Private Network, Mozilla VPN will be available to users in the US first, though Mozilla does have plans to make it available in other regions in the future.

Mozilla VPN was built by Firefox and the service runs on a global network of servers powered by its partner Mullvad using the new WireGuard protocol. Mullvad has also committed to not keep logs of any kind on the VPN's users.

Interested users can sign up for Mozilla VPN's waitlist and once the product becomes available, the company will notify you.

• Also check out our complete list of the best VPN services

Via ZDNet

A new attack technique has been discovered by Huntress Labs which uses a number of tricks including renaming legitimate files, impersonating an existing scheduled task and using fake error logs to hide in plain sight.

After gaining persistence on a targeted system, the attacker used a file which imitates a Windows error log for an application to prepare the system for script-based attacks. 

In a blog post, founder and vice president of Huntress Labs, John Ferrell explained that cybercriminals have went to some lengths to make their fake error log appear legitimate, saying:

“At first glance, it looks like a log for some application. It has timestamps and includes references to OS 6.2, the internal version number for Windows 8 and Window Server 2012. It turns out that this file is associated with a malicious foothold that we discovered.”

• Hackers infecting other hackers with remote-access trojan
• More people are searching how to be a hacker during lockdown
• Bug bounties have made these hackers millionaires

The fake error log used by the attackers actually stores ASCII characters which have been disguised as hexadecimal values.

Hiding in plain sight

Once the fake error log has been decoded, it makes a script that is used to contact the attacker's command and control server to find out what to do next.

According to Ferrel, the payload is obtained by using a scheduled task impersonating a real one on the targeted system. The technique also uses two executables which have been renamed to appear as legitimate files.

The first is named “BfeOnService.exe” and this is actually a copy of a utility called “mshta.exe” that executes Microsoft HTML Applications (HTA). The utility has been abused in the past to deploy malicious HTA files but in this case, it is used to execute a VBScript to start PowerShell and run a command in it. The other executable is named “engine.exe” and is a copy of “powershell.exe”. It is used to extract the ASCII numbers contained in the fake error log and convert them in order to obtain the payload.

The payload itself collects information about browsers, tax software, security software and PoS software installed on the system. However, at this time, the end goal of the attacker using this new attack technique is still unknown.

• We've also highlighted the best antivirus software

Via BleepingComputer

To help developers check for errors in their code, GitHub has released its new Super Linter as setting up a new repository with all of the right linters for different types of code can be a time consuming and tedious process.

For those unfamiliar, a linter is a tool that is used to analyze source code to find and flag programming errors, bugs, stylistic errors and suspicious constructs. Each programming language used in a project requires its own linter and with its Super Linter, GitHub has created one linter to rule them all.

The company's Super Linter was originally created by the GitHub Services DevOps Engineering team to maintain consistency in its documentation and code. Now though, GitHub has decided to open source the tool so that all developers can take advantage of it.

• All GitHub features are now free for everyone
• GitHub launches Codespaces for in-browser coding
• Also check out the best Linux distro for developers

Once enabled, the Super Linter can prevent broken code from being uploaded to master branches, help establish coding best practices across multiple languages, build guidelines for code layout and format and automate the process to help streamline code reviews.

Super Linter

GitHub's Super Linter is a source code repository which is packaged into a Docker container and called by GitHub Actions. This allows for any repository on the developer platform to call the Super Linter and begin utilizing it.

The Super Linter supports a wide variety of popular programming languages including JavaScript, XML, Python3, JSON, TypeScript and more.

Once a user sets their repository to use the new tool, any time a pull request is opened, it will begin linting the code case. The Super Linter will then let you know if any of your code changes passed successfully or if any errors were detected.

GitHub's Super Linter is now available to all developers and the tool should make it easier to work on large projects written in multiple programming languages.

• These are the best laptops for developers

Via ZDNet

Former executive chairman of Alphabet, Eric Schmidt has warned that Huawei poses challenges to national security and that the Chinese firm has engaged in “unacceptable practices”, in a recent interview with the BBC.

After stepping down from his position of executive chairman at Google's parent company, Schmidt now chairs the Pentagon's Defense Innovation Board.

In a BBC Radio 4 documentary, he claimed that information from Huawei routers has ended up in the hands of the Chinese government. However, Huawei's UK chief, Victor Zhang refuted his allegations in a statement to the BBC, saying:

• US extends Huawei ban for another year
• China is launching its own GPS rival - and it’s nearing completion
• Huawei open-sources TensorFlow competitor MindSpore

"The allegations made by Eric Schmidt, who now works for the US government, are simply not true and as with similar assertions in the past, are not backed by evidence. Huawei is independent from any government, including the Chinese government.”

Challenge to US leadership

In the interview, Eric Schmidt also explained that Huawei poses a challenge to US leadership as it is a Chinese company that operates on the global stage but is building better products than its competitors. He believes that the answer to Huawei's dominance in the tech sector is to encourage more competition in the field.

Schmidt also revealed that he underestimated China's ability to innovate during his career in Silicon Valley, saying:

“I have carried the prejudices about China in my years working with them. That they're very good at copying things, that they're very good at organising things, that they throw large numbers of people at it. But they're not going to do anything new. They're very, very good at stealing, if you will, our stuff. Those prejudices need to be thrown out. The Chinese are just as good, and maybe better, in key areas of research and innovation as the West.”

In order to better compete against China, Schmidt believes that the West needs to invest more in research funding, encourage collaboration between the private sector, state and academia and remain open to the best talent from around the world.

• This is everything you need to know about 5G

Via BBC

Intel has unveiled the 3rd generation of its Xeon Scalable processors which will enable customers to accelerate the development and use of AI and analytics workloads.

The chip giant's new Xeon CPU is the first mainstream server processor with built-in bfloat16 support and this makes AI inference and training more widely deployable on general-purpose CPUs for applications that include image classification, recommendation engines, speech recognition and language modeling.

Vice president and general manager of the Xeon and Memory Group at Intel, Lisa Spelman explained in a press release how the company's 3rd gen Xeon CPUs will enable businesses to rapidly deploy AI and data analytics, saying:

• Intel Lakefield is here, powering the future of computing
• Intel reveals first AI chips
• Microsoft and Intel are turning malware into images

“The ability to rapidly deploy AI and data analytics is essential for today’s businesses. We remain committed to enhancing built-in AI acceleration and software optimizations within the processor that powers the world’s data center and edge solutions, as well as delivering an unmatched silicon foundation to unleash insight from data.”

Cooper Lake processors

With the new 3rd Gen Intel Xeon Scalable processors, Intel is boosting built-in AI acceleration through the integration of bfloat16 support into the processor's unique Intel DL Boost technology.

Bfloat16 is a compact numeric format which uses half the bits of today's FP32 format while achieving comparable model accuracy with minimal software changes. By adding bfloat16 support, the company has accelerated both AI training and inference performance in its Xeon CPUs. 

Intel has also upgraded the socket-to-socket interconnect in its Cooper Lake processors. The company's Xeon processors use Ultra Path Interconnect (UPI) to connect multiple CPUs together to act as one system. In Cooper Lake, each CPU-to-CPU connection now involves two UPI links each running at 10.4 GT/s to reach a total of 20.8 GT/s.

As part of the 3rd Gen Intel Xeon Scalable platform, the company has announced the Intel Optane persistent memory 200 series which will provide customers with up to 4.5TB of memory per socket to better handle data intensive workloads.

Both Intel's 3rd Gen Xeon Scalable processors and Optane persistent memory 200 series are available now and have already begun shipping out to customers.

• Also check out the best laptops for business

Via AnandTech

Cisco has addressed two high severity vulnerabilities in its Webex video conferencing software that could have allowed unprivileged attackers to run programs and code on vulnerable systems.

The two vulnerabilities, tracked as CVE-2020-3263 and CVE-2020-3342, affect Cisco Webex Meetings Desktop App releases earlier than version 39.5.12. and all Webex users should update their software to the latest version to avoid falling victim to any potential exploits.

In an advisory concerning the arbitrary program execution flaw affecting Webex's Windows client, Cisco provided more details on the vulnerability and explained what an attacker could do to a user's system following a successful exploit, saying:

• Cisco is making Webex even smarter with AI
• Cisco Webex triples capacity and doubles down on security
• Billions will be spent on video conferencing in 2020

“The vulnerability is due to improper validation of input that is supplied to application URLs. The attacker could exploit this vulnerability by persuading a user to follow a malicious URL. A successful exploit could allow the attacker to cause the application to execute other programs that are already present on the end-user system. If malicious files are planted on the system or on an accessible network file path, the attacker could execute arbitrary code on the affected system.”

Webex vulnerabilities

Cisco also patched a remote code execution vulnerability in Webex's Mac client that was caused by improper certificate validation on software update files downloaded by the software.

The vulnerability could allow an unauthenticated attacker to remotely execute arbitrary code with the same privileges of the logged in user on macOS. In a separate advisory, Cisco explained how an attacker could exploit the vulnerability, saying:

“An attacker could exploit this vulnerability by persuading a user to go to a website that returns files to the client that are similar to files that are returned from a valid Webex website. The client may fail to properly validate the cryptographic protections of the provided files before executing them as part of an update.”

Cisco has since fixed both of these vulnerabilities with the release of version 40.1.0 of Webex for Windows and version 39.5.11 of Webex for Mac. Windows and Mac users can update their Cisco Webex clients by following these instructions while admins can update both versions of the client by following this guide.

• We've also highlighted the best video conferencing software

Via BleepingComputer

The US government will likely block the activation of an undersea web cable linking the US to Hong Kong over fears of Chinese data theft.

The Pacific Light Cable Network was first announced in 2016 as a partnership between Google, Facebook and other companies with the aim of boosting internet speeds and capacity between North America and Asia.

However, a US government committee known as “Team Telecom” is now recommending that the US denies approval for the undersea cable on the grounds of national security. In a press release, the US Department of Justice explained how one of the investors in the Pacific Light Cable Network could pose a risk to the country's national security, saying:

• New undersea web cable to connect major Asian information hubs
• Huawei 'to sell' undersea cable business
• Facebook’s new undersea web cable will almost triple Africa’s internet capacity

“As submitted to the FCC, the PLCN application would have allowed for the highest capacity subsea cable connection between the United States and Asia and been the first direct connection between the United States and Hong Kong.  This raised national security concerns, because a significant investor in the PLCN is Pacific Light Data Co. Ltd., a Hong Kong company and subsidiary of Dr. Peng Telecom & Media Group Co. Ltd. (Dr. Peng Group), the fourth largest provider of telecommunications services in the PRC.”

Pacific Light Cable Network

The Pacific Light Cable Network is just one of the hundreds of undersea cables that provide global internet connectivity. When the new undersea cable was first announced, Google said that it would be 8,000 miles long and the “highest-capacity trans-Pacific route”.

In addition to connecting the US to Hong Kong, the project also has portions that connect the US with Taiwan and the Philippines. The installation of the Pacific Light Cable Network reportedly cost millions of dollars and the cable itself is ready to be turned on but needs approval to operate.

Team Telecom has recommended approval for the Taiwan and Philippines sections of the cable. However, the committee recommends that the activation of US to Hong Kong section should be blocked.

While Team Telecom doesn't want to activate the Hong Kong section of the cable, the final decision will ultimately be made by the FCC.

• These are the best cloud computing services

Via BBC

A new spyware campaign has been discovered which used malicious Google Chrome extensions downloaded by 32m people to steal user data and credentials online.

As reported by Reuters, security researchers at Awake Security alerted Google to the presence of more than 70 malicious add-ons on the official Chrome Web Store that have now been removed.

The majority of the free extensions in question either warned users about questionable websites or were used to convert files from one format to another. However, the extensions actually siphoned off users' browsing history and other data that provided scammers with their credentials.

• Hundreds more malicious Google Chrome extensions taken down
• Google Chrome sees Web Store security crackdown
• These are the best anonymous browsers

According to Awake Security's co-founder and chief scientist, Gary Golomb this was one of the most far-reaching campaigns in the Chrome Web Store to date based on the fact that the malicious extensions were downloaded 32m times.

Malicious extensions

The extensions used in the campaign were designed to avoid detection by antivirus software and other security software which evaluates the reputations of domains on the web. It is also unclear as to who designed the extensions as the developers supplied fake contact information to Google when they submitted them.

If a user downloaded one of the malicious extensions and then used Google Chrome on their home computer, they would connect to a series of websites and transmit information. However, users browsing on a corporate network would not transmit any sensitive information or even reach the attacker's websites. The 15,000 domains used in the campaign were all purchased from a small Israeli domain registrar called Galcomm.

Security researcher from Tripwire's vulnerability and exposure research team (VERT), Craig Young provided further insight on how extensions can undermine Chrome's security, saying:

“The proliferation of browser extensions as conduits for all manner of online activity has been absolutely terrible for security. Chrome generally does well at resisting compromise from sophisticated exploits but extensions can undermine this security completely. When installing an extension, users must approve a permissions manifest defining what the extension can access but it’s likely that the majority of users are not reading or understanding the permission list.”

While extensions can certainly be useful, users should be wary about installing ones from unknown developers to avoid falling victim to potential scams online.

• We've also highlighted the best VPN services

Via Reuters

A new report has revealed that the largest data loss in CIA history occurred as the result of “woefully lax” security practices.

Back in early 2017, WikiLeaks published details on top-secret CIA hacking tools that were actually part of a larger set of data (37TB) stolen from one of the US agency's high-security networks. These hacking tools were developed by the CIA's Center for Cyber Intelligence (CCI) and were published by WikiLeaks as part of its Vault 7 leak series.

A WikiLeaks Task Force was assembled to investigate the practices that led to the agency's massive data loss and it issued a report seven months after the first Vault 7 leak that provided more details on the extent and cause of the leak. The report found that the CCI was more concerned with creating cyber weapons than it was with securing them.

• CIA used encryption company as front to spy on foreign powers
• How safe is Tor? Ask the CIA
• This Linux laptop hack could be vital to protecting your privacy

In a letter to the Director of National Intelligence John Ratcliffe, US senator Ron Wyden provided further details on the CCI's failure to secure the cyber weapons it had created, saying:

"The CIA's [Center for Cyber Intelligence (CCI)] has prioritized building cyber weapons at the expense of securing their own systems. Day-to-day security practices had become woefully lax....Most of our sensitive cyber weapons were not compartmented, users shared systems administrator-level passwords, there were no effective removable media controls, and historical data was available to users indefinitely. Furthermore, CCI focused on building cyber weapons and neglected to also prepare mitigation packages if those tools were exposed. These shortcomings were emblematic of a culture that evolved over years that too often prioritized creativity and collaboration at the expense of security."

Woefully lax security

According to the report, the CIA employee responsible for the Vault 7 leaks stole at least 180 GB of data in the spring of 2016. However, the task force said that the employee may have actually taken as much as 34 TB of the agency's data. 

In 2018, federal authorities identified former CIA employee Joshua Adam Schulte as the suspect who had leaked the data. He was later indicted and plead not guilty to the charges. However, during Schulte's criminal trial, the jury was unable to reach a verdict on the most serious charges.

The task force's report also revealed that WikiLeaks did not obtain final versions of the CIA's hacking tools and source code as they were stored in a Gold folder which was better protected.

While WikiLeaks' Vault 7 data leak was embarrassing for the CIA, it likely taught the agency a lesson when it comes to securing sensitive data.

• Also check out our complete list of the best antivirus software

Via Ars Technica

Amazon has revealed that its AWS Shield service was able to mitigate the largest DDoS attack ever recorded at 2.3 Tbps back in February of this year.

The company's new AWS Shield Threat Landscape report provided details on this attack and others mitigated by its AWS Shield protection service. 

While the report did not identify the AWS customer targeted in the DDoS attack, it did say that the attack itself was carried out using hijacked CLDAP (Connection-less Lightweight Directory Access Protocol) web servers and lasted for three days.

• DDoS attacks soar after long period of decline
• New round of DDoS attacks powered by WSD protocol
• Also check out our roundup of the best antivirus software

Since late 2016, this protocol has often been used in DDoS attacks as CLDAP servers can amplify DDoS traffic by 56 to 70 times is initial size. CLDAP is also a highly sought-after protocol by cybercriminals and it is provided by many DDoS-for-hire services.

DDoS attacks

The DDoS attack mitigated by AWS Shield in February of this year now holds the record for the largest of its kind yet. 

The previous record is held by a 1.7 Tbps attack which was mitigated by Netscout Arbor back in March of 2018 and a month before that, GitHub was hit with a 1.3 Tbps DDoS attack.

Both the Netscout and GitHub DDoS attacks abused Memcached servers which were exposed on the internet in order to reach massive bandwidths. During that time, Memcached was a new DDoS attack vector and cybercriminals abused over 100,000 Memcached servers.

Recently though, DDoS attacks have declined in both number and frequency as a result of ISPs, content delivery networks and other internet businesses working together to secure vulnerable Memcached systems. However, Kaspersky released a report last year that said DDoS attacks were on the rise as more DDoS-for-hire websites were launched.

These days DDoS attacks usually peak at around 500 Gbps and are much smaller in scale. The recent attack mitigated by Amazon is an outlier and hopefully doesn't become the norm going forward.

• We've also highlighted the best DDoS protection

Via ZDNet