eurogamer.net
News by Connor Makar Staff Writer
Published on Jan. 6, 202
Final Fantasy 14 is suffering DDOS attacks on its American servers during the release of the latest Savage raid.
Final Fantasy 14 has released its latest Savage-tier raid today, pushing the game's best and brightest to race through this new challenge group content to earn powerful loot and see which region can take it down first. However, for Americans, this is proving difficult due to ongoing DDOS attacks and server outages.
With the release of patch 7.4 last month, players were welcomed back to the game with a bunch of new content to pour over. The Savage difficulty for the Heavyweight raid, which was delayed until after the holiday season, has just come out resulting in the usual rush to see which team can take it down first.
The problem comes from DDOS attacks. American players, obviously present on different servers than like-minded raiders in other regions, are facing a spree of connection issues as the servers are bombarded with digital assaults from nefarious parties. Checking the FF14 server status page, you can see a sizable portion of America servers under strain.
This has resulted in chaos for the race for world first Heavyweight Savage clears, as American teams are scrambling to contend with these extra hurdles. Players looking to temporarily hop to different servers, such as Oceania's Materia server cluster, aren't safe from these attacks either. The only way to dodge such attacks at this time appears to be a full-on server transfer to another region, which would add additional latency to play which top-end players tackling difficult content wouldn't want anyway. A messy situation.
Funnily enough, it appears as though Japanese servers are largely doing just fine during the initial release of Savage Heavyweights so far! This is both good and bad. It's good because these server outages are annoying and the less people experience them the better. It's bad because, from the perspective of competitive raiders looking to race each other to a world first clear, it adds a degree of unfairness to the mix. It takes what should be a joyful moment and sours it.
Unfortunately, this Savage raid release isn't the first time problems like these have hit Final Fantasy 14. In fact, it was only around two weeks ago when the American servers suffered several DDOS attacks. For Western FF14 players, this is a problem in desperate need of addressing, especially now that it's impacted one of the more climactic moments in the Dawntrail expansion's life cycle.
A short post on the Final Fantasy 14 website has acknowledged the problem, and states that it's being looked into. However, given the time sensitive nature of these Savage raid races, it's possible for the most dedicated FF14 players, the damage has been done.
Kaspersky researchers discovered previously unidentified commercial Dante spyware developed by Memento Labs (formerly Hacking Team) and linked it to the ForumTroll APT attacks.
Hacktivist attacks surge on U.S. targets after Iran bombings, with groups claiming DDoS hits on military, defense, and financial sectors amid rising tensions.
The U.S. has become a target in the hacktivist attacks that have embroiled several Middle Eastern countries since the start of the Israel-Iran conflict.
Several hacktivist groups have claimed DDoS attacks against U.S. targets in the wake of U.S. airstrikes on Iranian nuclear sites on June 21.
The attacks—most notably from hacktivist groups Mr Hamza, Team 313, Cyber Jihad, and Keymous+—targeted U.S. Air Force domains, major U.S. Aerospace and defense companies, and several banks and financial services companies.
The cyberattacks follow a broader campaign against Israeli targets that began after Israel launched attacks on Iranian nuclear and military targets on June 13. Israel and Iran have exchanged missile and drone strikes since the conflict began, and Iran also launched missiles at a U.S. military base in Qatar on June 23.
The accompanying cyber warfare has included DDoS attacks, data and credential leaks, website defacements, unauthorized access, and significant breaches of Iranian banking and cryptocurrency targets by Israel-linked Predatory Sparrow. Electronic interference with commercial ship navigation systems has also been reported in the Strait of Hormuz and the Persian Gulf.
The individuals operating under the DragonForce banner and attacking UK high street retailers are using social engineering for entry. I think it’s in the public interest to break down what is happening.
The attacks on Marks and Spencer, Co-op and Harrods are linked. DragonForce’s lovely PR team claim more are to come.
Defenders should urgently make sure they have read the CISA briefs on Scattered Spider and LAPSUS$ as it’s a repeat of the 2022–2023 activity which saw breaches at Nvidia, Samsung, Rockstar and Microsoft amongst many others. More info below.
I am not saying it is Scatter Spider; Scattered Spider has become a dumping ground for e-crime groups anyway. The point is they — the threat actor — are entering using the front door, via the helpdesk to get MFA access — those are very good guides from defenders about what to do, links below.
Source: Cybersecurity and Infrastructure Security Agency
DragonForce is a white label cartel operation housing anybody who wants to do e-crime. Some of them are pretty good at e-crime.
While organisations are away at RSA thinking about quantum AI cyber mega threats — the harsh reality is most organisations do not have the foundations in place to do be worrying about those kind of things. Generative AI is porn for execs and growth investment — threat actors are very aware that now is the time to launch attacks, not with GenAI, but foundational issues. Because nobody is paying attention.
Once they get access, they are living off the land — using Teams, Office search to find documentation, the works. Forget APTs, now you have the real threat: Advanced Persistent Teenagers, who have realised the way to evade most large cyber programmes is to cosplay as employees. Last time this happened, the MET Police ended up arresting a few under-18 UK nationals causing incidents to largely drop off.
The uptick began in the fourth quarter of 2024 and continued into 2025, with the increases largely attributed to Clop’s exploitation of a popular file sharing service.
Jonathan Braley, director of cyber information sharing organization Food and Ag-ISAC, spoke at the RSA Conference on Thursday and warned of not only the increase in ransomware incidents but the continued lack of visibility into the full scope of the problem.
“A lot of it never gets reported, so a ransomware attack happens and we never get the full details,” he told Recorded Future News on the sidelines of the conference. “I wish companies would be more open in talking about it and sharing ‘Here's what they use, here's how we fixed it,’ so the rest of us can prevent that.”
The uptick began in the fourth quarter of 2024 and continued into 2025, with the increases largely attributed to Clop’s exploitation of a popular file sharing service. But Braley noted that even when they took out the attacks attributed to Clop, groups like RansomHub and Akira were still continuing to attack the food industry relentlessly.
The Food and Ag-ISAC obtained its numbers through a combination of open-source sites, dark web monitoring, member input and information sharing between National Council of ISAC members.
The industry saw 31 attacks in January and 35 in February before a dip to 18 attacks in March.
The 84 attacks seen from January to March were more than double the number seen in Q1 2024.
New malware targets Apache Tomcat servers, hijacking resources through stealthy payloads & lateral movement. What to watch for to protect your workloads
Facial Recognition Injection Attacks involve injecting tampered video feeds or deepfakes into facial recognition systems to bypass security. Current attack types include Virtual Video Injections, Hardware-based Video Injections, Device Emulation and Function Hooking.
A spate of devastating attacks on the health care sector prompts Brussels to ramp up funding and threat intelligence.
The Department of Homeland Security knows which countries SS7 attacks are primarily originating from. Others include countries in Europe, Africa, and the Middle East.
In this research, we uncovered several vulnerabilities and security flaws within the Prometheus ecosystem. These findings span across three major areas: information disclosure, denial-of-service (DoS), and code execution. We found that exposed Prometheus servers or exporters, often lacking proper authentication, allowed attackers to easily gather sensitive information, such as credentials and API keys.
Additionally, we identified an alarming risk of DoS attacks stemming from the exposure of pprof debugging endpoints, which, when exploited, could overwhelm and crash Prometheus servers, Kubernetes pods and other hosts.
Some users are still lamenting issues in using the encrypted email service
We uncover macOS lateral movement tactics, such as SSH key misuse and AppleScript exploitation. Strategies to counter this attack trend are also discussed. We uncover macOS lateral movement tactics, such as SSH key misuse and AppleScript exploitation. Strategies to counter this attack trend are also discussed.
Downgrade attacks: researchers took over the Windows Update process to make the term “fully patched” meaningless on any Windows machine.
New Gorilla botnet launches over 300,000 DDoS attacks globally, exploiting IoT devices and Apache Hadoop flaws.
Radware found that Web DDoS attacks rose by 265% in H1 2024, driven by hacktivist groups amid rising geopolitical tensions
Apple has issued a new round of threat notifications to iPhone users across 98 countries, warning them of potential mercenary spyware attacks. It's the Apple issued threat notifications to iPhone users across 98 countries, warning them of spyware attacks.
In recent months, a surge in cryptodrainer phishing attacks has been observed, targeting cryptocurrency holders with sophisticated schemes aimed at tricking them into divulging their valuable credentials.
A sharp increase of DDoS attacks have been observed since the beginning of 2023. A new trend is to send high packet rate attacks though. This article introduces the findings of our teams in order to bring new insights regarding this threat.
Researchers have discovered several vulnerabilities in popular WordPress plugins that allow attackers to create rogue admin accounts.
#attacks #breach #computer #cyber #data #hack #hacker #hacking #how #information #malware #network #news #ransomware #security #software #the #to #today #updates #vulnerability
