A team of Chinese academics has found a new way to abuse HTTP packets to amplify web traffic and bring down websites and content delivery networks (CDNs). Named RangeAmp, this new Denial-of-Service (DoS) technique exploits incorrect implementations of the HTTP “Range Requests” attribute. HTTP Range Requests are part of the HTTP standard and allow clients (usually browsers) to request only…
New vulnerability in DNS server software can be leveraged for DDoS attacks with an 1620x amplification factor. A team of academics from Israel has disclosed today details about NXNSAttack, a vulnerability in DNS servers that can be abused to launch DDoS attacks of massive proportions. According to the research team, NXNSAttack impacts recursive DNS servers and the process of DNS…
The scourge of distributed denial-of-service (DDoS) attacks has been a major concern for businesses and governments for more than two decades. First reported in 1996, this is a destructive and ever-evolving vector of cyber raids that knocks electronic networks offline by flooding them with the traffic they can’t handle. Not only is DDoS a way for hacktivists to manifest protest…
A previously unknown SQL injection vulnerability in the Sophos XG Firewall gave hackers access to customers’ local usernames and hashed passwords for several days. The Abingdon, U.K.-based platform security vendor said it learned late Wednesday of an attack against its physical and virtual XG Firewall units when a suspicious field value was discovered inside the device’s management interface. The attack…
There is no escaping it. COVID-19 is dominating headlines and has impacted virtually every corner of the world. Like most people at this point, I’m 30 days into isolation and trying everything in my power to ignore the elephant in the room and the politics that go along with it. Unfortunately, or fortunately, cyber security is an essential business. As…
Dutch law enforcement has shut down 15 DDoS-for-hire services that were used to run cyberattacks aimed at knocking websites and networks offline. Although they did not reveal the names of the DDoS-for-hire booters that they stopped, Police in The Netherlands were able to arrest a 19-year-old man from The Netherlands, who is suspected of orchestrating a DDoS attack against two websites that provide…
US Health Agencies Are Fending off DDoS Attacks and Disinformation Campaigns in the Midst of a Pandemic Unfettered by social distancing measures or economic concerns, cyber threat actors are taking full advantage of opportunities created by the coronavirus pandemic. United States health agencies are being tested by distributed denial of service (DDoS) attacks and social media disinformation campaigns as they…
There has been a 168% increase in DDoS attacks in Q4 2019, compared with Q4 2018, and a 180% increase overall in 2019 vs. 2018, according to Neustar. The company saw DDoS attacks across all size categories increase in 2019, with attacks sized 5 Gbps and below seeing the largest growth. These small-scale attacks made up more than three quarters…
Australian banking and financial institutions received extortion emails threatening them of possible distributed denial of service (DDoS) attacks against them. To avert this situation the extortioners demanded a ransom that needs to be paid in the form of Monero (XMR) cryptocurrency. The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) is aware of this extortion campaign and issued threat advice…
As the cryptocurrency industry continues to mature, security remains a major challenge. Over the last few weeks, a number of cryptocurrency exchanges — namely, OKEx, Bitfinex, Digitex and Coinhako — have experienced security breaches. Although the attackers apparently did not manage to steal any funds, one of the incidents resulted in a leak of Know Your Customer data. All of…
