Apache Hadoop | Breaking Cybersecurity News | The Hacker News

Cybersecurity researchers have discovered a new botnet malware family called Gorilla (aka GorillaBot) that draws its inspiration from the leaked Mirai botnet source code. Cybersecurity firm NSFOCUS, which identified the activity last month, said the botnet "issued over 300,000 attack commands, with a shocking attack density" between September 4 and September 27, 2024. No less than 20,000 commands designed to mount distributed denial-of-service (DDoS) attacks have been issued from the botnet every day on average. The botnet is said to have targeted more than 100 countries, attacking universities, government websites, telecoms, banks, gaming, and gambling sectors. China, the U.S., Canada, and Germany have emerged as the most attacked countries. The Beijing-headquartered company said Gorilla primarily uses UDP flood , ACK BYPASS flood, Valve Source Engine (VSE) flood , SYN flood , and ACK flood to conduct the DDoS attacks, adding the connectionless nature of the UDP prot...

Cybersecurity researchers have identified a new attack that exploits misconfigurations in Apache Hadoop and Flink to deploy cryptocurrency miners within targeted environments. "This attack is particularly intriguing due to the attacker's use of packers and rootkits to conceal the malware," Aqua security researchers Nitzan Yaakov and Assaf Morag  said  in an analysis published earlier this week. "The malware deletes contents of specific directories and modifies system configurations to evade detection." The infection chain targeting Hadoop leverages a misconfiguration in the YARN's (Yet Another Resource Negotiator)  ResourceManager , which is responsible for tracking resources in a cluster and scheduling applications. Specifically, the misconfiguration can be exploited by an unauthenticated, remote threat actor to execute arbitrary code by means of a crafted HTTP request, subject to the privileges of the user on the node where the code is executed. The ...

"A boxer derives the greatest advantage from his sparring partner…" — Epictetus, 50–135 AD Hands up. Chin tucked. Knees bent. The bell rings, and both boxers meet in the center and circle. Red throws out three jabs, feints a fourth, and—BANG—lands a right hand on Blue down the center. This wasn't Blue's first day and despite his solid defense in front of the mirror, he feels the pressure. But something changed in the ring; the variety of punches, the feints, the intensity – it's nothing like his coach's simulations. Is my defense strong enough to withstand this? He wonders, do I even have a defense? His coach reassures him "If it weren't for all your practice, you wouldn't have defended those first jabs. You've got a defense—now you need to calibrate it. And that happens in the ring." Cybersecurity is no different. You can have your hands up—deploying the right architecture, policies, and security measures—but the smallest gap in your defense could let an attacker land a kn...