denial of service | Breaking Cybersecurity News | The Hacker News

Distributed Denial of Service (DDoS) attack is a malicious form of attack that disrupts the regular network traffic by overwhelming the website with more traffic than the server can handle. The main aim of this kind of cyberattack is to render the website inoperable. Over recent years, these kinds of attacks are increasing, fueling the demand for the  best DDoS protection  software solutions. Many unplanned data center outages are owing to DDoS attacks. The threat of DDoS is due to access to easy-to-use tools and the profit potential through extortion.  The attacks target businesses directly, leading to substantial financial and personal losses, making it critical to have robust DDoS protection software solutions in place. According to the report of  Market Research Inc , the DDoS protection Software Market is predicted to reach +14% CAGR by 2020 – 2028.  Important Statistics to illustrate the growing demand for DDoS Software Solutions Demand for the DDoS software market is on th

A team of German cybersecurity researchers has discovered a new cache poisoning attack against web caching systems that could be used by an attacker to force a targeted website into delivering error pages to most of its visitors instead of legitimate content or resources. The issue could affect sites running behind reverse proxy cache systems like Varnish and some widely-used Content Distribution Networks (CDNs) services, including Amazon CloudFront, Cloudflare, Fastly, Akamai, and CDN77. In brief, a Content Distribution Network (CDN) is a geographically distributed group of servers that sit between the origin server of a website and its visitors to optimize the performance of the website. A CDN service simply stores/caches static files—including HTML pages, JavaScript files, stylesheets, images, and videos—from the origin server and delivers them to visitors more quickly without going back to the originating server again and again. Each of the geographically distributed CDN se

Various implementations of HTTP/2 , the latest version of the HTTP network protocol, have been found vulnerable to multiple security vulnerabilities affecting the most popular web server software, including Apache, Microsoft's IIS, and NGINX. Launched in May 2015, HTTP/2 has been designed for better security and improved online experience by speeding up page loads. Today, over hundreds of millions of websites, or some 40 percent of all the sites on the Internet, are running using HTTP/2 protocol. A total of eight high-severity HTTP/2 vulnerabilities , seven discovered by Jonathan Looney of Netflix and one by Piotr Sikora of Google, exist due to resource exhaustion when handling malicious input, allowing a client to overload server's queue management code. The vulnerabilities can be exploited to launch Denial of Service (DoS) attacks against millions of online services and websites that are running on a web server with the vulnerable implementation of HTTP/2 , knocking

Samba maintainers have just released new versions of their networking software to patch two critical vulnerabilities that could allow unprivileged remote attackers to launch DoS attacks against servers and change any other users' passwords, including admin's. Samba is open-source software (re-implementation of SMB networking protocol) that runs on the majority of operating systems available today, including Windows, Linux, UNIX, IBM System 390, and OpenVMS. Samba allows non-Windows operating systems, like GNU/Linux or Mac OS X, to share network shared folders, files, and printers with Windows operating system. The denial of service vulnerability, assigned CVE-2018-1050 , affects all versions of Samba from 4.0.0 onwards and could be exploited "when the RPC spoolss service is configured to be run as an external daemon." "Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.

A 5-year-old serious privilege-escalation vulnerability has been discovered in Linux kernel that affects almost every distro of the Linux operating system, including Redhat, and Ubuntu. Over a month back, a nine-year-old privilege-escalation vulnerability, dubbed " Dirty COW ," was discovered in the Linux kernel that affected every distro of the open-source operating system, including Red Hat, Debian, and Ubuntu. Now, another Linux kernel vulnerability ( CVE-2016-8655 ) that dates back to 2011 disclosed today could allow an unprivileged local user to gain root privileges by exploiting a race condition in the af_packet implementation in the Linux kernel. Philip Pettersson, the researcher who discovered the flaw, was able to create an exploit to gain a root shell on an Ubuntu 16.04 LTS system (Linux Kernel 4.4) and also defeated SMEP/SMAP (Supervisor Mode Execution Prevention/Supervisor Mode Access Prevention) protection to gain kernel code execution abilities. In

A proof-of-concept (PoC) exploit for a critical vulnerability in the Network Time Protocol daemon (ntpd) has been publically released that could allow anyone to crash a server with just a single maliciously crafted packet. The vulnerability has been patched by the Network Time Foundation with the release of NTP 4.2.8p9, which includes a total of 40 security patches, bug fixes, and improvements. The NTP daemon is used in almost every device that needs to synchronize time on computer clocks. NTP got the most attention in late 2014 and 2015 when hackers used it to launch highly amplified DDoS attacks against services. The flaw which affects NTP.org's nptd versions prior to 4.2.8p9, but not including ntp-4.3.94, has been discovered by security researcher Magnus Stubman, who privately disclosed it to the Network Time Foundation on June 24. A patch for the vulnerability was developed and sent to Stubman on 29th September and just two days later, the researcher acknowledged t

A hacker with little more than a minute can bypass the authentication procedures on some Linux systems just by holding down the Enter key for around 70 seconds. The result? The act grants the hacker a shell with root privileges, which allows them to gain complete remote control over encrypted Linux machine. The security issue relies due to a vulnerability ( CVE-2016-4484 ) in the implementation of the Cryptsetup utility used for encrypting hard drives via Linux Unified Key Setup (LUKS), which is the standard implementation of disk encryption on a Linux-based operating system. The flaw actually is in the way the Cryptsetup utility handles password failures for the decryption process when a system boots up, which lets a user retry the password multiple times. What's even worse? Even if the user has tried up all 93 password attempts, the user is dropped to a shell (Busybox in Ubuntu) that has root privileges. In other words, if you enter a blank password 93 times – or s

With the release of 12 Security Bulletins , Microsoft addresses a total of 56 vulnerabilities in its different products. The bulletins include five critical updates, out of which two address vulnerabilities in all versions of Windows. The September Patch Tuesday update (released on second Tuesday of each month) makes a total of 105 Security Bulletins being released this year; which is more than the previous year with still three months remaining for the current year to end. The reason for the increase in the total number of security bulletins within such less time might be because of Windows 10 release and its installation reaching to a score of 100 million. Starting from MS15-094 to   MS15-105 ( 12 security bulletins ) Microsoft rates the severity of the vulnerabilities and their impact on the affected software. Bulletins MS15-094 and MS15-095 are the cumulative updates, meaning these are product-specific fixes for security related vulnerabilities that are rated

Security researchers from Core Security has reportedly found a Denial of Service ( DoS ) attack vulnerability in Android WiFi-Direct. Android's WiFi-Direct is a wireless technology that allows two devices to establish a direct, peer-to-peer Wi-Fi connection without requiring a wireless router. Smartphones have been able to support Wi-Fi Direct for a while now. According to the advisory , the remotely exploitable denial-of-service vulnerability is affecting a wide number of Android mobile devices when it scans for WiFi Direct devices. If exploited, the vulnerability would let an attacker force a reboot of a device. " An attacker could send a specially crafted 802.11 Probe Response frame causing the Dalvik subsystem to reboot because of an Unhandle Exception on WiFiMonitor class ," advisory states. The Android WiFi-Direct vulnerability (CVE-2014-0997) affects: Nexus 5 - Android 4.4.4 Nexus 4 - Android 4.4.4 LG D806 - Android 4.2.2 Samsung SM-T310 - Android

Users running the website on a self-hosted WordPress or on Drupal are strongly recommended to update their websites to the latest version immediately. A moderately critical vulnerability was discovered in the way Drupal and WordPress implement XMLRPC, which can lead an attacker to disable your website via a method known as Denial of Service (DoS) . VULNERABILITY RESULTS IN DoS ATTACK The latest update of WordPress 3.9.2 mainly addresses an issue in the PHP's XML processor that could be exploited to trigger a DoS (denial of service) attack . The vulnerability affects all previous versions of WordPress. The XML vulnerability was first reported by Nir Goldshlager , a security researcher from Salesforce.com's product security team, that impacts both the popular website platforms. The issue was later fixed by Michael Adams and Andrew Nacin of the WordPress security team and David Rothstein of the Drupal security team. ATTACK MAKES YOUR WEBSITE COMPLETELY INACCES

Beginning of the new month, Get Ready for Microsoft Patch Tuesday! Microsoft has released its Advance Notification for the month of July 2014 Patch Tuesday releasing six security Bulletins, which will address a total of six vulnerabilities in its products, out of which two are marked critical, one is rated moderate and rest are important in severity. All six vulnerabilities are important for you to patch, as the flaws are affecting various Microsoft software, including Microsoft Windows, Microsoft Server Software and Internet Explorer, with the critical ones targeting Internet Explorer and Windows. Microsoft is also providing an update for the " Microsoft Service Bus for Windows Server " which is rated moderate for a Denial of Service (DoS) flaw. " At first glance it looks like Microsoft may be taking it easy on us this month, which would be nice since we will be coming off a long holiday weekend here in the U.S."  Chris Goettl from IT Security firm

Google's Nexus Smartphones are vulnerable to SMS-based DOS attack , where an attacker can force it to restart, freeze, or lose network connection by sending a large number of special SMS messages to them. The vulnerability, discovered by Bogdan Alecu , a system administrator at Dutch IT services company Levi9, and affects all Android 4.x firmware versions on Google Galaxy Nexus, Nexus 4 and Nexus 5. The problem is with how the phones handle a special type of text message, known as a flash SMS. By sending around 30 Flash SMS ( Flash SMS is a type of message that normally is not stored by the system and does not trigger any audio alerts ) messages to Nexus phone an attacker can cause the phone to malfunction. He presented the vulnerability on Friday at the DefCamp security conference in Bucharest, Romania. In an email exchange with me, he said ' I was testing different message types and for the class 0 messages I noticed that the popup being displayed also adds an extra layer wh

In March of this year, we saw the first ever 300 Gigabit DDoS attack , which was possible due to a DNS Reflection Amplification attack against Spamhaus . On 24 September World's 3rd Largest Bitcoin exchange BTC China , a platform where both Bitcoin and Chinese yuan are traded faced massive DDoS attack for continued nine hours, where no amplification techniques were used. Incapsula , Cloud-based security service provider helped the Chinese Bitcoin trader to protect them from such massive denial-of-service attack and successfully mitigated the threats. Incapsula tweeted  a graph of DDoS attack last month as shown, " Yesterday we prevented a ~100Gbps DDoS. The attack's load was distributed across our 350Gbps network. " Specialist at Incapsula shared the details of the attack with TheRegister , explained " The attack against BTC China took the form of a SYN flood rather than the DNS amplification-style attack ", " The attacker balanced the assault betwee

Yeah, it's Patch Tuesday once again. Almost 10 years ago in October, 2003 - Microsoft  invented the process of regularly scheduled security updates on every second Tuesday of the Month, as  Patch Tuesday. Today, the Microsoft Security team will i ssue eight security updates in total, out of that -- three of which are designated as " critical ," and rest five as " Important " updates, that patches vulnerabilities in Microsoft Windows, Microsoft Server Software, and Internet Explorer. The eight bulletins that Microsoft is releasing fixes a total of 23 different vulnerabilities in Microsoft products. Microsoft will be rolling out a total of three Critical patches dealing with Remote Code Execution. Windows 8 is expected to get four of the updates, one of them is critical and dealing with Remote Code Execution with Internet Explorer 10, while the other three updates are Important and deal with Elevation of Privilege and Denial of Service . Windows RT i

A vulnerability in the latest firmware of the network-enabled Samsung TV models allows potential attackers to crash the vulnerable devices using Denial of Service ( DoS ) Attack, according to security researcher Malik Mesellem . According to Malik, The web server (DMCRUIS/0.1) installed on Smart TVs on port TCP/5600 can be crashed to reboot the device, if attacker will send a long HTTP GET request on TV's ip address. Malik successfully tested the exploit on his Samsung PS50C7700 plasma TV, as shown in the video demonstration below: In the Demo, The TV is connected by ethernet cable to a home network, and after running the exploit against TV's ip address - A few seconds later, the TV would restart and repeat the process. This means that a potential attacker only needs to obtain access to the LAN that the TV has joined, in order to attack it. This can be done either by breaking into a wireless access point or by infecting a computer on the same network with

A website that can be described as " DDoS for hire " is perfectly legitimate, according to the owner. Malicious sites that offer attack services are not strangers on the Internet, but web sites sponsored by law enforcement is another story altogether. Ragebooter, is one of many sites that accepts payment through PayPal in order to flood sites with junk traffic, overloading servers and denying others access. The service uses a technique called DNS reflection to flood a website and amplify the amount of traffic directed at an address. Unlike other existing sites that offer similar services, the Ragebooter have particularly interesting back door leading directly to the FBI. It seems that the Federal Investigation Bureau uses the site to monitor the activity of users on the network, and that added to the site IP Logger that keeps the IP addresses of all users coming to the site. Investigation shows the site operator is a guy named Justin Folland located in M

Distributed Denial of Service attacks have increased in scale, intensity and frequency. The wide range of motives for these attacks political , criminal, or social makes every merchant or organization with an online presence a potential target. Over the weekend Incapsula mitigated a unique DDoS attack against a large gaming website, in which they have discovered a DDoS attack using thousands of legitimate WordPress blogs without the need for them to be compromised. Incapsula released the list of approximately 2,500 WordPress sites from where the attack was originated, including some very large sites like Trendmicro.com, Gizmodo.it and Zendesk.com . In a recent report , we posted about another method for DDoS attacks using DNS amplification , where a DNS request is made to an open DNS resolver with the source IP address forged so that it is the IP address of the targeted site to which the response is thus sent, but this new method uses HTTP rather than DNS. The

The Dutch police have confirmed the arrest of a 35-year-old man suspected of taking part in a massive DDoS attack against the anti-spam group Spamhaus back in March . The attack's bandwidth peaked at over 300Gbps, making it the largest DDoS attack in history. Their target, Spamhaus, is a company which creates blacklists of spam sites and sells them to Internet Service Providers. Spamhaus was attacked with DDOS and the website overcrowded with traffic and went offline. Later CloudFlare was hired by Spamhaus to protect against such attacks. The suspect was arrested by Spanish authorities in Barcelona based on a European arrest warrant and is expected to be transferred to the Netherlands soon. The man arrested is believed to be Sven Kamphuis, the owner and manager of Dutch hosting firm Cyberbunker that has been implicated in the attack. This DDoS attack was believed to have been sparked when Spamhaus placed CyberBunker on its spam blacklist. Cyberbunker is a D

Three members of the high profile internet hacktivist group LulzSec have admitted to their parts in a series of cyber attacks against the NHS, Sony and News International. Ryan Ackroyd, Jake Davis and Mustafa Al-Bassam, pleaded guilty to one charge of carrying out an unauthorized act to impair the operation of a computer, contrary to the Criminal Law Act 1977. In July 2011 the Sun's website was hacked and users were briefly re-directed to a spoof page that falsely claiming that Rupert Murdoch had died. Davis, from Shetland, and Bassam, a student from Peckham, south London, admitted conspiring to bring down the websites of law enforcement authorities in Britain and the US, including the CIA and the Serious Organized Crime Agency (SOCA). The group, an offshoot of the Anonymous hacktivists, but Both LulzSec and Anonymous wreaked havoc throughout 2011 and 2012, knocking thousands of websites offline and pilfering data from well-known companies. The men are said to h

Accunetix a web application security company reported vulnerabilities found in the Wordpress Pingback feature. According to report, Pingback vulnerability exists in the WordPress blogging platform that could leak information and lead to distributed denial of service (DDoS) attacks. " WordPress has an XMLRPC API that can be accessed through the xmlrpc.php file. When WordPress is processing pingbacks, it's trying to resolve the source URL, and if successful, will make a request to that URL and inspect the response for a link to a certain WordPress blog post. If it finds such a link, it will post a comment on this blog post announcing that somebody mentioned this blog post in their blog. " Bogdan Calin explained . Pingback is one of three types of linkbacks, methods for Web authors to request notification when somebody links to one of their documents. This enables authors to keep track of who is linking to, or referring to their articles. Some weblog software, such as Mo