denial of service | Breaking Cybersecurity News | The Hacker News

A vulnerability in the latest firmware of the network-enabled Samsung TV models allows potential attackers to crash the vulnerable devices using Denial of Service ( DoS ) Attack, according to security researcher Malik Mesellem . According to Malik, The web server (DMCRUIS/0.1) installed on Smart TVs on port TCP/5600 can be crashed to reboot the device, if attacker will send a long HTTP GET request on TV's ip address. Malik successfully tested the exploit on his Samsung PS50C7700 plasma TV, as shown in the video demonstration below: In the Demo, The TV is connected by ethernet cable to a home network, and after running the exploit against TV's ip address - A few seconds later, the TV would restart and repeat the process. This means that a potential attacker only needs to obtain access to the LAN that the TV has joined, in order to attack it. This can be done either by breaking into a wireless access point or by infecting a computer on the same network with

A website that can be described as " DDoS for hire " is perfectly legitimate, according to the owner. Malicious sites that offer attack services are not strangers on the Internet, but web sites sponsored by law enforcement is another story altogether. Ragebooter, is one of many sites that accepts payment through PayPal in order to flood sites with junk traffic, overloading servers and denying others access. The service uses a technique called DNS reflection to flood a website and amplify the amount of traffic directed at an address. Unlike other existing sites that offer similar services, the Ragebooter have particularly interesting back door leading directly to the FBI. It seems that the Federal Investigation Bureau uses the site to monitor the activity of users on the network, and that added to the site IP Logger that keeps the IP addresses of all users coming to the site. Investigation shows the site operator is a guy named Justin Folland located in M

In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business's digital kingdom. And because of this, endpoints are one of hackers' favorite targets.  According to the IDC,  70% of successful breaches start at the endpoint . Unprotected endpoints provide vulnerable entry points to launch devastating cyberattacks. With IT teams needing to protect more endpoints—and more kinds of endpoints—than ever before, that perimeter has become more challenging to defend. You need to improve your endpoint security, but where do you start? That's where this guide comes in.  We've curated the top 10 must-know endpoint security tips that every IT and security professional should have in their arsenal. From identifying entry points to implementing EDR solutions, we'll dive into the insights you need to defend your endpoints with confidence.  1. Know Thy Endpoints: Identifying and Understanding Your Entry Points Understanding your network's

Distributed Denial of Service attacks have increased in scale, intensity and frequency. The wide range of motives for these attacks political , criminal, or social makes every merchant or organization with an online presence a potential target. Over the weekend Incapsula mitigated a unique DDoS attack against a large gaming website, in which they have discovered a DDoS attack using thousands of legitimate WordPress blogs without the need for them to be compromised. Incapsula released the list of approximately 2,500 WordPress sites from where the attack was originated, including some very large sites like Trendmicro.com, Gizmodo.it and Zendesk.com . In a recent report , we posted about another method for DDoS attacks using DNS amplification , where a DNS request is made to an open DNS resolver with the source IP address forged so that it is the IP address of the targeted site to which the response is thus sent, but this new method uses HTTP rather than DNS. The

The Dutch police have confirmed the arrest of a 35-year-old man suspected of taking part in a massive DDoS attack against the anti-spam group Spamhaus back in March . The attack's bandwidth peaked at over 300Gbps, making it the largest DDoS attack in history. Their target, Spamhaus, is a company which creates blacklists of spam sites and sells them to Internet Service Providers. Spamhaus was attacked with DDOS and the website overcrowded with traffic and went offline. Later CloudFlare was hired by Spamhaus to protect against such attacks. The suspect was arrested by Spanish authorities in Barcelona based on a European arrest warrant and is expected to be transferred to the Netherlands soon. The man arrested is believed to be Sven Kamphuis, the owner and manager of Dutch hosting firm Cyberbunker that has been implicated in the attack. This DDoS attack was believed to have been sparked when Spamhaus placed CyberBunker on its spam blacklist. Cyberbunker is a D

Three members of the high profile internet hacktivist group LulzSec have admitted to their parts in a series of cyber attacks against the NHS, Sony and News International. Ryan Ackroyd, Jake Davis and Mustafa Al-Bassam, pleaded guilty to one charge of carrying out an unauthorized act to impair the operation of a computer, contrary to the Criminal Law Act 1977. In July 2011 the Sun's website was hacked and users were briefly re-directed to a spoof page that falsely claiming that Rupert Murdoch had died. Davis, from Shetland, and Bassam, a student from Peckham, south London, admitted conspiring to bring down the websites of law enforcement authorities in Britain and the US, including the CIA and the Serious Organized Crime Agency (SOCA). The group, an offshoot of the Anonymous hacktivists, but Both LulzSec and Anonymous wreaked havoc throughout 2011 and 2012, knocking thousands of websites offline and pilfering data from well-known companies. The men are said to h

Accunetix a web application security company reported vulnerabilities found in the Wordpress Pingback feature. According to report, Pingback vulnerability exists in the WordPress blogging platform that could leak information and lead to distributed denial of service (DDoS) attacks. " WordPress has an XMLRPC API that can be accessed through the xmlrpc.php file. When WordPress is processing pingbacks, it's trying to resolve the source URL, and if successful, will make a request to that URL and inspect the response for a link to a certain WordPress blog post. If it finds such a link, it will post a comment on this blog post announcing that somebody mentioned this blog post in their blog. " Bogdan Calin explained . Pingback is one of three types of linkbacks, methods for Web authors to request notification when somebody links to one of their documents. This enables authors to keep track of who is linking to, or referring to their articles. Some weblog software, such as Mo

Some critical vulnerabilities have been reported in Apache Tomcat, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service) attack. These vulnerabilities affect Apache Tomcat 6.x and Apache Tomcat 7.x . Apache Tomcat vulnerabilities CVE-2012-4534 Apache Tomcat denial of service CVE-2012-3546 Apache Tomcat Bypass of security constraints CVE-2012-4431 Apache Tomcat Bypass of CSRF prevention filter According to CVE-2012-4431 , The CSRF prevention filter could be bypassed if a request was made to a protected resource without a session identifier present in the request. CVE-2012-4534, DOS includes vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system. Whereas, CVE-2012-3546 - where malicious users or people can bypass certain security mechanisms of the application. The actual impact varies signif