#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

dos | Breaking Cybersecurity News | The Hacker News

Category — dos
Hackers Flood NPM with Bogus Packages Causing a DoS Attack

Hackers Flood NPM with Bogus Packages Causing a DoS Attack

Apr 10, 2023 Software Security / JavaScript
Threat actors flooded the npm open source package repository for Node.js with bogus packages that briefly even resulted in a denial-of-service (DoS) attack. "The threat actors create malicious websites and publish empty packages with links to those malicious websites, taking advantage of open-source ecosystems' good reputation on search engines," Checkmarx's Jossef Harush Kadouri  said  in a report published last week. "The attacks caused a denial-of-service (DoS) that made NPM unstable with sporadic 'Service Unavailable' errors." While  similar campaigns  were recently observed propagating phishing links, the latest wave pushed the number of package versions to 1.42 million, a dramatic uptick from the approximate 800,000 packages released on npm. The attack technique leverages the fact that open source repositories are ranked higher on search engine results to create rogue websites and upload empty npm modules with links to those sites in the
Cisco Warns of High-Severity Unpatched Flaw Affecting IP Phones Firmware

Cisco Warns of High-Severity Unpatched Flaw Affecting IP Phones Firmware

Dec 10, 2022 Enterprise Security / IP Phones
Cisco has released a new security advisory warning of a high-severity flaw affecting IP Phone 7800 and 8800 Series firmware that could be potentially exploited by an unauthenticated attacker to cause remote code execution or a denial-of-service (DoS) condition. The networking equipment major said it's working on a patch to address the vulnerability, which is tracked as  CVE-2022-20968  (CVSS score: 8.1) and stems from a case of insufficient input validation of received Cisco Discovery Protocol (CDP) packets. CDP is a  proprietary   network-independent protocol  that is used for collecting information related to nearby, directly connected devices such as hardware, software, and device name, among others. It's enabled by default. "An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol traffic to an affected device," the company  said  in an alert published on December 8, 2022. "A successful exploit could allow the attacker to
Leveraging Wazuh for Zero Trust security

Leveraging Wazuh for Zero Trust security

Nov 05, 2024Network Security / Zero Trust
Zero Trust security changes how organizations handle security by doing away with implicit trust while continuously analyzing and validating access requests. Contrary to perimeter-based security, users within an environment are not automatically trusted upon gaining access. Zero Trust security encourages continuous monitoring of every device and user, which ensures sustained protection after successful user authentication. Why companies adopt Zero Trust security Companies adopt Zero Trust security to protect against complex and increasingly sophisticated cyber threats. This addresses the limitations of traditional, perimeter-based security models, which include no east-west traffic security, the implicit trust of insiders, and lack of adequate visibility.  Traditional vs. Zero Trust security Zero Trust security upgrades an organization's security posture by offering: Improved security posture : Organizations can improve their security posture by continuously gathering data on
Network Enabled Samsung TVs vulnerable to Denial of Service Attack

Network Enabled Samsung TVs vulnerable to Denial of Service Attack

Jul 23, 2013
A vulnerability in the latest firmware of the network-enabled Samsung TV models allows potential attackers to crash the vulnerable devices using Denial of Service ( DoS ) Attack, according to security researcher Malik Mesellem . According to Malik, The web server (DMCRUIS/0.1) installed on Smart TVs on port TCP/5600 can be crashed to reboot the device, if attacker will send a long HTTP GET request on TV's ip address. Malik successfully tested the exploit on his Samsung PS50C7700 plasma TV, as shown in the video demonstration below: In the Demo, The TV is connected by ethernet cable to a home network, and after running the exploit against TV's ip address - A few seconds later, the TV would restart and repeat the process. This means that a potential attacker only needs to obtain access to the LAN that the TV has joined, in order to attack it. This can be done either by breaking into a wireless access point or by infecting a computer on the same network with
cyber security

AWS EKS Security Best Practices [Cheat Sheet]

websiteWiz.ioCloud Security / Kubernetes
Unlock this one-stop resource for mastering EKS security best practices and safeguarding your cloud-native applications.
Smartphone wireless chipset vulnerable to DoS attack

Smartphone wireless chipset vulnerable to DoS attack

Oct 25, 2012
Security researcher Andres Blanco from CoreSecurity discovered a serious vulnerability in two Wireless Broadcom chipsets used in Smartphones. Broadcom Corporation, a global innovation leader in semiconductor solutions for wired and wireless communications. Broadcom BCM4325 and BCM4329 wireless chipsets have been reported to contain an out-of-bounds read error condition that may be exploited to produce a denial-of-service condition. Other Broadcom chips are not affected. The CVE ID given to issue is  CVE-2012-2619 . In advisory they reported that this error can be leveraged to denial of service attack, and possibly information disclosure. An attacker can send a RSN (802.11i) information element, which causes the Wi-Fi NIC to stop responding. Products containing BCM4325 chipsets: Apple iPhone 3GS Apple iPod 2G HTC Touch Pro 2 HTC Droid Incredible Samsung Spica Acer Liquid Motorola Devour Ford Edge (yes, it's a car) Products containing BCM4329 chipsets: Apple iPhone 4 Ap
Cybersecurity
Expert Insights / Articles Videos
Cybersecurity Resources