#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

dos attack | Breaking Cybersecurity News | The Hacker News

Category — dos attack
OpenSSL Releases Patch For "High" Severity Vulnerability

OpenSSL Releases Patch For "High" Severity Vulnerability

Nov 10, 2016
As announced on Tuesday, the OpenSSL project team released OpenSSL version 1.1.0c that addresses three security vulnerabilities in its software. The most serious of all is a heap-based buffer overflow bug (CVE-2016-7054) related to Transport Layer Security (TLS) connections using *-CHACHA20-POLY1305 cipher suites. The vulnerability, reported by Robert Święcki of the Google Security Team on September 25, can lead to DoS attack by corrupting larger payloads, resulting in a crash of OpenSSL. The severity of the flaw is rated "High" and does not affect OpenSSL versions prior to 1.1.0. However, the OpenSSL team reports there is no evidence that the flaw is exploitable beyond a DoS attack. The OpenSSL project also patches a moderate severity flaw (CVE-2016-7053) that can cause applications to crash. "Applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0
Critical DoS Flaw found in OpenSSL — How It Works

Critical DoS Flaw found in OpenSSL — How It Works

Sep 23, 2016
The OpenSSL Foundation has patched over a dozen vulnerabilities in its cryptographic code library, including a high severity bug that can be exploited for denial-of-service (DoS) attacks. OpenSSL is a widely used open-source cryptographic library that provides encrypted Internet connections using Secure Sockets Layer (SSL) or Transport Layer Security (TLS) for the majority of websites, as well as other secure services. The vulnerabilities exist in OpenSSL versions 1.0.1, 1.0.2 and 1.1.0 and patched in OpenSSL versions 1.1.0a, 1.0.2i and 1.0.1u. The Critical-rated bug ( CVE-2016-6304 ) can be exploited by sending a large OCSP Status Request extension on the targeted server during connection negotiations, which causes memory exhaustion to launch DoS attacks, the OpenSSL Project said . What is OCSP Protocol? OCSP (Online Certificate Status Protocol), supported by all modern web browsers, is a protocol designed to perform verification and obtain the revocation status of a digital
How to Get Going with CTEM When You Don't Know Where to Start

How to Get Going with CTEM When You Don't Know Where to Start

Oct 04, 2024Vulnerability Management / Security Posture
Continuous Threat Exposure Management (CTEM) is a strategic framework that helps organizations continuously assess and manage cyber risk. It breaks down the complex task of managing security threats into five distinct stages: Scoping, Discovery, Prioritization, Validation, and Mobilization. Each of these stages plays a crucial role in identifying, addressing, and mitigating vulnerabilities - before they can be exploited by attackers.  On paper, CTEM sounds great . But where the rubber meets the road – especially for CTEM neophytes - implementing CTEM can seem overwhelming. The process of putting CTEM principles into practice can look prohibitively complex at first. However, with the right tools and a clear understanding of each stage, CTEM can be an effective method for strengthening your organization's security posture.  That's why I've put together a step-by-step guide on which tools to use for which stage. Want to learn more? Read on… Stage 1: Scoping  When you're defin
No Password Required! 135 Million Modems Open to Remote Factory Reset

No Password Required! 135 Million Modems Open to Remote Factory Reset

Apr 09, 2016
More than 135 Million modems around the world are vulnerable to a flaw that can be exploited remotely to knock them offline by cutting off the Internet access. The simple and easily exploitable vulnerability has been uncovered in one of the most popular and widely-used cable modem, the Arris SURFboard SB6141 , used in Millions of US households. Security researcher David Longenecker discovered a loophole that made these modems vulnerable to unauthenticated reboot attacks. He also released his "exploit" after Arris (formerly Motorola) stopped responding to him despite a responsible disclosure. The Bug is quite silly: No Username and Password Protection. Arris does not provide any password authentication set up on the modem's user interface, thus allowing any local attacker to access the administration web interface at 192.168.100.1 without the need to enter a username and password. This issue allows a local attacker to ' Restart Cable Modem '
cyber security

The State of SaaS Security 2024 Report

websiteAppOmniSaaS Security / Data Security
Learn the latest SaaS security trends and discover how to boost your cyber resilience. Get your free…
Aw, Snap! This 16-Character String Can Crash Your Google Chrome

Aw, Snap! This 16-Character String Can Crash Your Google Chrome

Sep 21, 2015
Remember when it took only 13 characters to crash Chrome browser instantly? This time, it takes 16-character simple URL string of text to crash Google Chrome instantly. Yes, you can crash the latest version of Chrome browser with just a simple tiny URL. To do this, all you need to do is follow one of these tricks: Type a 16-character link and hit enter Click on a 16-character link Just put your cursor on a 16-character link Yes, that's right. You don't even have to open or click the malformed link to cause the crash, putting the cursor on the link is enough to crash your Chrome. All the tricks mentioned above will either kill that particular Chrome tab or kill the whole Chrome browser. The issue was discovered by security researcher Andris Atteka , who explained in his blog post that just by adding a NULL char in the URL string could crash Chrome instantly. Atteka was able to crash the browser with a 26 character long string, which is given b
Android Wi-Fi Direct Vulnerability Lets Hackers to Kick your Devices OFF

Android Wi-Fi Direct Vulnerability Lets Hackers to Kick your Devices OFF

Jan 27, 2015
Security researchers from Core Security has reportedly found a Denial of Service ( DoS ) attack vulnerability in Android WiFi-Direct. Android's WiFi-Direct is a wireless technology that allows two devices to establish a direct, peer-to-peer Wi-Fi connection without requiring a wireless router. Smartphones have been able to support Wi-Fi Direct for a while now. According to the advisory , the remotely exploitable denial-of-service vulnerability is affecting a wide number of Android mobile devices when it scans for WiFi Direct devices. If exploited, the vulnerability would let an attacker force a reboot of a device. " An attacker could send a specially crafted 802.11 Probe Response frame causing the Dalvik subsystem to reboot because of an Unhandle Exception on WiFiMonitor class ," advisory states. The Android WiFi-Direct vulnerability (CVE-2014-0997) affects: Nexus 5 - Android 4.4.4 Nexus 4 - Android 4.4.4 LG D806 - Android 4.2.2 Samsung SM-T310 - Android
Remote Attack Could Format Your Pebble Smartwatch Easily

Remote Attack Could Format Your Pebble Smartwatch Easily

Aug 22, 2014
Pebble, a wristwatch that can connect to your phone - both iOS and Android - and interact with apps, has a hard-coded vulnerability that allows a remote attacker to destroy your Smartwatch completely. Pebble Smartwatch , developed and released by Pebble Technology Corporation in 2013, is considered as one of the most popular SmartWatches that had become the most funded project in the history of Kickstarter. Just two hours after its crowd-funding campaign launched, Pebble had already surpassed its $100,000 goal and at last had reached over $10.25 million pledged by nearly 70,000 Kickstarter backers. A security enthusiast Hemanth Joseph  claimed to have found that his Pebble SmartWatch with the latest v2.4.1 Firmware can be remotely exploited by anyone with no technical knowledge in order to delete all data stored in the device, apps, notes, and other information stored in it. HOW PEBBLE SMARTWATCH WORKS Before proceeding towards how he did this, let me explain how Peb
Linux Kernel Vulnerable to Privilege Escalation and DoS Attack

Linux Kernel Vulnerable to Privilege Escalation and DoS Attack

Jun 07, 2014
Multiple flaws have been identified in Linux Kernel and related software could allow hackers to hack your Linux machines, shared hosting and websites hosted on them. PRIVILEGE ESCALATION VULNERABILITY IN LINUX KERNEL A privilege escalation vulnerability has been identified in the widely used Linux kernel that could allow an attackers to take the control of users' system. On Thursday, the most popular distributor of open source Linux OS, Debian warned about this vulnerability (CVE-2014-3153) in a security update, along with some other vulnerabilities in the Linux kernel that may lead to a denial of service attack. The most critical one is the flaw (CVE-2014-3153) discovered by Pinkie Pie which resides in the futex subsystem call of Linux Kernel 2.6.32.62/3.2.59/3.4.91/3.10.41/3.12.21/3.14.5 versions , leaving a queued kernel waiter on the stack, which can be exploited to potentially execute arbitrary code with kernel mode privileges. " Pinkie Pie discovered an
Google Nexus phone vulnerable to SMS-based DOS attack

Google Nexus phone vulnerable to SMS-based DOS attack

Nov 30, 2013
Google's Nexus Smartphones are vulnerable to SMS-based DOS attack , where an attacker can force it to restart, freeze, or lose network connection by sending a large number of special SMS messages to them. The vulnerability, discovered by Bogdan Alecu , a system administrator at Dutch IT services company Levi9, and affects all Android 4.x firmware versions on Google Galaxy Nexus, Nexus 4 and Nexus 5. The problem is with how the phones handle a special type of text message, known as a flash SMS. By sending around 30 Flash SMS ( Flash SMS is a type of message that normally is not stored by the system and does not trigger any audio alerts ) messages to Nexus phone an attacker can cause the phone to malfunction. He presented the vulnerability on Friday at the DefCamp security conference in Bucharest, Romania. In an email exchange with me, he said ' I was testing different message types and for the class 0 messages I noticed that the popup being displayed also adds an extra layer wh
Expert Insights / Articles Videos
Cybersecurity Resources