Search results for DNS attack | Breaking Cybersecurity News | The Hacker News

Cloudflare on Thursday said it mitigated thousands of hyper-volumetric HTTP distributed denial-of-service (DDoS) attacks that exploited a recently disclosed flaw called  HTTP/2 Rapid Reset , 89 of which exceeded 100 million requests per second (RPS). "The campaign contributed to an overall increase of 65% in HTTP DDoS attack traffic in Q3 compared to the previous quarter ," the web infrastructure and security company said in a report shared with The Hacker News. "Similarly,  L3/4 DDoS attacks  also increased by 14%." The total number of HTTP DDoS attack requests in the quarter surged to 8.9 trillion, up from 5.4 trillion in Q2 2023 and 4.7 trillion in Q1 2023. The number of attack requests in Q4 2022 stood at 6.5 trillion. HTTP/2 Rapid Reset (CVE-2023-44487) came to light earlier this month following an industry-wide coordinated disclosure that delved into DDoS attacks orchestrated by an unknown actor by leveraging the flaw to target various providers such as

A new malware campaign has been exploiting the updating mechanism of the eScan antivirus software to distribute backdoors and cryptocurrency miners like XMRig through a long-standing threat codenamed GuptiMiner targeting large corporate networks. Cybersecurity firm Avast said the activity is the work of a threat actor with possible connections to a North Korean hacking group dubbed  Kimsuky , which is also known as Black Banshee, Emerald Sleet, and TA427. "GuptiMiner is a highly sophisticated threat that uses an interesting infection chain along with a couple of techniques that include performing DNS requests to the attacker's DNS servers, performing sideloading, extracting payloads from innocent-looking images, signing its payloads with a custom trusted root anchor certification authority, among others," Avast  said . The intricate and elaborate infection chain, at its core, leverages a security shortcoming in the update mechanism of Indian antivirus vendor eScan to

A deeper analysis of a recently discovered malware called  Decoy Dog  has revealed that it's a significant upgrade over the  Pupy RAT , an open-source remote access trojan it's modeled on. "Decoy Dog has a full suite of powerful, previously unknown capabilities – including the ability to move victims to another controller, allowing them to maintain communication with compromised machines and remain hidden for long periods of time," Infoblox  said  in a Tuesday report. "Some victims have actively communicated with a Decoy Dog server for over a year." Other new features allow the malware to execute arbitrary Java code on the client and connect to emergency controllers using a mechanism that's similar to a traditional DNS domain generation algorithm ( DGA ), with the Decoy Dog domains engineered to respond to replayed DNS queries from breached clients. "Decoy Dog has added functionality not available in Pupy," Dr. Renée Burton, head of threat

Permissions in SaaS platforms like Salesforce, Workday, and Microsoft 365 are remarkably precise. They spell out exactly which users have access to which data sets. The terminology differs between apps, but each user's base permission is determined by their role, while additional permissions may be granted based on tasks or projects they are involved with. Layered on top of that are custom permissions required by an individual user.  For example, look at a sales rep who is involved in a tiger team investigating churn while also training two new employees. The sales rep's role would grant her one set of permissions to access prospect data, while the tiger team project would grant access to existing customer data. Meanwhile, special permissions are set up, providing the sales rep with visibility into the accounts of the two new employees. While these permissions are precise, however, they are also very complex. Application admins don't have a single screen within these applications th

Microsoft on Monday revealed that its Azure cloud platform mitigated a 2.4 Tbps distributed denial-of-service (DDoS) attack in the last week of August targeting an unnamed customer in Europe, surpassing a  2.3 Tbps attack  stopped by Amazon Web Services in February 2020. "This is 140 percent higher than  2020's 1 Tbps attack  and higher than any network volumetric event previously detected on Azure," Amir Dahan, senior program manager for Azure Networking,  said  in a post, calling it a " UDP reflection " lasting for about 10 minutes. Reflected amplification attacks are a type of denial of service attacks wherein a threat actor takes advantage of the connectionless nature of UDP protocol with spoofed requests so as to overwhelm a target server or network with a flood of packets, causing disruption or rendering the server and its surrounding infrastructure unavailable. The attack is said to have originated from a botnet of approximately 70,000 compromised d

Distributed Denial of Service attacks have increased in scale, intensity and frequency. The wide range of motives for these attacks political , criminal, or social makes every merchant or organization with an online presence a potential target. Over the weekend Incapsula mitigated a unique DDoS attack against a large gaming website, in which they have discovered a DDoS attack using thousands of legitimate WordPress blogs without the need for them to be compromised. Incapsula released the list of approximately 2,500 WordPress sites from where the attack was originated, including some very large sites like Trendmicro.com, Gizmodo.it and Zendesk.com . In a recent report , we posted about another method for DDoS attacks using DNS amplification , where a DNS request is made to an open DNS resolver with the source IP address forged so that it is the IP address of the targeted site to which the response is thus sent, but this new method uses HTTP rather than DNS. The

Several public and popular libraries abandoned but still used in Java and Android applications have been found susceptible to a new software supply chain attack method called MavenGate. "Access to projects can be hijacked through domain name purchases and since most default build configurations are vulnerable, it would be difficult or even impossible to know whether an attack was being performed," Oversecured  said  in an analysis published last week. Successful exploitation of these shortcomings could allow nefarious actors to hijack artifacts in dependencies and inject malicious code into the application, and worse, even compromise the build process through a malicious plugin. The mobile security firm added that all Maven-based technologies, including Gradle, are vulnerable to the attack, and that it sent reports to more than 200 companies, including Google, Facebook, Signal, Amazon, and others. Apache Maven is  chiefly used  for building and managing Java-based projec

Domain name registrar and website hosting provider Go Daddy is responding to a DNS attack targeting a "small number" of its hosted websites that one security firm said is enabling cyber criminals to spread ransomware.  The DNS (Domain Name System) is what transfers host-names into IP addresses, meaning computers can talk to each other and users can access them online. Godaddy said, " We suspect that the affected customers have been phished or their home machines have been affected by Cool Exploit as we have confirmed that this is not a vulnerability in the My Account or DNS management systems. " The Cool Exploit Kit targets a variety of vulnerabilities, including Java errors, and has been seen spreading via drive-by attack websites. The ransomware served depends on the country of origin. In the UK, it is malware posing as a legitimate message from the Met's Police e-Crime Unit (PCeU). It locks the computer, on the grounds that the computer was guilt

After successful in launching reflection and amplification Distributed Denial-of-Service (DDoS) attacks by abusing various protocols such as DNS, NTP and SMTP, hackers are now abusing Simple Service Discovery Protocol (SSDP) – part of the UPnP protocol standard – to target home and office devices, researchers warned. SSDP is a network protocol based on the Internet Protocol Suite that comes enabled on millions of networked devices, such as computers, printers, Internet gateways, Router / Wi-Fi access points, mobile devices, webcams, smart TVs and gaming consoles, to discover each other and automatically establish working configurations that enable data sharing, media streaming, media playback control and other services. FLAW IN UPnP USED IN AMPLIFICATION DDoS ATTACK Prolexic Security Engineering & Response Team (PLXsert) at Akamai Technologies have issued a warning that the devices use in residential or small office environments are being co-opted into reflection

Just Imaging — What if, you enter into your home from a chilling weather outside, and the heating system fails to work because of a cyber attack, leaving you in the sense of panic? The same happened late last month when an attack knocks heating system offline in Finland. Last week, a Distributed Denial of Service (DDoS) attack led to the disruption of the heating systems for at least two housing blocks in the city of Lappeenranta, literally leaving their residents in subzero weather. Both the apartments are managed by a company called Valtia, a facilities services company headquartered in Lappeenranta. Valtia CEO Simo Rounela confirmed to English language news outlet Metropolitan.fi that the central heating system and hot water system in both buildings had become a target of DDoS attacks. In an attempt to fight back the cyber attacks, which lived for a short time, the automated systems rebooted — and unfortunately got stuck in an endless loop, which restarted repeatedly a

UPDATE: The site is back and working. Blockchain team released a statement via Twitter, which has been added at the end of this article. If you are fascinated with the idea of digital currency, then you might have heard about BlockChain.Info. It's Down! Yes, Blockchain.info, the world's most popular Bitcoin wallet and Block Explorer service, has been down from last few hours, and it's believed that a possible cyber attack has disrupted the site. The site is down at the time of writing, and the web server reports a bad gateway error, with a message on the website that reads: "Looks like our site is down. We're working on it and should be back up soon." With more than 8 million Digital Wallet customers, BlockChain is users' favorite destination to see recent transactions, stats on mined blocks and bitcoin economy charts. A few hours ago, BlockChain team tweeted about the sudden breakdown of the site, saying: "We're researching a DNS

A Security researcher has discovered a unique attack method that can be used to steal credentials from a locked computer ( but, logged-in ) and works on both Windows as well as Mac OS X systems. In his blog post published today, security expert Rob Fuller demonstrated and explained how to exploit a USB SoC-based device to turn it into a credential-sniffer that works even on a locked computer or laptop. Fuller modified the firmware code of USB dongle in such a way that when it is plugged into an Ethernet adapter, the plug-and-play USB device installs and acts itself as the network gateway, DNS server, and Web Proxy Auto-discovery Protocol (WPAD) server for the victim's machine. The attack is possible because most PCs automatically install Plug-and-Play USB devices, meaning "even if a system is locked out, the device [dongle] still gets installed," Fuller explains in his blog post . "Now, I believe there are restrictions on what types of devices are allowed to

Distributed denial-of-service (DDoS) attacks leveraging a new amplification technique called TCP Middlebox Reflection have been detected for the first time in the wild, six months after the novel attack mechanism was presented in theory. "The attack […] abuses vulnerable firewalls and content filtering systems to reflect and amplify TCP traffic to a victim machine, creating a powerful DDoS attack," Akamai researchers  said  in a report published Tuesday. "This type of attack dangerously lowers the bar for DDoS attacks, as the attacker needs as little as 1/75th (in some cases) the amount of bandwidth from a volumetric standpoint," the researchers added. A distributed reflective denial-of-service ( DRDoS ) is a form of distributed denial-of-service (DDoS) attack that relies on publicly accessible UDP servers and bandwidth amplification factors (BAFs) to overwhelm a victim's system with a high volume of UDP responses. In these attacks, the adversary sends a

Cybercriminals have figured out a way to abuse widely-used Memcached servers to launch over 51,000 times powerful DDoS attacks than their original strength, which could result in knocking down of major websites and Internet infrastructure. In recent days, security researchers at Cloudflare , Arbor Networks , and Chinese security firm Qihoo 360 noticed that hackers are now abusing "Memcached" to amplify their DDoS attacks by an unprecedented factor of 51,200. Memcached is a popular open-source and easily deployable distributed caching system that allows objects to be stored in memory and has been designed to work with a large number of open connections. Memcached server runs over TCP or UDP port 11211. The Memcached application has been designed to speed up dynamic web applications by reducing stress on the database that helps administrators to increase performance and scale web applications. It's widely used by thousands of websites, including Facebook, Flickr,

A flaw discovered in several widely used BitTorrent applications, including uTorrent, Vuze and Mainline , could be used to carry out a devastating distributed denial of service (DDoS) attack that makes it very easy for a single undetectable hacker to bring down large sites. A new research by Florian Adamsky of the City University London shows that open BitTorrent protocol can be exploited to carry out Distributed Reflective Denial of Service (DRDoS) attacks . The bitTorrent protocol is a file-sharing protocol used by Millions of active online users at any given point in the day to exchange files over the Internet. DRDoS attack is a more sophisticated form of conventional DDoS attack where open and misconfigured DNS (Domain Name System) can be used by anyone to launch high-bandwidth DDoS attacks on target websites. In a paper , titled " P2P File-Sharing in Hell: Exploiting BitTorrent Vulnerabilities to Launch Distributed Reflective DoS Attacks ," the resea

Cybercriminals are becoming more adept, innovative, and stealthy with each passing day. They are now adopting more clandestine techniques that come with limitless attack vectors and are harder to detect. A new strain of malware has now been discovered that relies on a unique technique to steal payment card information from point-of-sale (PoS) systems. Since the new POS malware relies upon User Datagram Protocol (UDP) DNS traffic for the exfiltration of credit card information, security researchers at Forcepoint Labs, who have uncovered the malware, dubbed it UDPoS . Yes, UDPoS uses Domain Name System (DNS) queries to exfiltrate stolen data, instead of HTTP that has been used by most POS malware in the past. This malware is also thought to be first of its kind. Besides using 'unusual' DNS requests to exfiltrate data, the UDPoS malware disguises itself as an update from LogMeIn —a legitimate remote desktop control service used to manage computers and other systems remo

Researchers have discovered a new security vulnerability stemming from a design flaw in the IEEE 802.11 Wi-Fi standard that tricks victims into connecting to a less secure wireless network and eavesdrop on their network traffic. The  SSID Confusion attack , tracked as CVE-2023-52424, impacts all operating systems and Wi-Fi clients, including home and mesh networks that are based on WEP, WPA3, 802.11X/EAP, and AMPE protocols. The method "involves downgrading victims to a less secure network by spoofing a trusted network name (SSID) so they can intercept their traffic or carry out further attacks," TopVPN  said , which collaborated with KU Leuven professor and researcher Mathy Vanhoef. "A successful SSID Confusion attack also causes any VPN with the functionality to auto-disable on trusted networks to turn itself off, leaving the victim's traffic exposed." The issue underpinning the attack is the fact that the Wi-Fi standard does not require the network name

In what's one of the most innovative hacking campaigns, cybercrime gangs are now hiding malicious code implants in the metadata of image files to covertly steal payment card information entered by visitors on the hacked websites. "We found skimming code hidden within the metadata of an image file (a form of steganography) and surreptitiously loaded by compromised online stores," Malwarebytes researchers said last week. "This scheme would not be complete without yet another interesting variation to exfiltrate stolen credit card data. Once again, criminals used the disguise of an image file to collect their loot." The evolving tactic of the operation, widely known as web skimming or a Magecart attack, comes as bad actors are finding different ways to inject JavaScript scripts, including misconfigured AWS S3 data storage buckets and exploiting content security policy to transmit data to a Google Analytics account under their control. Using Steganography

Security researchers have uncovered nine vulnerabilities affecting four TCP/IP stacks impacting more than 100 million consumer and enterprise devices that could be exploited by an attacker to take control of a vulnerable system. Dubbed " NAME:WRECK " by Forescout and JSOF, the flaws are the latest in series of studies undertaken as part of an initiative called Project Memoria to study the security of widely-used TCP/IP stacks that are incorporated by various vendors in their firmware to offer internet and network connectivity features. "These vulnerabilities relate to Domain Name System (DNS) implementations, causing either Denial of Service (DoS) or Remote Code Execution (RCE), allowing attackers to take target devices offline or to take control over them," the researchers said. The name comes from the fact that parsing of domain names can break (i.e., "wreck") DNS implementations in TCP/IP stacks, adding to a recent uptick in vulnerabilities such as