Security News > 2024 > March > New ‘Loop DoS’ attack may impact up to 300,000 online systems
A new denial-of-service attack dubbed 'Loop DoS' targeting application layer protocols can pair network services into an indefinite communication loop that creates large volumes of traffic.
The attack is possible due to a vulnerability, currently tracked as CVE-2024-2169, in the implementation of the UDP protocol, which is susceptible to IP spoofing and does not provide sufficient packet verification.
In total, it is estimated that 300,000 internet hosts are vulnerable to Loop DoS attacks.
Using firewall rules and access-control lists for UDP applications, turning off unnecessary UDP services, and implementing TCP or request validation are also measures that can mitigate the risk of an attack.
New acoustic attack determines keystrokes from typing patterns.
New acoustic attack steals data from keystrokes with 95% accuracy.
News URL
Related news
- Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks (source)
- Cisco fixes VPN DoS flaw discovered in password spray attacks (source)
- New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems (source)
- Over 145,000 Industrial Control Systems Across 175 Countries Found Exposed Online (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-19 | CVE-2024-2169 | Implementations of UDP application protocol are vulnerable to network loops. | 0.0 |