Security News

WordPress sites are being hacked to display fake Cloudflare DDoS protection pages to distribute malware that installs the NetSupport RAT and the RaccoonStealer password-stealing Trojan.DDoS protection screens are commonplace on the internet, protecting sites from bots that ping them with bogus requests, aiming to overwhelm them with garbage traffic.

Google's cloud division on Thursday disclosed it mitigated a series of HTTPS distributed denial-of-service attacks which peaked at 46 million requests per second, making it the largest such recorded to date. The attack, which occurred on June 1, targeting an unnamed Google Cloud Armor customer, is 76% larger than the 26 million RPS DDoS attack repealed by Cloudflare earlier this June.

Imperva releases data showing that 25% of all gambling sites were hit with DDoS attacks executed by botnets in June. As the Wimbledon tennis tournament began at the end of June, DDoS attacks increased and impacted 10% of gambling sites.

To put things in perspective, this is about 76 percent larger than the previous record DDoS attack that Cloudflare thwarted earlier that same month. Not only is this the third such record-breaking DDoS flood in the past few months - this includes two earlier HTTPS-based attacks blocked by Cloudflare in April and June - but it comes as Google and other security researchers warn that network-flooding events are getting worse, growing in size and frequency.

A Google Cloud Armor customer was hit with a distributed denial-of-service attack over the HTTPS protocol that reached 46 million requests per second, making it the largest ever recorded of its kind. In just two minutes, the attack escalated from 100,000 RPS to a record-breaking 46 million RPS, almost 80% more than the previous record, an HTTPS DDoS of 26 million RPS that Cloudflare mitigated in June.

A dozen malicious Python packages were uploaded to the PyPi repository this weekend in a typosquatting attack that performs DDoS attacks on a Counter-Strike 1.6 server. Python Package Index is a repository of open-source software packages that developers can easily incorporate into their Python projects to build complex apps with minimal effort.

A high-severity Palo Alto Networks denial-of-service vulnerability has been exploited by miscreants looking to launch DDoS attacks, and several of the affected products won't have a patch until next week.The vulnerability, tracked as CVE-2022-0028, received an 8.6 out of 10 CVSS score, and it affects PAN OS, the operating system in Palo Alto Networks' network security products.

Palo Alto Networks has issued a security advisory warning of an actively exploited high-severity vulnerability impacting PAN-OS, the operating system used by the company's networking hardware products. The issue, tracked as CVE-2022-0028, is an URL filtering policy misconfiguration that could allow an unauthenticated, remote attacker to carry out amplified TCP denial-of-service attacks.

Taiwan's Ministry of National Defense confirmed it was hit by a DDoS attack on Wednesday in what has been an eventful week for the island nation, US-Sino relations, and semiconductors. The DDoS attack on the Ministry of Defense followed a separate one on Taiwan's presidential website on Tuesday.

Akamai Technologies squelched the largest-ever distributed denial-of-service attack in Europe earlier this month against a company that was being consistently hammered over a 30-day period. The user datagram protocol was the most popular vector used in the attack and was seen in the record spikes.