Security News

31M folks' usernames, email addresses, salted-encrypted passwords now out there The Internet Archive had a bad day on the infosec front, after being DDoSed and having had its user account data...

31 million users' usernames, email addresses and salted-encrypted passwords are out there The Internet Archive had a bad day on the infosec front, after being DDoSed and exposing user data.…

Cybersecurity researchers have discovered a new botnet malware family called Gorilla (aka GorillaBot) that is a variant of the leaked Mirai botnet source code. Cybersecurity firm NSFOCUS, which...

CLoudflare just blocked the current record DDoS attack: 3.8 terabits per second. (Lots of good information on the attack, and DDoS in general, at the link.) News article.

Cloudflare has revealed that it successfully mitigated a record-breaking distributed denial-of-service (DDoS) attack that peaked at 3.8 terabits per second (Tbps) and lasted 65 seconds. This attack was part of a larger wave of over one hundred hyper-volumetric Layer 3/4 DDoS attacks throughout the month. Many of these attacks exceeded 2 billion packets per second (Bpps) and 3 Tbps, showcasing the increasing scale and intensity of such threats. The attacks, which have been ongoing since early September 2024, primarily targeted customers in the financial services, Internet, and telecommunications industries.Cloudflare has not attributed these attacks to any specific threat actor. However, the scale of the attacks underlines the growing sophistication of cybercriminals, who continue to exploit vulnerabilities in global digital infrastructure. The company emphasized that these hyper-volumetric attacks focus on overwhelming network layers responsible for packet transmission and reception (L3/4).

A recently disclosed vulnerability in the Common Unix Printing System (CUPS) open-source printing system can be exploited by threat actors to launch distributed denial-of-service (DDoS) attacks...

During a distributed denial-of-service campaign targeting organizations in the financial services, internet, and telecommunications sectors, volumetric attacks peaked at 3.8 terabits per second,...

While the Common UNIX Printing System (CUPS) vulnerabilities recently disclosed by researcher Simone “evilsocket” Margaritelli are not easily exploited for remote command execution on vulnerable...

The report also found that an average DDoS attack now lasts 45 minutes-an 18% increase from last year-costing unprotected organizations approximately $270,000 per attack at an average rate of $6,000 per minute. Increasingly, attackers are employing multi-vector DDoS attacks, which involve combining various DDoS attack methods into a brief attack and then repeating the process shortly thereafter.

Peak attack power rose from 1.6 terabits per second in H2 2023 to 1.7 Tbps. DDoS attacks hit Gaming, tech, finance sectors hard. While the power of the attacks - first measured in Tbps in the second half of last year - increased slightly from 1.6 to 1.7 Tbps, this still poses a growing threat to organizations.