Security News

A critical security bug in the Citrix Application Delivery Controller and Citrix Gateway could allow cyberattackers to crash entire corporate networks without needing to authenticate.Citrix also addressed a lower-severity bug that is likewise due to uncontrolled resource consumption.

Q3 beat every record in terms of daily number of DDoS attacks, according to a new report from Kaspersky. The total number of DDoS attacks was up 24% compared to Q3 2020 while the number of advanced, "Smart" attacks was up 31% over the same time period.

"July started off relatively quietly, but towards the middle of the month the average daily count of DDoS attacks exceeded 1,000, with a whopping 8,825 attacks on August 18," the report said. More than 40 percent of DDoS attacks during the third quarter targeted operations in the U.S., followed by Hong Kong and China, the report found.

"More DDoS attacks were blocked during the first nine months of 2021 than all of 2020," said Pascal Geenens, director of threat intelligence for Radware. "During the third quarter, DDoS records for large volumetric attacks were broken across three continents. At the same time, phantom floods, or micro attacks that typically fly below the radar, increased. The reality is organizations need more granular detection and multi-layer defenses to protect against stealthier and more complex DDoS attacks."

The U.S. Federal Bureau of Investigation has sent out a flash alert warning private industry partners that the HelloKitty ransomware gang has added distributed denial-of-service attacks to their arsenal of extortion tactics. In a Friday notification coordinated with the Cybersecurity and Infrastructure Security Agency, the FBI said that the ransomware group would take their victims' official websites down in DDoS attacks if they didn't comply with the ransom demands.

A report analyzing data from the start of the year concludes that distributed denial-of-service attacks on Russian companies have increased 2.5 times compared to the same period last year. DDoS attacks are commonly used to extort victims with ransom demands or as a distraction for IT teams while hackers attempt to steal precious data from compromised systems.

Microsoft on Monday revealed that its Azure cloud platform mitigated a 2.4 Tbps distributed denial-of-service attack in the last week of August targeting an unnamed customer in Europe, surpassing a 2.3 Tbps attack stopped by Amazon Web Services in February 2020. "This is 140 percent higher than 2020's 1 Tbps attack and higher than any network volumetric event previously detected on Azure," Amir Dahan, senior program manager for Azure Networking, said in a post, calling it a "UDP reflection" lasting for about 10 minutes.

Microsoft claims its Azure cloud has fended off the largest DDOS attack it's detected, which clocked in at 2.4Tbit/sec. Azure's mighty DDoS-reflection powers saw off the attack, so whoever was behind it didn't deny service for the "Azure customer in Europe" that Microsoft says was the target of the attack.

The letters from the Dutch Police aim to reduce cybercrime and steer the offenders towards legal alternatives to improve their skills. On Monday, 29 Dutch nationals received letters from the police informing them that their criminal activity has been recorded and that future offenses could lead to a conviction.

Microsoft has mitigated a record 2.4 Tbps Distributed Denial-of-Service attack targeting a European Azure customer during the last week of August. "This is 140 percent higher than 2020's 1 Tbps attack and higher than any network volumetric event previously detected on Azure," said Amir Dahan, a Senior Program Manager for Azure Networking, also describing it as a User Datagram Protocol reflection attack.