Security News
A new DDoS technique named 'HTTP/2 Rapid Reset' has been actively exploited as a zero-day since August, breaking all previous records in magnitude.Since late August, Cloudflare has detected and mitigated over a thousand 'HTTP/2 Rapid Reset' DDoS attacks that surpassed 10 million rps, with 184 breaking the previous 71 million rps record.
Cloudflare, Google, and Amazon AWS revealed that a zero-day vulnerability in the HTTP/2 protocol has been used to mount massive, high-volume DDoS attacks, which they dubbed HTTP/2 Rapid Reset. Based on Cloudflare's data, several attacks leveraging Rapid Reset were nearly three times larger than the largest DDoS attack in Internet history.
Firewall and distributed denial-of-service (DDoS) attack prevention mechanisms in Cloudflare can be circumvented by exploiting gaps in cross-tenant security controls, defeating the very purpose of...
Cybercriminals launched approximately 7.9 million DDoS attacks in 1H 2023, representing a 31% year-over-year increase, according to NETSCOUT. Global events like the Russia-Ukraine war and NATO bids have driven recent DDoS attack growth. In 2023, Sweden experienced a similar onslaught around its NATO bid, culminating with a 500 Gbps DDoS attack in May. Overall, ideologically motivated DDoS attacks have targeted the United States, Ukraine, Finland, Sweden, Russia, and multiple other countries.
Cloudflare's Firewall and DDoS prevention can be bypassed through a specific attack process that leverages logic flaws in cross-tenant security controls. Specifically, the analyst identified two vulnerabilities in the system impacting Cloudflare's "Authenticated Origin Pulls" and "Allowlist Cloudflare IP Addresses."
The distributed nature of IoT devices renders them ideal platforms for these attacks, making it difficult to identify and block malicious traffic and thereby compounding the challenges of DDoS mitigation. Let's discuss how IoT DDoS attacks happen and how new IoT devices join the ranks of bots.
Akamai says it thwarted a major distributed denial-of-service attack aimed at a US bank that peaked at 55.1 million packets per second earlier this month. The network traffic flood hit on September 5 against the unnamed finance giant Akamai describes as "One of the biggest and most influential US financial institutions."
A new Mirai malware botnet variant has been spotted infecting inexpensive Android TV set-top boxes used by millions for media streaming. The primary targets of this campaign are low-cost Android TV boxes like Tanix TX6 TV Box, MX10 Pro 6K, and H96 MAX X3, which feature quad-core processors capable of launching powerful DDoS attacks even in small swarm sizes.
The German Federal Financial Supervisory Authority announced today that an ongoing distributed denial-of-service attack has been impacting its website since Friday. BaFin is Germany's financial regulatory authority, part of the Federal Ministry of Finance, responsible for supervising 2,700 banks, 800 financial, and 700 insurance service providers.
No miners were involved in this story Tor, which stands for The Onion Router, weathered a massive distributed denial-of-service (DDoS) storm from June last year through to May.…