Security News

Carnegie Mellon University PhD student Aqsa Kashaf and her advisors Dr. Vyas Sekar and Dr. Yuvraj Agarwal have analyzed third party service dependencies in modern web services, with a special focus on DNS, CDN, and SSL certificate revocation checking by CA. Their research was meant to determine if incidents like the 2016 Dyn DDoS attack, the 2016 GlobalSign certificate revocation error and the 2019 Amazon Route 53 DDoS attack would lead to similar results in 2020. "6% of the top-100K websites that were critically dependent in 2016, have moved to a private DNS in 2020. On the other hand, 10.7% of the websites which used a private DNS in 2016, have moved to a single third party DNS provider. Between these snapshots, redundancy has remained roughly similar. Overall, critical dependency has increased by 4.7% in 2020. More popular websites have decreased their critical dependency," they noted.

A 22-year-old North Carolina man has been sentenced to nearly eight years in prison for conducting bomb threats against thousands of schools in the U.S. and United Kingdom, running a service that launched distributed denial-of-service attacks, and for possessing sexually explicit images of minors. Timothy Dalton Vaughn from Winston-Salem, N.C. was a key member of the Apophis Squad, a gang of young ne'er-do-wells who made bomb threats to more than 2,400 schools and launched DDoS attacks against countless Web sites - including KrebsOnSecurity on multiple occasions.

Amidst all the different types of cyberthreats, distributed denial of services attacks don't typically strike as much fear as do ransomware and malware, but a concerted DDoS attack can wreak major havoc. Further, DDoS attacks have become more dangerous and challenging as they've adopted a range of innovative tactics.

Google revealed last week that its infrastructure was targeted in a record-breaking distributed denial-of-service attack back in September 2017. In terms of bits per second, Google spotted the largest attack in September 2017.

The actor targeted thousands of Google IP addresses at the same time and used several attack methods in a campaign that span across multiple months. Google did not attribute the attack to a particular actor but said that the bad UDP packets hurled at its systems came from devices using several Chinese internet service providers.

I think my husband's arrived at like, 1:30 or something in the morning, Thursday morning, so they kind of sent this out under cover of darkness, which I'm sure they want to minimize the publicity around it, but that's not going to happen because it's Barnes and Noble. Over the weekend, the Nook e-book reader - which my mom has one of those and they're kind of awesome - but the syncing feature for that went down and there was this outage that continued and it just kind of trended on a low level, nobody really knew what was going on.

In a new campaign analyzed by Radware, cybercriminals threaten organizations with Distributed Denial of Service attacks unless they acquiesce to their ransom demands. Published on Wednesday, a security alert entitled "2020 Ransom DDoS Campaign Update" describes how Radware and the FBI have been warning organizations about a global ransom DDoS campaign targeting financial companies and other businesses around the world.

Companies worldwide have continued to receive extortion emails threatening to launch a distributed denial-of-service attack on their network, unless they pay up - with British foreign-exchange company Travelex reportedly being one recent high-profile threat recipient. While the ransom DDoS campaign has been ongoing since August and has received widespread coverage, researchers with Radware said in a Wednesday post that they are continuing to see companies worldwide receive the extortion emails - and that attackers are becoming more sophisticated.

Corero Network Security announces that it has released a major update to its SmartWall Threat Defense System. Corero's SmartWall Threat Defense System already delivers line-rate performance for the fastest, always-on, real-time DDoS protection but these new enhancements propel the solution to industry leading levels of accuracy and effectiveness for automatic DDoS detection and mitigation.

Cloudflare now allows paid customers to create notifications that warn them when their sites are under a DDoS attack. Cloudflare has always offered DDoS protection as one of its core offerings, but unless a site owner or administrator were actively using their site or using monitoring tools, they would not know that their service was under attack until it was too late.