Security News

Web infrastructure company Cloudflare on Monday disclosed that it thwarted a record-breaking distributed denial-of-service attack that peaked at over 71 million requests per second. "The majority of attacks peaked in the ballpark of 50-70 million requests per second with the largest exceeding 71 million," the company said, calling it a "Hyper-volumetric" DDoS attack.

Portainer smooths out the rather steep learning curve of Kubernetes, making it considerably easier for your teams to manage namespaces, networks, pods, ingresses, Helm, ConfigMaps & Secrets, Volumes and even the cluster. My go-to method of deploying Portainer is via a Microk8s cluster, which is the easiest method of getting Kubernetes support rolled into the web-based GUI; however, when deployed in this fashion, Portainer can be accessed either via HTTP or HTTPS and doesn't use SSL certificates.

In this Help Net Security video, Austin Jones, Principal Software Engineer at ThreatX, explains what HTTP request smuggling is, and discusses a recently uncovered HTTP request smuggling vulnerability in Node.js. This vulnerability allows an attacker to bypass security controls on the target server to conduct any nefarious activities.

Cybersecurity company Imperva has disclosed that it mitigated a distributed denial-of-service attack with a total of over 25.3 billion requests on June 27, 2022. The "Strong attack," which targeted an unnamed Chinese telecommunications company, is said to have lasted for four hours and peaked at 3.9 million requests per second.

A Google Cloud Armor customer was hit with a distributed denial-of-service attack over the HTTPS protocol that reached 46 million requests per second, making it the largest ever recorded of its kind. In just two minutes, the attack escalated from 100,000 RPS to a record-breaking 46 million RPS, almost 80% more than the previous record, an HTTPS DDoS of 26 million RPS that Cloudflare mitigated in June.

Google on Tuesday officially announced support for DNS-over-HTTP/3 for Android devices as part of a Google Play system update designed to keep DNS queries private. To that end, Android smartphones running Android 11 and higher are expected to use DoH3 instead of DNS-over-TLS, which was incorporated into the mobile operating system with Android 9.0.

Google has added support for the DNS-over-HTTP/3 protocol on Android 11 and later to increase the privacy of DNS queries while providing better performance. Roid previously supported DNS-over-TLS for version 9 and later to bolster DNS query privacy, but this system inevitably slowed down DNS requests due to the encryption overhead. Moreover, DoT requires a complete renegotiation of the new connection when changing networks.

The botnet behind the largest HTTPS distributed denial-of-service attack in June 2022 has been linked to a spate of attacks aimed at nearly 1,000 Cloudflare customers. Calling the powerful botnet Mantis, the web performance and security company attributed it to more than 3,000 HTTP DDoS attacks against its users.

Cloudflare said it this month staved off another record-breaking HTTPS-based distributed denial-of-service attack, this one significantly larger than the previous largest DDoS attack that occurred only two months ago. In April, the biz said it mitigated an HTTPS DDoS attack that reached a peak of 15.3 million requests-per-second.

Internet infrastructure firm Cloudflare said today that it mitigated a 26 million request per second distributed denial-of-service attack, the largest HTTPS DDoS attack detected to date. The threat actor behind it likely used hijacked servers and virtual machines seeing that the attack originated from Cloud Service Providers instead of weaker Internet of Things devices from compromised Residential Internet Service Providers.