Collaborate Disseminate
A vulnerability in the HTTP/2 network protocol is currently being exploited, resulting in the largest DDoS attack in history. Find out what security teams should do now, and hear what Cloudflare’s CEO has to say about this DDoS. Continue reading New DDoS Attack is Record Breaking: HTTP/2 Rapid Reset Zero-Day Reported by Google, AWS & Cloudflare
Various implementations of HTTP/2, the latest version of the HTTP network protocol, have been found vulnerable to multiple security vulnerabilities affecting the most popular web server software, including Apache, Microsoft’s IIS, and NGINX.
Launched … Continue reading 8 New HTTP/2 Implementation Flaws Expose Websites to DoS Attacks
A simple DDoS attack could land you in jail for 10 years or even more.
A Massachusetts man has been sentenced to over 10 years in prison for launching DDoS attacks against the computer network of two healthcare organizations in 2014 to protest the tre… Continue reading DDoSing Hospital Networks Landed This Hacktivist in Jail for Over 10 Years
If a network-connected smoke detector starts communicating with the mail server, you know you have a problem. Continue reading Stopping the Infiltration of Things
Security researchers have discovered not one or two, but a total of seven security vulnerabilities in the popular open source Dnsmasq network services software, three of which could allow remote code execution on a vulnerable system and hijack it.
Dns… Continue reading Google Finds 7 Security Flaws in Widely Used Dnsmasq Network Software
The third week of September 2016 was a dark and stormy one for KrebsOnSecurity. Wave after wave of huge denial-of-service attacks flooded this site, forcing me to pull the plug on it until I could secure protection from further assault. The site resurfaced three days later under the aegis of Google’s Project Shield, an initiative which seeks to protect journalists and news sites from being censored by these crippling digital sieges.
Damian Menscher, a Google security engineer with whom I worked very closely on the migration to Project Shield, spoke publicly for the first time this week about the unique challenges involved in protecting a small site like this one from very large, sustained and constantly morphing attacks. Continue reading How Google Took on Mirai, KrebsOnSecurity
Yes, you only need a single laptop with a decent internet connection, rather a massive botnet, to launch overwhelming denial of service (DoS) attacks in order to bring down major Internet servers and modern-day firewalls.
Researchers at TDC Security O… Continue reading Even A Single Computer Can Take Down Big Servers Using BlackNurse Attack
he malware that powered the “Botnet of Things” behind one of the largest cyberattacks ever isn’t even that great, and that’s exactly why we should be worried. Continue reading The Internet of Things Sucks So Bad Even ‘Amateurish’ Malware Is Enough
The OpenSSL Foundation has patched over a dozen vulnerabilities in its cryptographic code library, including a high severity bug that can be exploited for denial-of-service (DoS) attacks.
OpenSSL is a widely used open-source cryptographic library that… Continue reading Critical DoS Flaw found in OpenSSL — How It Works