2018 DDoS Attack Landscape-4
abril 23, 2019
3.2 DDoS Attack Type Analysis
3.2.1 Proportions of Different Attack Types
In 2018, the most frequently seen attacks were SYN flood, UDP flood, ACK flood, HTTP flood, and HTTPS flood attacks6, which altogether accounted for 96% of all DDoS attacks. In contrast, reflection attacks contributed to no more than 3% of attacks. Compared with 2017, the year 2018 witnessed an 80% decrease in the number of reflection attacks, but a 73% increase in other attacks. This is because Chinese authorities took effective measures against reflectors (see section 3.1.1 “Attack Count and Traffic”). (mais…)
Confluence SSRF and Remote Code Execution Vulnerability Handling Guide
abril 22, 2019
1 Vulnerability Overview
Recently, Atlassian officially released a security bulletin, announcing a server-side request forgery (SSRF) vulnerability and a remote code execution vulnerability (CVE-2019-3396). The two vulnerabilities respectively reside in WebDAV and Widget Connector and could be exploited by an attacker for remote code execution and server-side request forgery. (mais…)
Apache Axis Remote Code Execution Vulnerability (CVE-2019-0227) Threat Alert
abril 19, 2019
Overview
The default service StockQuoteService.jws in Axis contains a hard-coded HTTP URL, which can be used to trigger an HTTP request. An attacker can conduct a man-in-the-middle (MITM) attack by taking control of a domain (www.xmltoday.com) or performing ARP poisoning against the targeted Axis server, and then redirect the HTTP request to a malicious web server before remotely executing code on the Apache Axis server (CVE-2019-0227). (mais…)
Microsoft’s April 2019 Patches Fix 76 Vulnerabilities Threat Alert
abril 18, 2019
Overview
Microsoft released April 2019 security patches on Tuesday that fix 76 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including .NET Core, Adobe Flash Player, CSRSS, Microsoft Browsers, Microsoft Edge, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft JET Database Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Windows, Microsoft XML, Open Source Software, Servicing Stack Updates, Team Foundation Server, Windows Admin Center, Windows Kernel, and Windows SMB Server. (mais…)
2018 DDoS Attack Landscape-3
abril 17, 2019
Analysis of DDoS Attacks in 2018
3.1 DDoS Attack Count and Peak Size
3.1.1 Attack Count and Traffic
In 2018, we observed 148,000 DDoS attacks (down 28.4% from 2017), which generated a total of 643,100 TB of traffic, about the same level as in 2017. DDoS attacks keep expanding in size year by year as large and medium-scale attacks are on the rise, as shown in section 3.1 “Distribution of Peak Sizes.” (mais…)
HelpNetSecurity: The correlation between DDoS attacks and cryptomining
abril 15, 2019
HelpNetSecurity – In NSFOCUS’ 2018 DDoS Attack Landscape report, NSFOCUS analyzed the threat landscape after a landmark year of technological growth related to cloud computing, big data, artificial intelligence (AI), Internet of Things (IoT), and Industry 4.0.
OODA Loop: The correlation between DDoS attacks and cryptomining
abril 15, 2019
OODA Loop – A new NSFOCUS report indicates that the declining price of cryptocurrencies in 2018 prompted threat actors to stop using botnet resources for cryptomining attacks – as these were getting less and less profitable – and increasingly use them to launch distributed denial-of-service (DDoS) attacks instead.
Adobe Security Advisory for April Security Updates
abril 15, 2019
Overview
On April 9, local time, Adobe officially released April security updates which fix multiple vulnerabilities in such products as Adobe Flash Player, Shockwave Player, Dreamweaver, XD CC, InDesign, Experience Manager Forms, and Bridge CC. (mais…)
Apache HTTP Server Privilege Escalation Vulnerability Threat Alert
abril 12, 2019
1 Vulnerability Overview
Recently, Apache released a security advisory, announcing remediation of a privilege escalation vulnerability (CVE-2019-0211). Apache HTTP Server running MPM event, worker or, prefork could allow a less-privileged child thread or process (including scripts executed by an in-process scripting interpreter) to execute arbitrary code with privileges of the parent process (usually root) by manipulating the scoreboard. (mais…)
