New cyber security attacks and DDoS threats are lurking in the shadows everyday. Read the latest information and stay head of these vulnerabilities with updated DDoS reports and cyber security threat reports from Radware's Emergency Response Team (ERT).
To receive an email notification when ERT threat alerts are posted, click here.
Radware Threat Research Center is monitoring and tracking a malicious agent that is leveraging a Hadoop YARN unauthenticated remote command execution in order to infect Hadoop clusters with an unsophisticated new bot that identifies itself as DemonBot.
Over the last few weeks, Radware has been tracking a credential
stuffing campaign targeting the financial industry in the United States and
Europe. Credential stuffing is an emerging
threat in 2018 that has continued to accelerate over the past month as more
breaches occur. Today, a breach doesn’t
just impact the compromised organization and its users, but it also affects every
other website that the users may use.
The Radware Threat Research Center has identified a hijacking campaign aimed at Brazilian bank customers via their IoT devices and is attempting to gain their bank credentials.
On June 15, Radware’s deception network detected an upsurge of malicious activity scanning and infecting a variety of IoT devices to take advantage of recently discovered device exploits.
Cybercriminals and hacktivist are getting
ready to disrupt the digital experience during 2018 FIFA World Cup™*. Russian
authorities, sponsors, service providers, and even stadium networks, are
expected to be targeted throughout the months of June and July via a variety of
methods for both personal gain and cyber-vandalism.
Radware’s Emergency Response Team (ERT) has been following AnonPlus Italia, an Anonymous group that has engaged in digital protests throughout April and May. The Anonymous affiliated group has executed numerous web defacements to protest war, religion, politics and financial power while spreading a message about their social network by abusing the content management systems (CMS) of websites that have not been updated to protect against exploits.
Security researchers have observed a new evasion technique - source port obfuscation - used for conducting denial-of-service attacks. It delivers amplified payloads through nonstandard ports.