• DDoS Threats & Security Attacks: DDoS Reports & Cyber Security Threats

    New cyber security attacks and DDoS threats are lurking in the shadows everyday. Read the latest information and stay head of these vulnerabilities with updated DDoS reports and cyber security threat reports from Radware's Emergency Response Team (ERT).

    Drupalgeddon 2

    4/4/2018

    Last week Drupal announced a critical vulnerability affecting Drupal version 7 and 8. Drupal is an open source content management software (CMS) written in PHP with almost a million users worldwide.

    The Mikrotik RouterOS-Based Botnet

    3/27/2018

    A newly discovered botnet targets TCP port 8291 and vulnerable Mikrotik RouterOS-based devices. MikroTik, a Latvian hardware manufacturer, products are used around the world and are now a target of a new propagating botnet exploiting vulnerabilities in their RouterOS operating system, allowing attackers to remotely execute code on the device. Such devices have been making unaccounted outbound winbox connections.

    Putinstresser

    3/19/2018

    Putinstresser.eu is a recent DDoS-as-a-Service tool and is one of the newest additions to the growing array of low-priced services commonly known as ‘booter’ or ‘stresser’ services. The site illustrates the ease of access these services have reached. It provides different payment options, discovery tools, customer support and a variety of attack vectors for a wide range of customers.

    Memcache: DDoS-as-a-Service

    3/12/2018

    The record-breaking denial-of-service attacks launched against GitHub and other organizations quickly caught the attention of both the security community and the public.

    Memcached DDoS Attacks

    3/2/2018

    On February 27, 2018 several organizations began publicly disclosing a trend in UDP amplified attacks utilizing exposed Memcached servers. The Memcached protocol was never intended to be exposed to the Internet and thus did not have sufficient security controls. Because of this exposure, attackers are able to abuse Memcached UDP port 11211 for reflective, volumetric attacks.

    New WordPress DoS Vulnerability

    2/12/2018

    On February 5, 2018, an independent researcher disclosed a zero-day WordPress DoS vulnerability that allows application-level denial of service (AppDoS) attacks against websites using the WordPress platform. WordPress is an open source content management system (CMS) written in PHP and powers over 29% of the Internet’s sites and blogs.

    DarkSky Botnet

    2/8/2018

    Radware’s Threat Research has recently discovered a new botnet, dubbed DarkSky. DarkSky botnet features several evasion mechanisms, a malware downloader and a variety of network- and application-layer DDoS attack vectors. This bot is now available for sale for less than $20 over the Darknet.