Cyberattack

Cyberattack / News Briefs

TCP Stealth Aims to Keep Servers Safe from Mass Port-Scanning Tools

TCP Stealth, an IETF draft authored by Julian Kirsch, Christian Grothoff, Jacob Appelbaum, and Holger Kenn, describes an easily-deployed and stealthy port knocking variant. "TCP Stealth embeds the authorization token in the TCP ISN, and enables applications to add payload protections. As a result, TCP Stealth is hard to detect on the network as the traffic is indistinguishable from an ordinary 3-way TCP handshake, and man-in-the-middle attacks as well as replay attacks are mitigated by the payload protections. TCP Stealth works with IPv4 and IPv6."
 more»

DDoS Attacks Shutdown Several World Cup Websites

Various websites associated to the World Cup have been struck by a distributed denial of service (DDoS) attack ahead of the tournament's opening match on Thursday. The official government World Cup website has been down for more than a day, as well as the websites of some host states. more»

Popular RSS Reader Feedly Suffers Back to Back DDoS Attacks, Held for Ransom

Popular RSS reader Feedly has been hit by major distributed denial of service (DDoS) attacks beginning 2:04am PST on Wednesday causing the service to be completely down for several hours two days in a row. (Second attack still undergoing as of the time of this post.) more»

Paul Vixie on How the Openness of the Internet Is Poisoning Us

In a video interview conducted during the NSCS ONE conference, Paul Vixie CEO of Farsight Security further discusses the topic of his presentation titled: "Defective by Design -- How the Internet's Openness is Slowly Poisoning Us". more»

European Standardization Organizations Discuss Role of Standards for EU Cybersecurity Strategy

Delegation from the European Standardization Organizations (ESOs) - CEN, CENELEC and ETSI - met with Neelie Kroes, the Vice-President of the European Commission responsible for the Digital Agenda, in Brussels yesterday (2 April 2014) discussing how to maximize the positive contribution that standards can make to enhancing internet security and protecting personal data, in order to support the successful implementation of the EU Cybersecurity Strategy. more»

Widespread Compromised Routers Discovered With Altered DNS Configurations

A widespread compromise of consumer-grade small office/home office (SOHO) routers has been discovered by threat intelligence group Team Cymru. According to the report, "attackers are altering the DNS configuration on these devices in order to redirect victims DNS requests and subsequently replace the intended answers with IP addresses and domains controlled by the attackers, effectively conducting a Man-in-the-Middle attack." more»

Significant Uptick Reported in Targeted Internet Traffic Misdirection

Jim Cowie of Renesys reports: Traffic interception has certainly been a hot topic in 2013. The world has been focused on interception carried out the old fashioned way, by getting into the right buildings and listening to the right cables. But there's actually been a significant uptick this year in a completely different kind of attack. more»

Israeli Tunnel Hit by Cyberattack Causing Massive Congestion

A major artery in Israel's national road network in the northern city of Haifa suffered a cyberattack, knocking key operations out of commission two days in a row and causing hundreds of thousands of dollars in damage. One expert, speaking on condition of anonymity because the breach of security was a classified matter, said a Trojan horse attack targeted the security camera apparatus in the Carmel Tunnels toll road on Sept. 8, reports the Associated Press. more»

US Government Releases Cybersecurity Framework Proposal

A U.S. bureau on Tuesday unveiled a draft of voluntary standards that companies can adopt to boost cybersecurity -- part of an attempt to protect critical industries without setting restrictive and costly regulations. The National Institute of Standards and Technology (NIST), a nonregulatory agency that is part of the Department of Commerce, issued the so-called framework following input from some 3,000 industry and academic experts. more»

Google Launches 'Project Shield': Anti-DDoS Service to Protect Free Expression Online

Google today announced an initiative called "Project Shield", aimed at using its infrastructure to protect free expression online. "The service currently combines Google's DDoS mitigation technologies and Page Speed Service (PSS), which allow websites to serve their content through Google to be better protected from DDoS attacks." Google is currently seeking "trusted testers" and people with sites that serve media, elections and human rights-related content. more»

DDoS Awareness Day - Oct 23, Register Today for Live Virtual Event

In support of National Cyber Security Awareness Month, DDoS Awareness Day is a virtual, global event focused on raising awareness and education around the threat of DDoS attacks. Hosted by Neustar with and exclusive media partner CSO, DDoS Awareness Day brings together top experts in global security to share their views, technical tips and from-the-trenches experience. Attendees will also be given access to a wealth of DDoS materials: white papers, surveys, presentations, best practices and more. more»

UK Teams Up With Defence and Telecom Companies to Counter Cyber Attacks

Nine of the world's biggest weapon makers and telecoms providers are teaming up with Britain to bolster the country's cyber security, aiming to tackle the increasing threat of hacking and other such attacks... The so-called Defence Cyber Protection Partnership will look to implement controls and share threat intelligence to increase the security of the defence supply chain. more»

Arrest Made in Connection to Spamhaus DDoS Case

According to a press release by the Openbaar Ministerie (the Public Prosecution Office), a dutch man with the initials SK has been arrested in Spain for the DDoS attacks on Spamhaus. more»

China and the United States Agree on Forming Joint Cybersecurity Working Group

China and the United States will set up a working group on cybersecurity, U.S. Secretary of State John Kerry said on Saturday, as the two sides moved to ease months of tensions and mutual accusations of hacking and Internet theft. Speaking to reporters in Beijing during a visit to China, Kerry said the United States and China had agreed on the need to speed up action on cyber security, an area that Washington says is its top national security concern. more»

U.S. CERT Issues Alert on DNS Amplification Attacks

Neil Schwartzman writes to report that U.S. Cert issued Alert TA13-088A on Friday March 29, 2013. "It is a solid how-to guide to test for, and remediate DNS configurations that can be used for Distributed Denial of Service attacks." more»