Hacks

Multiple zero-day vulnerabilities in  digital video recorders  (DVRs) for surveillance systems manufactured by Taiwan-based LILIN have been exploited by botnet operators to infect and co-opt vulnerable devices into a family of denial-of-service bots. The findings come from Chinese security firm  Qihoo 360 's Netlab team, who say different attack groups have been using LILIN DVR zero-day vulnerabilities to spread  Chalubo ,  FBot , and  Moobot  botnets at least since August 30, 2019. Netlab researchers said they reached out to LILIN on January 19, 2020, although it wasn't until a month later the vendor released a  firmware update  (2.0b60_20200207) addressing the vulnerabilities. The development comes as IoT devices are increasingly being used as an  attack surface  to launch DDoS attacks and as proxies to engage in various forms of cybercrime. What Are the LILIN Zero-Days About? The flaw in itself concerns a chain of vulnerab...

An Iranian based Cloud Infrastructure provider Arvan experienced a DDoS attack that peaks up to 5,000 Requests Per Second via Telegram MTProxy. The attack started on November 6 and lasts for 3 days. The MTProxy was used by Telegram to bypass the Iranian filtering system as the Telegram banned in Iran. Several users started using MTProxy which makes difficult for the government authorities to restrict the traffic. Attack With Telegram MTProxy Arvan spotted huge traffic received using free MTProxy hit on their Edge server and the packets are not specific to any domain name and they are directly sent to the IP address. The traffic received is completely random and has no similarities and it’s completely a new attack type and the traffic doesn’t follow any protocol patterns such as HTTP, HTTPS, FTP, and so on. All the attack packets come within the Iranian IP and this huge amount of packets can disturb any server infrastructure the company says. Arvan tried multiple ways t...

On Wednesday, February 28, 2018 GitHub.com was unavailable from 17:21 to 17:26 UTC and intermittently unavailable from 17:26 to 17:30 UTC due to a distributed denial-of-service (DDoS) attack. Background Cloudflare described an amplification vector using memcached over UDP in their blog post this week,  “Memcrashed - Major amplification attacks from UDP port 11211” . The attack works by abusing memcached instances that are inadvertently accessible on the public internet with UDP support enabled. Spoofing of IP addresses allows memcached’s responses to be targeted against another address, like ones used to serve GitHub.com, and send more data toward the target than needs to be sent by the unspoofed source. The vulnerability via misconfiguration described in the post is somewhat unique amongst that class of attacks because the amplification factor is up to 51,000, meaning that for each byte sent by the attacker, up to 51KB is sent toward the target. Over the past year we ha...