company logo

Product

Our Product

We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.

Bulk IP/Domain Lookup

Threatspy

Solutions

By Industry

BFSI

Healthcare

Education

IT & Telecom

Government

By Role

CISO/CTO

DevOps Engineer

Resources

Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

Subscribe to Our Weekly Threat Digest

Company

Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.

loading..
loading..
loading..
Loading...

DDoS

Packet Rate Attacks

loading..
loading..
loading..

840 Million PPS DDoS on OVHcloud Exposes MikroTik Router Flaws

Explore the alarming rise of packet rate DDoS attacks targeting network core devices like MikroTik routers. Learn how a record-breaking 840 million PPS attack o...

06-Jul-2024
5 min read

Related Articles

loading..

Password

VoiceOver

Update now! Apple releases critical iOS and iPadOS patches to fix a VoiceOver vu...

Apple has released critical updates for iOS and iPadOS to address two significant security issues, one of which could have allowed a user's passwords to be read aloud by the VoiceOver assistive technology. ### Overview The first vulnerability, tracked as CVE-2024-44204, is a logic flaw in the new Passwords app that impacts a wide range of iPhones and iPads. Security researcher Bistrit Daha discovered and reported this flaw to Apple. >>> _"A user's saved passwords may be read aloud by VoiceOver,"_ Apple stated in an advisory released this week. The issue was resolved with improved validation. ### Affected Devices The vulnerability impacts the following devices: **iPhones:** - iPhone XS and later **iPads:** - iPad Pro 13-inch - iPad Pro 12.9-inch (3rd generation and later) - iPad Pro 11-inch (1st generation and later) - iPad Air (3rd generation and later) - iPad (7th generation and later) - iPad mini (5th generation and later) **CVE-2024-44207:** Audio Capture Before Microphone Indicator Activation Apple also patched a security vulnerability identified as CVE-2024-44207, specific to the newly launched iPhone 16 models. This flaw resides in the Media Session component. ### Description The vulnerability allows audio to be captured before the microphone indicator is activated, potentially leading to unauthorized audio recording. > _"Audio messages in Messages may be able to capture a few seconds of audio before the microphone indicator is activated,"_ Apple [noted](https://support.apple.com/en-us/121373). ### Resolution The issue has been fixed with improved checks. Apple credited Michael Jimenez and an anonymous researcher for reporting it. Recommended Actions Users are advised to update their devices to safeguard against these vulnerabilities. #### How to Update **For iPhones:** - Update to iOS 18.0.1 **For iPads:** - Update to iPadOS 18.0.1 #### Steps to Update: - 1. Open Settings: Tap on the Settings app. - 2. Navigate to Software Update: Go to General > Software Update. - 3. Download and Install: If an update is available, tap Download and Install. ### Importance of the Update These vulnerabilities could potentially allow unauthorized access to sensitive information and compromise user privacy. Updating your device ensures that these security flaws are patched. Apple's prompt response to these vulnerabilities highlights the importance of keeping your devices updated. Users are encouraged to install the latest updates immediately to maintain security and privacy.

loading..   05-Oct-2024
loading..   2 min read
loading..

DDoS

CUPS

Critical CUPS vulnerability allows 600x DDoS attack amplification via a single p...

The Common Unix Printing System (CUPS) is a widely used open-source printing system that manages print jobs and queues on Unix-like operating systems. While essential for network printing, CUPS can introduce security vulnerabilities if not properly managed. Recent disclosures have highlighted vulnerabilities within CUPS that threat actors could exploit to launch distributed denial-of-service (DDoS) amplification attacks. This comprehensive analysis delves into the intricacies of these vulnerabilities, their exploitation mechanisms, and mitigation strategies to safeguard affected systems. --- ### Understanding CUPS CUPS provides a modular printing system that enables a computer to act as a print server. It uses the Internet Printing Protocol (IPP) and supports various printing services, making it integral to many network environments. However, its widespread adoption also makes it a target for cyber threats. --- ### Overview of the Vulnerabilities Vulnerability in cups-browsed Daemon The cups-browsed daemon is responsible for browsing remote printers and adding them to the local print system. A vulnerability within this daemon allows attackers to send specially crafted packets that trick the CUPS server into treating a target device as a printer to be added. ### Exploitation via Malicious UDP Packets Attackers can exploit this vulnerability by sending a single malicious UDP packet to an exposed CUPS service. This packet initiates a series of unintended actions by the CUPS server, leading to DDoS amplification. --- ### Mechanism of DDoS Amplification #### Amplification Factor Each malicious packet sent to a vulnerable CUPS server causes it to generate larger IPP/HTTP requests to the target device. This results in a significant amplification of traffic—up to 600 times the size of the initial packet. #### Impact on Servers and Networks **Bandwidth Consumption:** The amplified traffic consumes considerable bandwidth, potentially overwhelming the target's network capacity. **Resource Exhaustion:** Both the CUPS server and the target device experience increased CPU and memory usage. **Infinite Request Loops:** In some cases, CUPS servers enter an infinite loop, continuously sending requests and exacerbating the attack's impact. --- ### Scope of the Vulnerability #### Exposed and Vulnerable Servers Security researchers estimate that a significant number of CUPS servers are exposed online, with thousands running outdated versions dating back to 2007. These outdated systems lack critical security patches, making them susceptible to exploitation. #### Potential for Botnet Recruitment Cybercriminals can exploit these vulnerabilities to build botnets for more extensive DDoS attacks or achieve remote code execution (RCE) by chaining multiple vulnerabilities. --- ### Technical Analysis of the Exploit - **1. Initial Probe:** The attacker sends a crafted UDP packet to the vulnerable CUPS server. - **2. Triggering Printer Addition:** The server misinterprets the packet, attempting to add the target as a new printer. - **3. Amplified Request Generation:** The server sends larger IPP/HTTP requests to the target device. - **4. Resource Drain:** Repeated requests lead to bandwidth and CPU resource exhaustion on both the server and the target. - **5. Infinite Loop Scenarios:** Certain errors can cause the server to repeatedly attempt connections, creating an endless loop of traffic. --- ### Mitigation Strategies #### Apply Security Patches ***Update CUPS***: Ensure that the CUPS software is updated to the latest version, incorporating all security patches that address known vulnerabilities. #### Disable Unnecessary Services ***Stop cups-browsed Daemon***: If not required, disable the cups-browsed service to eliminate the attack vector. `sudo systemctl stop cups-browsed` `sudo systemctl disable cups-browsed` #### Implement Network Access Controls ***Firewall Configuration:*** Restrict access to CUPS services using firewalls to allow only trusted networks or hosts. ***UDP Traffic Limitation:*** Limit or monitor UDP traffic to and from CUPS servers. #### Monitor and Detect Anomalous Activity ***Intrusion Detection Systems***: Deploy IDS/IPS solutions to detect and prevent exploitation attempts. ***Log Analysis***: Regularly review system logs for unusual activity related to CUPS services. ### Educate and Train Staff ***Security Awareness:*** Ensure that system administrators are aware of the latest vulnerabilities and the importance of timely patching. ***Incident Response Planning:*** Develop and maintain an incident response plan for potential security breaches.

loading..   04-Oct-2024
loading..   4 min read
loading..

Cloudflare

DDoS

Cloudflare mitigated the largest recorded DDoS attack peaking at 3.8 Tbps, highl...

In a landmark DDoS event, Cloudflare has announced the successful mitigation of the largest recorded Distributed Denial-of-Service (DDoS) attack to date, which peaked at a staggering 3.8 terabits per second (Tbps). This hyper-volumetric attack targeted organizations across the financial services, internet, and telecommunications sectors, underscoring the escalating scale and sophistication of cyber threats facing global infrastructure. ### A Month-Long Siege of Volumetric Attacks The colossal assault was part of a sustained campaign spanning over a month, during which more than 100 hyper-volumetric DDoS attacks were launched. These attacks aimed to overwhelm network infrastructure by inundating it with massive amounts of illegitimate traffic, thereby consuming bandwidth and depleting system resources. This deluge of data effectively denied legitimate users access to services, fulfilling the primary objective of a DDoS attack. ### Technical Anatomy of the Attack The attacks primarily targeted the network and transport layers (Layers 3 and 4) of the OSI model. Many of these assaults surpassed two billion packets per second (pps) and exceeded bandwidths of 3 Tbps. The threat actors orchestrated the campaign using a diverse array of compromised devices, including: - Asus Home Routers - MikroTik Systems - Digital Video Recorders (DVRs) - Web Servers These infected devices formed a global botnet with significant concentrations in Russia, Vietnam, the United States, Brazil, and Spain. ### UDP Exploitation on Fixed Ports The attackers predominantly utilized the User Datagram Protocol (UDP) on fixed ports to transmit data. UDP is favored in such attacks due to its connectionless nature, allowing rapid transmission without the overhead of establishing a formal connection, thus amplifying the attack's speed and volume. ### Cloudflare's Autonomous Defense Mechanism Cloudflare's advanced DDoS mitigation infrastructure autonomously detected and neutralized all the attacks in real-time. The peak attack, which hit 3.8 Tbps, lasted approximately 65 seconds. The company's ability to withstand such a massive onslaught without manual intervention highlights the effectiveness of its automated defense systems and the importance of robust cybersecurity measures. ### Global Distribution of Attack Sources ### Infected devices were distributed globally, with hotspots in key regions. #### Comparative Analysis with Previous Records Before this incident, the record for the largest publicly disclosed volumetric DDoS attack was held by Microsoft, which mitigated a 3.47 Tbps attack targeting an Azure customer in Asia. Cloudflare's recent mitigation surpasses this figure, indicating a troubling increase in the scale at which malicious actors are operating. #### Emerging Threats: The CUPS Vulnerability In a related development, cybersecurity firm Akamai has identified that recently disclosed vulnerabilities in the Common UNIX Printing System (CUPS) for Linux could serve as a new vector for DDoS attacks. Akamai's research revealed: #### Over 58,000 publicly accessible systems vulnerable to CUPS exploitation. These systems could be co-opted to send thousands of requests in amplification attacks. Some CUPS servers responded repeatedly to initial requests, potentially leading to endless loops of malicious traffic. ### Implications for Cybersecurity The escalation in both the scale of attacks and the exploitation of new vulnerabilities like CUPS underscores the evolving threat landscape. Organizations must adopt proactive and adaptive security strategies, including: Investing in Automated Defense Systems: As demonstrated by Cloudflare, autonomous mitigation can effectively neutralize large-scale attacks without human intervention. Regular Vulnerability Assessments: Identifying and patching vulnerabilities like those in CUPS can prevent systems from being exploited in botnets. Global Collaboration: Sharing threat intelligence across industries and borders is crucial for anticipating and defending against emerging threats. Cloudflare's successful mitigation of the largest recorded DDoS attack serves as both a warning and a call to action. As cyber threats continue to grow in scale and complexity, the importance of robust, automated, and adaptive cybersecurity measures cannot be overstated. Organizations worldwide must remain vigilant and collaborative to safeguard the integrity of global digital infrastructure.

loading..   03-Oct-2024
loading..   4 min read
Company Logo
logo

Secure Blink automates the application and API security testing for developers and security teams, helping them to rapidly identify and mitigate vulnerabilities more effectively than they can today.

Find Us Online

Facebook Logo
Twitter Logo
LinkedIn Logo
Telegram Logo
YouTube Logo
contact@secureblink.com

This website uses cookies to ensure you get the best experience on our website. By continuing on our website, you consent to our use of cookies. To find out more about how we use cookies, please see our Cookies Policy.

contact@secureblink.com

@ Copyright 2024 Secure Blink. All rights reserved.

4th Floor, Plot No- 7-10 Sector 126, Noida, UP -201303