Security Alerts & News
by Tymoteusz A. Góral

History
#886 NTP patches flaws that enable DDoS
The network time protocol, at the center of a number of high-profile DDoS attacks in 2014, was updated on Thursday to ntp-4.2.8p8. The latest version includes patches for five vulnerabilities, including one rated high-severity.

NTP, specifically the NTP daemon, synchronizes system clocks with time servers.

Vulnerable NTP servers were used two years ago with regular frequency to carry out amplification attacks against targets. High-bandwidth NTP-based DDoS attacks skyrocketed as attackers used vulnerable NTP implementations to amplify DDoS attacks much in the way DNS amplification has been used in the past. Some NTP amplification attacks reached 400 Gbps in severity, enough to bring down even some of the better protected online services.
Read more
#887 Updated CryptXXX ransomware big money potential
#886 NTP patches flaws that enable DDoS
#885 WordPress patches 0-day in WP Mobile Detector plugin
#884 Does your website suck on mobile? Find out using Google's free new tool
#883 Ransomware as a service, inside an organized Russian ransomware campaign (PDF)
#882 FastPOS: Quick and easy credit card theft
#881 Marcher mobile bot adds UK targets, steps up banking fraud capabilities
#880 IRONGATE ICS malware: Nothing to see here... masking malicious activity on SCADA systems
#879 Stop Facebook tracking you across the web, change these settings
#878 Facebook’s new DeepText AI understands almost everything we write
#877 Hacked TeamViewer users 'careless' in personal security
#876 FireEye: Organisations should stop playing malware whack-a-mole
#875 ​Former cyber defence head: Ethics should be at the core of cybersecurity
#874 Dropbox smeared in week of megabreaches
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12