14 DAY TRIAL // Massive distributed denial-of-service (DDOS) attacks continue to make headlines. This week, domain registrar and web hosting company Namecheap reported being hit by a 100 Gbps attack.
The attack was aimed at the company’s DNS platform and it took Namecheap around three hours to mitigate it. Namecheap representatives called it a “new type of attack,” but haven’t provided any additional details.
It’s uncertain if by “new type of attack” they mean NTP amplification attack. In any case, such operations are becoming more and more frequent. That is why we’ve reached out to Marc Gaffan, co-founder of Incapsula, and asked him to share some details about these attacks.
Hackers of DerpTrolling, the ones who have lately targeted the servers of numerous video game companies with DDOS attacks, have disrupted the US Army Knowledge Online site for several hours.
The creators of Wurm Online are offering a big reward to anyone who can provide information leading to the prosecution of those who have launched a disruptive DDOS against the MMORPG game’s servers.
As far as bug bounties are concerned, the Internet Bug Bounty program has announced its first $10,000 (€7,300) reward. Interestingly, the money was given to a researcher who discovered an attack in which a recently patched Flash Player vulnerability had been leveraged.
Even if he didn’t actually discover the vulnerability, IBB rewarded David Rude, a researcher with iDefense Labs, for his contribution to making the Internet safer.
Another major announcement came from eBay. The company has decided to combine the PayPal and Magento bug bounties into the eBay program. A new submissions tool has also been made available to help those who want to report vulnerabilities.
The University of Maryland has been hacked. The attackers have gained access to a database containing the names, social security numbers, dates of birth and other details of over 309,000 people, including students, faculty and staff. Impacted individuals are being offered free credit monitoring services.
ZCompany Hacking Crew announced another major hack attack. This time, the target was the National Portal of India.
Last week, the Syrian Electronic Army hit the systems of Forbes. This week, both Forbes and the hacktivists provided additional details on how the publishing platform had been breached.
In the meantime, the Syrian Electronic Army has also hijacked a number of Twitter accounts operated by the Spanish club FC Barcelona. The hackers targeted the club over Qatari funding.
Las Vegas Sands has finally restored the casino websites hacked by a group calling itself Anti WMD Team. However, shortly after the announcement was made, the hacktivists published a video to demonstrate that they had stolen over 800 Gb of information from the company’s servers. Las Vegas Sands is now trying to determine the extent of the breach.
Kickstarter admitted being hacked. The company hasn’t detected the breach. Instead, they’ve learned of it after being notified by law enforcement. Users are now asked to change their passwords.
This week, researchers from IOActive announced finding multiple vulnerabilities in Belkin’s WeMo Home Automation devices.
The experts said Belkin was unresponsive and that the security holes were unfixed. However, the electronics company claimed to have already addressed the issues identified by IOActive. Obviously, they haven’t done a very good job notifying customers of the fixes.
Here are some other interesting stories, in case you’ve missed them:
Even ransomware developers make mistakes sometimes
Shodan has introduced Shodan Maps
Internet Explorer zero-day used by at least two different cybercriminal groups
Black Hat USA 2014 registration and call for papers now open
Details of 300,000 accounts were posted on Pastebin in the last 12 months
Iowa man sentenced for taking part in Anonymous DDOS attacks