A new Zero-day distributed denial of service attack (DDoS) technique has been found in the wild that is able to amplify malicious traffic by as much as 55x. Ofer Maor, Director of Security Strategy at Synopsys commented below.
Ofer Maor, Director of Security Strategy at Synopsys:
“This vulnerability is another example of how developers often do not comprehend the security implications of implementation decisions they make for certain extreme cases. It appears that in this case, the response to an unintended exception results in returning substantial amounts of data. Naturally this can be used by attackers to make DDoS attacks more efficiently, by leveraging on resources available to the servers running the vulnerable LDAP service (i.e. the attacker only needs to use little bandwidth to make another machine attack its target with substantial more bandwidth used). As with many security vulnerabilities, attackers find ways to abuse a behavior which the developer that wrote this service, with insufficient security training and/or controls, did not perceive as a threat.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…