Latest DoS news

New Ivanti RCE flaw may impact 16,000 exposed VPN gateways

Approximately 16,500 Ivanti Connect Secure and Poly Secure gateways exposed on the internet are likely vulnerable to a remote code execution (RCE) flaw the vendor addressed earlier this week.
- Bill Toulas
- April 05, 2024
- 01:40 PM
- 0
New HTTP/2 DoS attack can crash web servers with a single connection

Newly discovered HTTP/2 protocol vulnerabilities called "CONTINUATION Flood" can lead to denial of service (DoS) attacks, crashing web servers with a single TCP connection in some implementations.
- Bill Toulas
- April 04, 2024
- 11:28 AM
- 0
Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks

IT security software company Ivanti has released patches to fix multiple security vulnerabilities impacting its Connect Secure and Policy Secure gateways.
- Sergiu Gatlan
- April 03, 2024
- 01:29 PM
- 0
New ‘Loop DoS’ attack may impact up to 300,000 online systems

A new denial-of-service attack dubbed 'Loop DoS' targeting application layer protocols can pair network services into an indefinite communication loop that creates large volumes of traffic.
- Bill Toulas
- March 20, 2024
- 03:40 PM
- 0
KeyTrap attack: Internet access disrupted with one DNS packet

A serious vulnerability named KeyTrap in the Domain Name System Security Extensions (DNSSEC) feature could be exploited to deny internet access to applications for an extended period.
- Bill Toulas
- February 17, 2024
- 11:08 AM
- 0
Over 178K SonicWall firewalls vulnerable to DoS, potential RCE attacks

Security researchers have found over 178,000 SonicWall next-generation firewalls (NGFW) with the management interface exposed online are vulnerable to denial-of-service (DoS) and potential remote code execution (RCE) attacks.
- Sergiu Gatlan
- January 15, 2024
- 01:28 PM
- 0
‘Wall of Flippers’ detects Flipper Zero Bluetooth spam attacks

A new Python project called 'Wall of Flippers' detects Bluetooth spam attacks launched by Flipper Zero and Android devices.
- Bill Toulas
- December 23, 2023
- 10:09 AM
- 8
Flipper Zero can now spam Android, Windows users with Bluetooth alerts

A custom Flipper Zero firmware called 'Xtreme' has added a new feature to perform Bluetooth spam attacks on Android and Windows devices.
- Bill Toulas
- October 25, 2023
- 02:54 PM
- 0
Industrial PLCs worldwide impacted by CODESYS V3 RCE flaws

Millions of PLC (programmable logic controllers) used in industrial environments worldwide are at risk to 15 vulnerabilities in the CODESYS V3 software development kit, allowing remote code execution (RCE) and denial of service (DoS) attacks.
- Bill Toulas
- August 11, 2023
- 10:33 AM
- 0
CISA issues DDoS warning after attacks hit multiple US orgs

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned today of ongoing distributed denial-of-service (DDoS) attacks after U.S. organizations across multiple industry sectors were hit.
- Sergiu Gatlan
- June 30, 2023
- 12:24 PM
- 0
Zyxel shares tips on protecting firewalls from ongoing attacks

Zyxel has published a security advisory containing guidance on protecting firewall and VPN devices from ongoing attacks and detecting signs of exploitation.
- Bill Toulas
- June 03, 2023
- 10:06 AM
- 0
New SLP bug can lead to massive 2,200x DDoS amplification attacks

A new reflective Denial-of-Service (DoS) amplification vulnerability in the Service Location Protocol (SLP) allows threat actors to launch massive denial-of-service attacks with 2,200X amplification.
- Bill Toulas
- April 25, 2023
- 11:26 AM
- 0
Cisco discloses high-severity IP phone zero-day with exploit code

Cisco has disclosed today a high-severity zero-day vulnerability affecting the latest generation of its IP phones and exposing them to remote code execution and denial of service (DoS) attacks.
- Sergiu Gatlan
- December 08, 2022
- 02:24 PM
- 0
CISA is warning of high-severity PAN-OS DDoS flaw used in attacks

A recent vulnerability found in Palo Alto Networks' PAN-OS has been added to the catalog of Known Exploitable Vulnerabilities from the U.S. Cybersecurity and Infrastructure Security Agency (CISA).
- Ionut Ilascu
- August 22, 2022
- 05:34 PM
- 0
Palo Alto Networks: New PAN-OS DDoS flaw exploited in attacks

Palo Alto Networks has issued a security advisory warning of an actively exploited high-severity vulnerability impacting PAN-OS, the operating system used by the company's networking hardware products.
- Bill Toulas
- August 12, 2022
- 11:40 AM
- 0
Critical SonicWall firewall patch not released for all devices

Security hardware manufacturer SonicWall has fixed a critical vulnerability in the SonicOS security operating system that allows denial of service (DoS) attacks and could lead to remote code execution (RCE).
- Sergiu Gatlan
- March 28, 2022
- 03:47 PM
- 0
OpenSSL cert parsing bug causes infinite denial of service loop

OpenSSL has released a security update to address a vulnerability in the library that, if exploited, activates an infinite loop function and leads to denial of service conditions.
- Bill Toulas
- March 16, 2022
- 10:00 AM
- 0
Hackers can crash Cisco Secure Email gateways using malicious emails

Cisco has addressed a high severity vulnerability that could allow remote attackers to crash Cisco Secure Email appliances using maliciously crafted email messages.
- Sergiu Gatlan
- February 17, 2022
- 11:26 AM
- 0
Apple fixes doorLock bug that can disable iPhones and iPads

Apple has released security updates to address a persistent denial of service (DoS) dubbed doorLock that would altogether disable iPhones and iPads running HomeKit on iOS 14.7 and later.
- Sergiu Gatlan
- January 12, 2022
- 04:45 PM
- 0
Rapid window title changes cause ‘white screen of death’

Experimentation with ANSI escape characters on terminal emulators has led to the discovery of multiple high-severity DoS (denial of service) vulnerabilities on Windows terminals and Chrome-based web browsers.
- Bill Toulas
- January 08, 2022
- 10:16 AM
- 0