Last week, security news site KrebsOnSecurity went dark for more than 24 hours following what was believed to be a record 620 gigabit-per-second denial of service attack brought on by an ensemble of routers, security cameras, or other so-called Internet of Things devices. Now, there's word of a similar attack on a French Web host that peaked at a staggering 1.1 terabits per second, more than 60 percent bigger.

The attacks were first reported on September 19 by Octave Klaba, the founder and CTO of OVH. The first one reached 1.1 Tbps while a follow-on was 901 Gbps. Then, last Friday, he reported more attacks that were in the same almost incomprehensible range. He said the distributed denial-of-service (DDoS) attacks were delivered through a collection of hacked Internet-connected cameras and digital video recorders. With each one having the ability to bombard targets with 1 Mbps to 30 Mbps, he estimated the botnet had a capacity of 1.5 Tbps.

On Monday, Klaba reported that more than 6,800 new cameras had joined the botnet and said further that over the previous 48 hours the hosting service was subjected to dozens of attacks, some ranging from 100 Gbps to 800 Gbps. On Wednesday, he said more than 15,000 new devices had participated in attacks over the past 48 hours.

Read 6 remaining paragraphs | Comments

 
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Cisco IOS XR Software CVE-2016-6421 Denial of Service Vulnerability
 
Aternity CVE-2016-5061 Multiple Cross Site Scripting Vulnerabilities
 
Cisco IOS and IOS XE Software Multiple Denial of Service Vulnerabilities
 
Cisco Firepower Management Center CVE-2016-6420 Privilege Escalation Vulnerability
 
Cisco Security Advisory: Cisco IOS and IOS XE Software Smart Install Memory Leak Vulnerability
 
Cisco Security Advisory: Cisco IOS and IOS XE Software Multicast Routing Denial of Service Vulnerabilities
 
Cisco Security Advisory: Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Fragmentation Denial of Service Vulnerability
 
Cisco Security Advisory: Cisco IOS XE Software NAT Denial of Service Vulnerability
 
Cisco Security Advisory: Cisco IOS Software Common Industrial Protocol Request Denial of Service Vulnerability
 
Cisco Security Advisory: Cisco IOS and IOS XE Software AAA Login Denial of Service Vulnerability
 
libarchive CVE-2015-8927 Heap Buffer Overflow Vulnerability
 
Libarchive CVE-2015-8932 Local Denial of Service Vulnerability
 
Oracle Fusion Middleware CVE-2016-3578 Remote Security Vulnerability
 
[REVIVE-SA-2016-002] Revive Adserver - Multiple vulnerabilities
 
ISC BIND 'buffer.c' Remote Denial of Service Vulnerability
 
IBM Spectrum Scale and IBM GPFS Local Command Execution Vulnerability
 
libarchive 'archive_read_extract.c' Information Disclosure Vulnerability
 
libarchive CVE-2015-8930 Denial of Service Vulnerability
 
Oracle Fusion Middleware CVE-2016-3596 Remote Security Vulnerability
 
QEMU CVE-2016-3710 Remote Code Execution Vulnerability
 
Adobe Digital Editions CVE-2016-6980 Use After Free Remote Code Execution Vulnerability
 
Apple iTunes/tvOS/Safari/iOS Multiple Memory Corruption Vulnerabilities
 
Google Chrome CVE-2016-7549 Multiple Denial of Service Vulnerabilities
 
policycoreutils CVE-2016-7545 Remote Privilege Escalation Vulnerability
 
ImageMagick CVE-2016-6823 Integer Overflow Vulnerability
 
GNU Wget CVE-2016-7098 Security Bypass Vulnerability
 
Multiple vulnerabilities found in the Dlink DWR-932B (backdoor, backdoor accounts, weak WPS, RCE ...)
 
Cisco Security Advisory: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016
 
[slackware-security] bind (SSA:2016-271-01)
 
Internet Storm Center Infocon Status