Advertise

Threat Intelligence

12/10/2020
05:50 PM

Dark Reading Staff
Quick Hits

0 comments
Comment Now

50%

Juvenile Pleads Guilty to 2016 DNS Attack

Mirai botnet was used to target Sony in an attack that took down DynDNS and a number of its notable customers.

An individual, unnamed because they were a juvenile at the time of the crime, has pleaded guilty to committing acts of federal juvenile delinquency relating to a cyberattack that caused massive disruption to the Internet in October 2016. Sentencing is scheduled for January 7, 2021.

Building an Effective Cybersecurity Incident Response Team

New From The Edge: 51% of Edge Readers Plan to Pursue New Cybersecurity Certification in 2021

According to the guilty plea, the individual conspired to commit computer fraud by running a botnet. The botnet launched DDoS attacks against victims, most of whom were online gamers or online game platforms.

The government found that the individual created the botnet, using a variation of Mirai, in September and October 2016. The attacks, which were aimed at the Sony PlayStation Network, also had a significant impact on Dyn, a New Hampshire-based DNS provider. Sony, Twitter, Amazon, PayPal, Tumblr, Netflix, and Southern New Hampshire University (SNHU) - all Dyn customers - suffered site disruptions in the attack.

For more, read here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Recommended Reading:

Comment |

Email This |

Print |

RSS

More Insights

Webcasts

Getting Your Security Tech Together: Making Orchestration and Automation Work For Your Enterprise

The Pesky Password Problem: Policies That Help You Gain the Upper Hand on the Bad Guys

More Webcasts

White Papers

Third Party Cyber Risk Management Guide 101

Top Third-Party Data Breaches of 2020: Lessons Learned to Make 2021 More Secure

More White Papers

Reports

Email Security Threat Report 2020

Special Report: Understanding Your Cyber Attackers

More Reports

Comments

Newest First | Oldest First | Threaded View

[close this box]

Be the first to post a comment regarding this story.

Hot Topics

Editors' Choice

Nation-State Hackers Breached FireEye, Stole Its Red Team Tools

Kelly Jackson Higgins, Executive Editor at Dark Reading, 12/8/2020

Phishing Campaign Targets 200M Microsoft 365 Accounts

Kelly Sheridan, Staff Editor, Dark Reading, 12/7/2020

Navigating the Security Maze in a New Era of Cyberthreats

Keith B. Alexander & Jamil Jaffer, Founder & SVP, Strategy, Partnerships & Corporate Development, IronNet Cybersecurity, 12/9/2020

Webinars

Robotic Processing Can Automate Your Business Processes

Achieve Continuous Testing with Intelligent Test Automation, Powered by AI

Getting Your Security Tech Together: Making Orchestration and Automation Work For Your Enterprise

Webinar Archives

White Papers

A Force Multiplier for Third-Party Cyber Risk Management

Threat Intelligence Solutions: A SANS Review of Anomali ThreatStream

ROI Study: Economic Validation Report of the Anomali Threat Intelligence Platform

Why the Future Is Passwordless

Driving Immediate Value with a Cloud SIEM

More White Papers

Cartoon Contest

Write a Caption, Win an Amazon Gift Card! Click Here

Latest Comment: Don't worry, you'll know if audit doesn't like your password strength!

Cartoon Archive

Current Issue

2020: The Year in Security

Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

Assessing Cybersecurity Risk in Today’s Enterprises

COVID-19 has created a new IT paradigm in the enterprise — and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.

Download Now!

The Malware Threat Landscape

0 comments

How Data Breaches Affect the Enterprise (2020)

0 comments

Building an Effective Cybersecurity Incident Response Team

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2020-27730
PUBLISHED: 2020-12-11

In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute paths when calling system utilities.

CVE-2020-29455
PUBLISHED: 2020-12-11

A cross-Site Scripting (XSS) vulnerability in this.showInvalid and this.showInvalidCountry in SmartyStreets liveAddressPlugin.js 3.2 allows remote attackers to inject arbitrary web script or HTML via any address parameter (e.g., street or country).

CVE-2020-5948
PUBLISHED: 2020-12-11

On BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin...

CVE-2020-5949
PUBLISHED: 2020-12-11

On BIG-IP versions 14.0.0-14.0.1 and 13.1.0-13.1.3.4, certain traffic pattern sent to a virtual server configured with an FTP profile can cause the FTP channel to break.

CVE-2020-5950
PUBLISHED: 2020-12-11

On BIG-IP 14.1.0-14.1.2.6, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role.

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]