Month: June 2020

Akamai is global content delivery network (CDN), cybersecurity, and cloud service company.

“On June 21, 2020, Akamai mitigated the largest packet per second (PPS) distributed denial-of-service (DDoS) attack ever recorded on the Akamai platform. The attack generated 809 million packets per second (Mpps), targeting a large European bank.” reads a post published by Akamai.

Akami did not disclose the name of the bank.

This latest attack was clearly optimized to overwhelm DDoS mitigation systems via high PPS load. The packets sent carried a meager 1 byte payload (for a total packet size of 29 with IPv4 headers).

Read more about it here.

Researchers at Awake Security told Reuters that hundreds of Chrome browser extensions were found to be malicious. Most of the free extensions purported to warn users about questionable websites, or to convert files from one format to another. Instead, these Chrome extensions sucked up browsing history and data that provided credentials for access to internal business tools.

Based on the number of downloads, it was the most far-reaching malicious Chrome store campaign to date.

Google removed over 100 Chrome browser extensions from the official Web Store.

Read more about it here.

Researchers from Cisco Talos disclosed two critical flaws in the Zoom software, that could allow a remote attacker to write files to the targeted user’s system and possibly achieve arbitrary code execution.

The first vulnerability, CVE-2020-6109, is related to the way Zoom stores GIF image files. Zoom did not check the GIF source, allowing attackers to embed GIFs from a third-party server under the control of the attackers. The software further fails to sanitize the GIF filename, potentially allowing to achieve directory traversal, allowing to potentially store malicious files disguised as GIFs to any location on the target system.

The second vulnerability, CVE-2020-6110, is related to the way Zoom Client version 4.6.10 processes messages including shared code snippets. A specially crafted chat message can cause an arbitrary binary planting. which could be abused to achieve arbitrary code execution.

Newer versions of the video conferencing app patch the flaws.

Read more about it here.