11.12.19

Plundervolt

CPU

Modern processors are being pushed to perform faster than ever before - and with this comes increases in heat and power consumption. To manage this, many chip manufacturers allow frequency and voltage to be adjusted as and when needed. But more than that, they offer the user the opportunity to modify the frequency and voltage through priviledged software interfaces.

20.11.19

iTLB multihit

CPU

iTLB multihit is an erratum where some processors may incur a machine check error, possibly resulting in an unrecoverable CPU lockup, when an instruction fetch hits multiple entries in the instruction TLB. This can occur when the page size is changed along with either the physical address or cache type. A malicious guest running on a virtualized system can exploit this erratum to perform a denial of service attack.

20.11.19

Jump Conditional Code Erratum

CPU

Starting with the second-generation Intel® Core™ Processors and Intel® Xeon® E3-1200 Series Processors (formerly codenamed Sandy Bridge) and later processor families, the Intel® microarchitecture introduces a microarchitectural structure called the Decoded ICache (also called the Decoded Streaming Buffer or DSB).

13.11.19

TPM—Fail

CPU

Trusted Platform Module (TPM) serves as a root of trust for the operating system. TPM is supposed to protect our security keys from malicious adversaries like malware and rootkits.

13.11.19

TSX Speculative Attack

CPU

A new speculative vulnerability called ZombieLoad 2, or TSX Asynchronous Abort, has been disclosed today that targets the Transactional Synchronization Extensions (TSX) feature in Intel processors.

13.11.19

MDS Attack

CPU

The RIDL and Fallout speculative execution attacks allow attackers to leak private data across arbitrary security boundaries on a victim system, for instance compromising data held in the cloud or leaking your data to malicious websites.

25.10.19

CPDoS Atack

DDoS Attack

Cache-Poisoned Denial-of-Service (CPDoS) is a new class of web cache poisoning attacks aimed at disabling web resources and websites.

12.9.19

Simjacker Attack

SIM Attack

Following extensive research, AdaptiveMobile Security has uncovered a new and previously undetected vulnerability. This vulnerability is currently being exploited and is being used for targeted surveillance of mobile phone users.

11.9.19

NETCAT Attack

CPU

NetCAT shows that network-based cache side-channel attacks are a realistic threat. Cache attacks have been traditionally used to leak sensitive data on a local setting (e.g., from an attacker-controlled virtual machine to a victim virtual machine that share the CPU cache on a cloud platform).

15.8.19

KNOB Attack

Bluetooth

A vulnerability tracked as CVE-2019-9506 and referred as Key Negotiation of Bluetooth (KNOB) attack could allow attackers to spy on encrypted connections.
Researchers at the Center for IT-Security, Privacy and Accountability (CISPA) found a new Bluetooth vulnerability, referred as Key Negotiation of Bluetooth (KNOB) attack, that could allow attackers to spy on encrypted connections.

7.8.19

SWAPGS Attack

CPU

The SWAPGS Attack, as they call it, circumvents the protective measures that have been put in-place in response to earlier attacks such as Spectre and Meltdown. Still, there is plenty of good news: Microsoft has already released Windows patches for the flaw that makes the attack possible and, even though feasible, the researchers don’t expect the attack to be exploited for widespread, non-targeted attacks.

16.7.19

App in the Middle (AitM) Attack

App Attack

Below, I will describe two ‘app-in-the-middle’ attacks, where a malicious app is installed in the personal profile and acts as an agent to steal information from (and even control) the Work profile and hand it off to an attacker’s Command & Control server.

12.6.19

RAMBleed attack

RAM Attack

The Rowhammer bug is a reliability issue in DRAM cells that can enable an unprivileged adversary to flip the values of bits in neighboring rows on the memory module. Previous work has exploited this for various types of fault attacks across security boundaries, where the attacker flips inaccessible bits, often resulting in privilege escalation. It is widely assumed however, that bit flips within the adversary’s own private memory have no security implications, as the attacker can already modify its private memory via regular write operations.

15.5.19

ZombieLoad Attack

CPU Attack

After Meltdown, Spectre, and Foreshadow, we discovered more critical vulnerabilities in modern processors. The ZombieLoad attack allows stealing sensitive data and keys while the computer accesses them.

14.5.19

RIDL and Fallout Attacks

CPU Attack

New attacks extract data from CPU buffers. Two attacks dubbed RIDL and Falloutexploit a set of four vulnerabilities collectively known as Microarchitectural Data Sampling (MDS) vulnerabilities - a name given by Intel. The flaws affect Intel CPUs released since 2008, the researchers say.

14.5.19

RIDL attack

CPU Attack

Researchers from VUSec - the Systems and Network Security Group at Vrije University in Amsterdam, and from the Helmholtz Center for Information Security (CISPA) have developed the RIDL (short for Rogue In-Flight Data Load) attack.

12.4.19

PASSWORD PARTITIONING

WPA 3 Attack

In this section we show how to perform password partition attacks, using the information obtained from our timing and cache attacks. This enables an adversary to recover the password of a target. 8.1 Partitioning a Dictionary In the first attack variant, our goal is to recover the password from a given dictionary. We accomplish this by repeatedly partitioning the dictionary into correct and incorrect password candidates. Practically, this is implemented by removing incorrect passwords from the dictionary during each partitioning step.

12.4.19

CACHE-BASED ATTACKS ON ECC GROUPS

WPA 3 Attack

In this section we demonstrate that implementations of the hashto-curve algorithm of SAE may be vulnerable to cache-based sidechannel attacks. Similar to the timing attack against MODP groups, this will later on enable an adversary to recover a target’s password. 7.1 Background and Attack Goal The goal of our attack is to learn if the Quadratic Residue (QR) test in the first iteration of the hash-to-curve algorithm succeeded or not.

12.4.19

TIMING ATTACKS ON MODP GROUPS

WPA 3 Attack

In this section we empirically show that the hash-to-group method that converts a password into a MODP element is vulnerable to timing attacks. The obtained info will later on be used in password partitioning attacks, allowing one to recover the victim’s password. 6.1 Background Up to this point, we assumed the SAE handshake is executed using elliptic curves.

12.4.19

Countermeasures

WPA 3 Attack

To mitigate our downgrade to dictionary attack, a client should remember if a network supports WPA3-SAE. That is, after successfully connecting using SAE, the client should store that the network supports SAE. From this point onward, the client must never connect to this network using a weaker handshake.

12.4.19

Attacking SAE’s Group Negotiation

WPA 3 Attack

The SAE handshake can be run using different elliptic curve or multiplicative groups mod p (i.e. ECP or MODP groups). The “Group Description” of gives an overview of supported groups. Additionally, the 802.11 standard allows station to prioritize groups in a user-configurable order

12.4.19

Downgrade to Dictionary Attack

WPA 3 Attack

Our first attack is against WPA3-SAE transition mode. Recall from Section 2.2 that in this mode the AP is configured to accept connections using both WPA3-SAE and WPA2. This provides backward compatibility with older clients. Moreover, WPA2’s 4-way handshake detects downgrade attacks, meaning an attacker cannot trick a WPA3-capable client into successfully establishing a connection using WPA2.

9.4.19

Framing supply chain attacks

ICS Attack

The increase in the demand for innovative software has effectively reshaped the software development industry itself. Today, speed and agility are paramount and development teams are pushed to deliver highly advanced applications in record time — which means that writing every single line of code from the ground up is often not a sustainable practice. As the NIST puts it, “This ecosystem has evolved to provide a set of highly refined, cost-effective, reusable ICT solutions.”

29.3.19

BTS resource depletion attack

LTE Attack

Every commercial eNB has a maximum capacity of active user connections based on their hardware and software specifications. The purpose of the BTS resource depletion attack is to deplete this capacity of the active RRC Connections, thereby preventing other users from connecting to the target eNB.

29.3.19

Blind DoS attack

LTE Attack

Unlike the aforementioned attack that denies multiple users in an eNB, the Blind DoS attack denies a targeted UE by establishing RRC Connections spoofed as the victim UE. 1) Attack model: The attacker performs the attack within the area covered by the victim’s serving eNB. The attacker also knows the victim’s S-TMSI that can be obtained in three ways

29.3.19

Remote de-registration attack

LTE Attack

During our experiments, we discovered that operational MMEs have several implementation flaws that cause them to unnecessarily de-register the victim UE without notification. The detailed attack scenario is as below. 1) Adversary model: An adversary should be able to send malicious NAS messages to the MME in which the victim UE is registered. Typically, an MME manages a number of eNBs which are distributed throughout large geographical regions.

29.3.19

SMS phishing attack

LTE Attack

1) Adversary model: In this scenario, the adversary sends an SMS message to victim UE1 by spoofing the message sender using the phone number of victim UE2. To this end, the adversary knows the S-TMSI of UE2 to spoof the sender. The phone number of UE1, to which the actual SMS message is sent, is also known. In addition, we assume that the target LTE network provides the SMS through the NAS layer. 2) Attack procedure: ➀ The adversary starts by establishing a spoofed RRC Connection using the S-TMSI of UE2

29.3.19

ATTACKS EXPLOITING UE: AKA BYPASS ATTACK

LTE Attack

1) Adversary model: The adversary is located sufficiently close to the victim UE to trigger handover from an existing eNB to the adversary’s rogue LTE network. To this end, the rogue LTE network transmits an LTE signal with higher transmission power than commercial eNBs. Additionally, the adversary would have to know the list of Tracking Areas (TAs) to masquerade the rogue LTE network as a commercial one. A valid TA Code (TAC) can easily be captured in two ways

29.3.19

Attacks exploiting eNB

LTE Attack

In the case of a BTS resource depletion attack, it is impossible for an eNB to distinguish the adversary’s RRC Connection requests from benign RRC connection requests. A possible mitigation to this attack could be to reduce the inactivity timer value to allow an RRC Connection that is unresponsive to the Authentication request to expire.

29.3.19

Attacks exploiting MME and UE

LTE Attack

As discussed in Section V, both the Remote de-register attack and SMS phishing attack are rooted from incorrect implementation of the operational MMEs. Thus, these MMEs should be carefully implemented by strictly following the 3GPP standard. The AKA bypass attack is also rooted in the UE handling the mandatory security procedure incorrectly. Therefore, the UE should not proceed with any control plane procedures before completing the mandatory security procedure successfully.

29.3.19

MitM attack

LTE Attack

Many previous studies,  employed a rogue BTS in a 2G/3G network. However, the Man in the Middle (MitM) attack in LTE networks received less attention . Rupprecht et al. showed that an LTE dongle could be used for eavesdropping and tampering if the dongle incorrectly allows null integrity to both the control and data plane. Hussain et al. demonstrated an Authentication relay attack to eavesdrop a victim UE’s data communication if the carrier uses null encryption to the data plane.

29.3.19

DoS attack

LTE Attack

Previous studies introduced DoS attacks that exploit vulnerabilities in LTE control plane procedures. Shaik et al. presented DoS attacks using plain reject messages (NAS TAU reject, Service reject and Attach reject). Raza et al. demonstrated two types of DoS attacks that were able to detach a user from the network: the first uses a plain NAS Detach request message and the other uses Paging with the user’s IMSI. Both studies showed that certain unprotected plain messages may cause denial of service to users.

9.3.19

Password Spray Attack

Password

Password Spray Attack is quite the opposite of Brute Force Attack. In Brute Force attacks, hackers choose a vulnerable ID and enter passwords one after another hoping some password might let them in. Basically, Brute Force is many passwords applied to just one ID.

4.3.19

Thunderclap

Hardware

Direct Memory Access (DMA) attacks have been known for many years: DMA-enabled I/O peripherals have complete access to the state of a computer and can fully compromise it including reading and writing all of system memory. With the popularity of Thunderbolt 3 over USB Type-C and smart internal devices, opportunities for these attacks to be performed casually  with only seconds of physical access to a computer have greatly broadened. In response, commodity hardware and operatingsystem (OS) vendors have incorporated support for Input-Ouptut Memory Management Units (IOMMUs), which impose memory  protection on DMA, and are widely believed to protect against  DMA attacks.

25.2.19

ToRPEDO Attack

Mobil/GSM

Short for "TRacking via Paging mEssage DistributiOn," TorPEDO is the most concerning attack that leverages paging protocol, allowing remote attackers to verify a victim device’s location, inject fabricated paging messages, and mount denial-of-service (DoS) attacks.

25.2.19

PIERCER attack

Mobil/GSM

The PIERCER (Persistent Information ExposuRe by the CorE netwoRk) attack, which enables an attacker with the knowledge of the victim’s phone number, a sniffer, and a fake base station in the victim’s geographical cell to associate the victim device’s IMSI with its phone number.

25.2.19

IMSI-Cracking Attacks

Mobil/GSM

In addition, the ToRPEDO attack also opens a door for two other new attacks—the PIERCER and IMSI-Cracking attacks, leading to the full recovery of the victim device's persistent identity (i.e., IMSI).Exist due to a design flaw, PIERCER (Persistent Information ExposuRe by the CorE netwoRk) attack enables an attacker to associate the victim device's unique IMSI with its phone number.

14.1.19

Server Spoofing

Protocol

Similar to ARP spoofing and all other spoofing attacks. In here attacker pretend to be a valid DHCP server. What attacker does is he reply for the hosts DHCP request before real DHCP server does. In the reply attacker defines a IP address to the host and false default gateway(could be attacker’s IP address).

14.1.19

MAC flooding/CAM table overflow

Protocol

MAC address tables or CAM(Content Access Memory) tables are used on switches to track where to send traffic it received. When switch receives a frame it look its cam table for destination mac address. If mac address can be find in cam table packet will forward to the port(interface) assigned to that mac address.

14.1.19

Cross-cloud attacks

Cloud

These types of threats occur when customers move one of their workloads into a public cloud environment, such as Amazon Web Services or Microsoft Azure, and use Direct Connect (or any other VPN tunnel) to move between the public cloud into the private cloud. An attacker who breaches one of the environments can then move laterally, under the radar of security tools.

14.1.19

Cloud malware injection attacks

Cloud

Malware injection attacks are done to take control of a user’s information in the cloud. For this purpose, hackers add an infected service implementation module to a SaaS or PaaS solution or a virtual machine instance to an IaaS solution. If the cloud system is successfully deceived, it will redirect the cloud user’s requests to the hacker’s module or instance, initiating the execution of malicious code.

14.1.19

Cloud attack counter measures

Cloud

We’ve discussed some of the most common cloud computing attack vectors malicious actors use to achieve their goals.

14.1.19

Insider attacks

Cloud

Insider attacks remain one of the top threats for various organizations, even if you don’t use cloud infrastructure. While most employees are trustworthy, it’s always a good idea to have  a clear understanding of who has access to certain files and documents.

13.1.19

Punycode Attack

Web

Unicode characters can look the same to the naked eye but actually, have a different web address. Some letters in the Roman alphabet, used by the majority of modern languages, are the same shape as letters in Greek, Cyrillic, and other alphabets, so it’s easy for an attacker to launch a domain name that replaces some ASCII characters with Unicode characters.

4.12.18

CORS Attacks

Web

CORS or Cross -Origin Resource Sharing use in modern browsers to check the permission of remote access to web resources and services.

22.10.18

Bypassing SAML 2.0 SSO
with XML Signature Attacks

Authentication

We’ve recently noticed a trend with a lot of New Zealand sites wanting to implement Single Sign-On (SSO) to combat the proliferation of passwords, including many government services. The most prevalent standard for doing this, providing interoperability between many vendors’ frameworks and multiple languages, is SAML 2.0.

22.10.18

Detecting and exploiting
 XXE in SAML Interfaces

Web

This post will describe some findings, problems and inisghts regarding XML External Entity Attacks (XXEA) that we gathered during a large-scale security analysis of several SAML interfaces.

22.10.18

Attacking SSO

Authentication

In this blog I’ll share some pointers that can be used when testing Single Sign-On (SSO) solutions that utilize SAML. The centralized nature of SSO provides a range of security benefits, but also makes SSO a high-profile target to attackers. The majority of SSO implementations I have seen in the past year pass SAML messages as part of the authentication process.

21.10.18

SS7 Attack

Mobil/GSM

An SS7 attack is an exploit that takes advantage of a weakness in the design of SS7 (Signalling System 7) to enable data theft, eavesdropping, text interception and location tracking.While the SS7 network is fundamental to cellphones and its operators, the security of the design relied entirely on trust. The SS7 network operators counted on one another to play by the rules. Now, with operators opening the SS7 network to offer third-party access as a commercial offering, vulnerabilities are being exposed and attacked.

15.10.18

Punycode Phishing
Attack

Phishing

There are only a handful of rules that you need to know to counter any phishing attack that you may be exposed to on the Internet, right? Check the web address and make sure it is the right one. Also, make sure you don't follow any links on pages or in messages that you don't trust 100%. While that is sound advise, and will help you identify the bulk of phishing attacks, Chinese security researcher Xudong Zheng just demonstrated that things may not always be that easy.

4.10.18

Cold boot attack

Hardware/
cryptographic

In cryptography, a cold boot attack (or to a lesser extent, a platform reset attack) is a type of side channel attack in which an attacker with physical access to a computer is able to retrieve encryption keys from a running operating system after using a cold reboot to restart the machine.The attack relies on the data remanence property of DRAM and SRAM to retrieve memory contents that remain readable in the seconds to minutes after power has been removed.

28.9.18

OpenSSH Plaintext
Recovery Attack

Communication

o, somebody pointed this out to me the other day: http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt which talks about the probability of recovering some plain text from an ssh session. Having seen nothing at all from OpenSSH about this, my first reaction was "OH NO!" because it looked like they had released information without patches or a fix being available, then I looked a little closer at what was actually being talked about here.

27.9.18

Formjacking

Web

When a customer of an e-commerce site clicks “submit” or its equivalent after entering their details into a website’s payment form, malicious JavaScript code that has been injected there by the cyber criminals collects all entered information, such as payment card details and the user’s name and address. This information is then sent to the attacker’s servers. Attackers can then use this information to perform payment card fraud or sell these details to other criminals on the dark web.

21.8.18

Man-in-the-Disk

Android

Recently, our researchers came across a shortcoming in the design of Android’s use of storage resources. Careless use of External Storage by applications may open the door to an attack resulting in any number of undesired outcomes, such as silent installation of unrequested, potentially malicious, apps to the user’s phone, denial of service for legitimate apps, and even cause applications to crash, opening the door to possible code injection that would then run in the privileged context of the attacked application.

21.8.18

Faxploit

Exploit

Fax, the brilliant technology that lifted mankind out the dark ages of mail delivery when only the postal service and carrier pigeons were used to deliver a physical message from a sender to a receiver. Technology wise, however, that was a long time ago. Today we are light years away from those dark days. In its place we have email, chat messengers, mobile communication channels, web-services, satellites using quantum messaging and more.

15.8.18

TLBLEED

CPU

TLBleed is a new side channel attack that has been proven to work on Intel CPU’s with Hyperthreading (generally Simultaneous Multi-threading, or  SMT, or HT on Intel) enabled. It relies on concurrent access to the TLB, and it being shared between threads. We find that the L1dtlb and the STLB (L2 TLB) is shared between threads on Intel CPU cores.

15.8.18

Foreshadow

CPU

Foreshadow is a vulnerability that affects modern microprocessors that was first discovered by two independent teams of researchers in January 18, but was first disclosed to the public on 14 August 18.The vulnerability is a speculative execution attack on Intel processors that may result in the loss of sensitive information stored in personal computers, or third party clouds.There are two versions: the first version (original/Foreshadow) (CVE-18-3615) targets data from SGX enclaves; and the second version (next-generation/Foreshadow-NG) (CVE-18-3620 and CVE-18-3646) targets Virtual Machines (VMs), hypervisors (VMM), operating system (OS) kernel memory, and System Management Mode (SMM) memory

15.8.18

Meltdown

CPU

Meltdown is a hardware vulnerability affecting Intel x86 microprocessors, IBM POWER processors, and some ARM-based microprocessors. It allows a rogue process to read all memory, even when it is not authorized to do so.

15.8.18

Spectre

CPU

Spectre is a vulnerability that affects modern microprocessors that perform branch prediction.On most processors, the speculative execution resulting from a branch misprediction may leave observable side effects that may reveal private data to attackers. For example, if the pattern of memory accesses performed by such speculative execution depends on private data, the resulting state of the data cache constitutes a side channel through which an attacker may be able to extract information about the private data using a timing attack.

27.6.18

TLBleed

Cryptographic

TLBleed is a cryptographic side-channel attack that uses machine learning to exploit a timing side-channel via the translation look-aside buffer (TLB) on modern microprocessors that use simultaneous multithreading.

18.5.18

BlackNurse attack

DoS

The BlackNurse attack is a form of denial of service attack based on ICMP flooding. The attack is special because a modest bandwidth of 20Mbit/s can be effective for disrupting a victim's network.The attack consists of sending Destination Unreachable packets to a destination. This works because these packets caused the destination to consume resources at a relatively high rate relative to the traffic.

18.5.18

EFAIL Attacks

Email

Researchers finally revealed the Historical Email encryption based EFAIL attacks that can be exploited this brand new serious vulnerability that affected PGP & S/MIME end-to-end encryption technologies. Researchers already released an earlier warning about this highly critical security flaw in PGP & S/MIME keys and they advised to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email.

18.5.18

Nethammer

Hardware

A fundamental assumption in software security is that memory contents do not change unless there is a legitimate deliberate modification. Classical fault attacks show that this assumption does not hold if the attacker has physical access.

4.5.18

GLitch attack

Android

The researchers dubbed their attack “GLitch,” as it leverages WebGL, a JavaScript API for rendering interactive graphics in web browsers, to determine the physical memory layout of the DRAM memory before starting the targeted Rowhammer attack.

21.4.18

SIP Client Call Flood

VoIP

This is a flood technique focused on SIP application protocol which involves illegitimate call requests. The idea here is to flood the Session Boarder Control (SBC) and / or SIP / VOIP PBX with too many requests to handle and thus making the service unavailable.

21.4.18

HTTP Fragmentation
Attack

HTTP

In an HTTP Fragmentation Attack, an attacker establishes a valid connection with a server, and then proceeds to send all of his or her HTTP traffic to the server in small fragments as slowly as possible.

21.4.18

ICMP Flood Attack

LAN Attack

Internet Control Message Protocol (ICMP) is a connectionless protocol used for IP operations, diagnostics, and errors. An ICMP Flood attack - the sending of an abnormally large number of ICMP packets of any type (especially network latency testing "ping" packets) - can overwhelm a target server that attempts to process every incoming ICMP request, and this can result in a denial-of-service condition for the target server.

21.4.18

HTTP Flood (HTTP DDoS
Attack)

HTTP

An HTTP flood is a HTTP DDoS attack method used by hackers to attack web servers and applications. It consists of seemingly legitimate session-based sets of HTTP GET or POST requests sent to a target web server. These requests are specifically designed to consume a significant amount of the server's resources, and therefore can result in a denial-of-service condition (without necessarily requiring a high rate of network traffic).

20.4.18

PowerHammer

Hardware

PowerHammer: Exfiltrating Data from Air-Gapped Computers through Power Lines

19.4.18

iOS Trustjacking Attack

iOS

Symantec researchers have found a loophole in how iPhone users pair devices with Mac workstations and laptops. They say attackers can exploit this flaw —which they named Trustjacking— to take over devices without the phone owner's knowledge.

13.4.18

Border Gateway Protocol
(BGP) Attack

TCP/IP

The BGP attack is a DDoS attack where attackers take control of a large amount of fast routers to overwhelm their victim. The idea behind it is to take advantage of the ability of routers to exchange router tables. The attackers let the controlled routers know that their target is a router asking for a routing table's exchange, which results in the sending of a big amount of incoming packets to the victim, therefore overwhelming it.

13.4.18

Cookie Poisoning

Cookies

Cookie poisoning is the act of manipulating or forging a cookie (a small piece of data created and stored in a user's browser that keeps track of important information regarding his or her session information for a particular site) for the purpose of bypassing security measures or sending false information to a server. An attacker using cookie poisoning can gain unauthorized access to a user's account on the particular site the cookie was created for, or potentially tricking a server into accepting a new version of the original intercepted cookie with modified values.

13.4.18

DrDoS attack

DoS

Distributed Reflection Denial of Service attack. An attack is reflective when the attacker makes use of a potentially legitimate third party to send his or her attack traffic, ultimately hiding his or her own identity.

13.4.18

Fragmented ACK Attack

TCP/IP

A Fragmented ACK attack is a variation of the ACK & PSH-ACK Flood that uses 1500-byte packets with the goal of hogging the target network’s bandwidth with only a moderate packet rate. If application level filters were applied on network equipment (routers and such), it will have to reassemble the packets, consuming much of its resources. If no filters were applied, these attack packets will be able to pass through many network security devices such as routers, ACLs, and firewalls undetected. These fragmented packets usually contain junk data, as the goal of the attacker is to simply consume all of the target network’s bandwidth.

13.4.18

#RefRef

DDoS

#RefRef is a Perl-based DoS attack tool developed by the Hacktivist group ‘Anonymous’ that uses a vulnerability in MySQL to perform an SQL injection involving the MySQL BENCHMARK() function. #RefRef abuses the BENCHMARK () function which allows for the repeated execution of an expression in order to exhaust a targeted server’s resources.

13.4.18

Application misuse attack

Vulnerebility

Application misuse is a category of cyber or security attacks which envelopes the concept of availability-based outages at Layers 5-7 on the OSI model of internetworking. The idea here is to misuse a standard, RFC, business logic or known application vulnerabilities to establish lethargic or unavailable application-layer resources.

13.4.18

TCP Window Scaling

TCP/IP

The TCP Window is a buffer that contains a copy of all the packets sent out by a device in case any of the packets are lost in transit (in which case they can be replaced using this buffer and resent minimizing packet loss).

13.4.18

SYN Flood

TCP/IP

A SYN flood is a denial-of-service (DoS) attack that relies on abusing the standard way that a TCP connection is established. Typically, a client sends a SYN packet to an open port on a server asking for a TCP connection. The server then acknowledges the connection by sending SYN-ACK packet back to the client and populating the client’s information in its Transmission Control Block (TCB) table.

13.4.18

Fraggle Attack

DDoS

A Fraggle Attack is a denial-of-service (DoS) attack that involves sending a large amount of spoofed UDP traffic to a router’s broadcast address within a network. It is very similar to a Smurf Attack, which uses spoofed ICMP traffic rather than UDP traffic to achieve the same goal. Given those routers (as of 1999) no longer forward packets directed at their broadcast addresses, most networks are now immune to Fraggle (and Smurf) attacks.

13.4.18

DNS Flood Attack (DNS Flooding)

DNS

DNS amplification attack is a sophisticated denial of service attack that takes advantage of DNS servers' behavior in order to amplify the attack. In order to launch a DNS amplification attack, the attacker performs two malicious tasks. First, the attacker spoofs the IP address of the DNS resolver and replaces it with the victim's IP address. This will cause all DNS replies from the DNS servers to be sent to the victim's servers.

13.4.18

UDP Flood Attack

TCP/IP

A UDP flood attack is a network flood and still one of the most common floods today. The attacker sends UDP packets, typically large ones, to single destination or to random ports. In most cases the attackers spoof the SRC IP which is easy to do since the UDP protocol is "connectionless" and does not have any type of handshake mechanism or session.

13.4.18

Boy-in-the-Browser Attack

Web

The Boy-in-the-Browser Attack is a variant of the MitB – Man-in-the-Browser attack involving malware that makes changes to a target machine's routing (often by changing an operating system's hosts file), and subsequently deleting itself.

13.4.18

Counter-attack

TCP/IP

A counter-attack is a term taken from the military jargon used to describe large scale, usually strategic offensive operations by forces that had successfully halted an enemy’s offensive, while occupying defensive positions.

13.4.18

Low rate attack

TCP/IP

Attack aimed at bringing a target down but doing so quietly. This is much different than high rate brute force attacks. These attacks often aim at leaving connections open on the target by creating a relatively low number of connections over a period of time and leaving those sessions open for as long as possible.

13.4.18

Slowloris

DoS

Slowloris is a denial-of-service (DoS) tool developed by the grey hat hacker “RSnake” that causes DoS by using a very slow HTTP request. By sending HTTP headers to the target site in tiny chunks as slow as possible (waiting to send the next tiny chunk until just before the server would time out the request), the server is forced to continue to wait for the headers to arrive.

13.4.18

High-rate attack

TCP/IP

These attacks are essentially forceful and often involve flooding the target with an overwhelming flux of packets, whether over saturating its connection bandwidth or depleting the target's system resources. Bandwidth starvation typically assumes the attacker has access to more machines or higher bandwidth than the victim or that it utilizes an Amplification Attack.

13.4.18

Zero-Day - Zero-Minute
Attack

Zero-Day

A Zero-Day (or Zero-Minute) Attack is a type of attack that uses a previously unknown vulnerability. Because the attack is occurring before “Day 1” of the vulnerability being publicly known, it is said that the attack occurred on “Day 0” - hence the name.

13.4.18

Torshammer (Tor‘s Hammer)

Tor

Torshammer is a slow-rate HTTP POST (Layer 7) DoS tool created by phiral.net. The first public occurrence of this tool dates back to early 2011.

13.4.18

R.U.D.Y. Attack (R-U-Dead-
Yet?)

Web

R.U.D.Y. attack (R-U-Dead-Yet?) is a slow-rate HTTP POST (Layer 7) denial-of-service tool created by Raviv Raz and named after the Children of Bodom album "Are You Dead Yet?"

13.4.18

Hacktivist

Hacktivist

"Hacktivist", a portmanteau of "hack" and "activism", was a term coined in 1996 by Omega, a member of the hacking coalition "Cult of the Dead Crow" (cDc). The term can be loosely defined as, "the ethically ambiguous use of computers and computer networks in order to affect the normal operation of other systems, motivated by a desire to protest or promote political ends.

8.4.18

SIP Malformed Attack

SIP

Application layer attack on the Session Initiation Protocol- SIP in use in VoIP services, targeted at causing denial of service to SIP servers. A SIP malformed attack consists of sending any kind of non-standard messages (malformed SIP Invite for ex) with an intentionally invalid input, therefore making the system unstable.

4.4.18

Java Deserialization Attack

Apache

Recently we talked a lot about attacks exploiting Java deserialization vulnerabilties in systems like Apache SOLR and WebLogic. Most of these attacks targeted Linux/Unix systems. But recently, I am seeing more attacks that target windows.

30.3.18

Cold boot attack

Crypto

In cryptography, a cold boot attack (or to a lesser extent, a platform reset attack) is a type of side channel attack in which an attacker with physical access to a computer is able to retrieve encryption keys from a running operating system after using a cold reboot to restart the machine.

30.3.18

Lucky Thirteen attack

Crypto

The Lucky Thirteen attack is a cryptographic timing attack against implementations of the Transport Layer Security (TLS) protocol that use the CBC mode of operation, first reported in February 2013 by its developers Nadhem J. AlFardan and Kenny Paterson of the Information Security Group at Royal Holloway, University of London.

30.3.18

Electromagnetic attack

Crypto

In cryptography, electromagnetic attacks are side-channel attacks performed by measuring the electromagnetic radiation emitted from a device and performing signal analysis on it.

30.3.18

Pin Configuration Attack

Crypto

A PLC can receive and transmit various types of electrical and electronic signals.

30.3.18

Pin Multiplexing Attack

Crypto

Embedded SoCs usually employ hundreds of pins connected to the electrical circuit. Some of these pins have a single defined purpose.

30.3.18

Pin Control Attack

Crypto

Pin Control Attack is a class of attack against embedded SoC's where attacker targets I/O configuration of the embedded systems and physically terminate its connection with the software or Operating System (OS) without software/OS notices about it or receive any failure regarding I/O failures.

30.3.18

Timing attack

Crypto

In cryptography, a timing attack is a side channel attack in which the attacker attempts to compromise a cryptosystem by analyzing the time taken to execute cryptographic algorithms.

30.3.18

DMA Attack

Hardware

This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. (August 2012) (Learn how and when to remove this template message)

28.3.18

UEFI Attack

Firmware
Attack

Unlike macs many PCs are likely to be vulnerable to pre-boot Direct Memory Access (DMA) attacks against UEFI. If an attack is successful on a system configured with secure boot - then the chain of trust is broken and secure boot becomes insecure boot.

27.3.18

BranchScope Attack

CPU

We present BranchScope — a new side-channel attack where the attacker infers the direction of an arbitrary conditional
branch instruction in a victim program by manipulating the shared directional branch predictor

13.3.18

Authentication
Synchronization
Failure Attack

4G LTE

13.3.18

Traceability Attack

4G LTE

13.3.18

Numb Attack

4G LTE

13.3.18

Authentication Relay Attack

4G LTE

13.3.18

Detach/Downgrade Attack

4G LTE

13.3.18

Paging Channel
Hijacking Attack

4G LTE

13.3.18

Stealthy Kicking-off Attack

4G LTE

13.3.18

Panic Attack

4G LTE

13.3.18

Energy Depletion Attack

4G LTE

13.3.18

Linkability Attack

4G LTE

13.3.18

MOSQUITO Attack

Bezdrátový

13.3.18

aIR-Jumper

Bezdrátový

Attack steals sensitive data from air-gapped PCs with the help of infrared-equipped CCTV cameras that are used for night vision.

13.3.18

USBee

Bezdrátový

Can be used to steal data from air-gapped computers using radio frequency transmissions from USB connectors.

13.3.18

DiskFiltration

Bezdrátový

Can steal data using sound signals emitted from the hard disk drive (HDD) of air-gapped computers.

13.3.18

BitWhisper

Bezdrátový

Relies on heat exchange between two computers to stealthily siphon passwords and security keys.

13.3.18

AirHopper

Bezdrátový

Turns a computer's video card into an FM transmitter to capture keystrokes.

13.3.18

Fansmitter

Bezdrátový

Technique uses noise emitted by a computer fan to transmit data.

13.3.18

GSMEM Attack

Bezdrátový

Attack relies on cellular frequencies.

4.3.18

MEMCACHED UDP
REFLECTION ATTACKS

TCP/IP

4.3.18

RDDoS Attack

RDDoS

4.3.18

Eclipse Attack

4.3.18

SgxSpectre Attack

4.3.18

Memcached DDoS Attackers

4.3.18

SWIFT-based attack

24.10.17

The DUHK Attack

19.10.17

BOUNDHOOK Attack

17.10.17

DDE Attack

17.10.17

Key Reinstallation Attacks

17.10.17

ROCA Attack

15.6.17

BlackNurse Denial of Service Attack

15.6.17

Distributed Guessing Attack

1.3.16

DROWN attack

9.6.15

Quantum Insert attack

4.6.14

Cross-site scripting (XSS)

Databáze

4.6.14

SQL injection

Databáze

4.6.14

Cross-site Request Forgery (CSRF)

Databáze

4.6.14

Cross-User Defacement

4.6.14

Escapování

4.6.14

Cache poisoning

4.6.14

HTTP response splitting

TCP/IP

4.3.14

Triple Handshake útok

12.2.14

UDP-based Amplification Attacks

TCP/IP

12.2.14

DNS Amplification Attacks

DNS

12.2.14

NTP Amplification Attacks Using CVE-2013-5211

TCP/IP

31.1.14

Pasivní identifikace operačního systému

Skenovací

31.1.14

Aktivní identifikace operačního systému

Skenovací

31.1.14

Skenování portů

Skenovací

31.1.14

ICMP dotazy

Skenovací

31.1.14

Hromadný ping

Skenovací

31.1.14

Skenování FIN, X-mas a Null

Skenovací

31.1.14

Nečinné skenování

Skenovací

31.1.14

Podvržené návnady

Skenovací

31.1.14

Tajné SYN skenování

Skenovací

31.1.14

MITM útok

31.1.14

ARP Poisoning

TCP/IP

31.1.14

ARP Spoofing

TCP/IP

31.1.14

MAC Attack

TCP/IP

31.1.14

DoS

DoS

31.1.14

Adress Spoofing

TCP/IP

31.1.14

Sniffing(odposlouchávání)

TCP/IP

31.1.14

Session Hijacking

31.1.14

Replay Attack

31.1.14

Spoofing Attack

31.1.14

FTP Bounce Attack

TCP/IP

31.1.14

Reflection_attack

31.1.14

Relay attack

31.1.14

Mixed_threat_attack

31.1.14

TCP_reset_attack

TCP/IP

31.1.14

Twinge_attack

31.1.14

IP_fragmentation_attacks

TCP/IP

31.1.14

Fragmented_distribution attack

31.1.14

Inference_attack

31.1.14

Attack_tree

31.1.14

Packet_drop_attack

TCP/IP

31.1.14

LAND_attack

31.1.14

MAC_flooding

TCP/IP

31.1.14

IP_address_spoofing

TCP/IP

31.1.14

DNS_rebinding

DNS

31.1.14

DNS_hijacking

DNS

31.1.14

Squatting_attack

31.1.14

Sybil_attack