Cybersecurity Newsletter, October 12 - 18
Qrator

Welcome to the regular networking and cybersecurity newsletter. Let's take a look at the most interesting articles published between October 12 and 18, 2020.

Exponential growth in DDoS attack volumes

"Our infrastructure absorbed a 2.5 Tbps DDoS in September 2017, the culmination of a six-month campaign that utilized multiple methods of attack." - Google Cloud.
 

How we're tackling evolving online threats

"While it's less common to see DDoS attacks rather than phishing or hacking campaigns coming from government-backed threat groups, we've seen bigger players increase their capabilities in launching large-scale attacks in recent years." - Google TAG.
 

TrickBot botnet survives takedown attempt, but Microsoft sets new legal precedent

"TrickBot command and control (C&C) servers and domains seized yesterday have been replaced with new infrastructure earlier today, multiple sources in the infosec community have told ZDNet.
Sources from companies monitoring TrickBot activity described the takedown's effects as "temporal" and "limited," but praised Microsoft and its partners for the effort, regardless of its current results."
 

CVE-2020-16898 – Exploiting "Bad Neighbor" vulnerability

"This vulnerability is so important that I’ve decided to write a Proof-of-Concept for it. During my work there weren’t any public exploits for it. I’ve spent a significant amount of time analyzing all the necessary caveats needed for triggering the bug. Even now, available information doesn’t provide sufficient details for triggering the bug. That’s why I’ve decided to summarize my experience."
 

Five Eyes nations plus Japan, India call for Big Tech to bake backdoors into everything

"The nations of the Five Eyes security alliance – Australia, Canada, New Zealand, the USA and the UK – plus Japan and India, have called on technology companies to design their products so they offer access to encrypted messages and content."
 

Google and Intel warn of high-severity Bluetooth security bug in Linux

"Google and Intel are warning of a high-severity Bluetooth flaw in all but the most recent version of the Linux Kernel. While a Google researcher said the bug allows seamless code execution by attackers within Bluetooth range, Intel is characterizing the flaw as providing an escalation of privileges or the disclosure of information.
The flaw resides in BlueZ, the software stack that by default implements all Bluetooth core protocols and layers for Linux. Besides Linux laptops, it's used in many consumer or industrial Internet-of-things devices. It works with Linux versions 2.4.6 and later."

 

Thanks for sharing the newsletter!

For feedback or any suggestions, please write to us at cybersec@qrator.net.