A WordPress SPAMbot Wants You to Bet on the 2018 FIFA World Cup

A WordPress SPAMbot Wants You to Bet on the 2018 FIFA World Cup

Our researchers recently picked up on a spike in SPAM activity directed at sites powered by WordPress, which, naturally, led them to take a closer look. Turns out the attack was launched by a botnet and implemented in the form of comment SPAM – meaningless, generic text generated from a ... Read More
Inside a New DDoS Amplification Attack Vector via Memcached Servers

Inside a New DDoS Amplification Attack Vector via Memcached Servers

We recently saw a new DDoS amplification attack vector via memcached servers that culminated in two massive DDoS amplification attacks on February 28. Both attacks were mitigated successfully. Here’s how memchached servers work and how the attacks unfolded. Memcached servers Unless updated within the last two days, memcached servers listen ... Read More
CVE-2018-6389 WordPress Parameter Resource Consumption Remote DoS

CVE-2018-6389 WordPress Parameter Resource Consumption Remote DoS

Yesterday (Monday, February 5, 2018), a zero-day vulnerability in WordPress core was disclosed, which allows an attacker to perform a denial of service (DoS) attack against a vulnerable application. The vulnerability exists in the modules used to load JS and CSS files. These modules were designed to decrease page-loading time, ... Read More