Latest news with #WindowsDeploymentServices
Forbes
15-05-2025
- Forbes
More Bad News For Windows Users As Critical HTTPBot Warning Issued
Beware this HTTPBot Windows attack. It was only on May 6 that I reported how a remote attacker targeting Windows Deployment Services with a dangerous memory exhaustion exploit, for which there remains no fix, could crash your enterprise network. Yes, we are talking about Distributed Denial of Service attacks, which, let's face it, really are nothing new. That doesn't make them any less critical a risk than other vulnerabilities and even zero-day exploits that can target your Windows systems, given the consequences of a successful threat campaign against your business. Which is why security researchers have just issued a critical new warning after detecting a significant increase in DDoS attacks deploying the HTTPBot Trojan, developed based on the Go language and targeting Windows users. Although first hitting the cybersecurity threat intelligence radar in August 2024, a significant spike in activity involving the HTTPBot trojan during April 2025 has spurred researchers at the NSFocus Fuying Lab to issue a high-risk warning regarding the aggressive expansion of this Windows DDoS threat. The NSFocus threat intelligence report, published May 12, confirmed that the attackers are currently 'continuously leveraging infected devices to launch external attacks.' These attacks primarily target the gaming, education, and technology industries. The big issue, and why HTTPBot is considered such a critical attack campaign, is the highly-targeted, multi-stage methodology used to perpetrate what the intelligence analysts described as 'continuous saturation attacks' against those organizations unlucky enough to find themselves in the crosshairs. HTTPBot attacks use a bunch of DDoS techniques, from highly simulated HTTP floods to dynamic feature obfuscation. With regard ton the latter, the NSFocus report advised that HTTPBot employs the following detection bypass mechanisms: HTTPBot doesn't look to target bandwidth consumption in the standard DDoS attack manner, but rather, the report warned, it takes a different approach by targeting 'precisely target high-value business interfaces' and saturating critical areas such as login and payment systems. This type of transactional DDoS attack is, obviously, of great concern. HHTPBot has 'scalpel-like precision,' the researchers said, and so poses 'a systemic threat to industries that rely on real-time interaction.' Indeed, the report goes so far as to suggest it represents a paradigm DDoS shift from indiscriminate traffic suppression to 'high-precision business strangulation.' 'By targeting application-layer vulnerabilities rather than bandwidth,' Javvad Malik, lead security awareness advocate at KnowBe4, warned, 'HTTPBot's operators have identified a more efficient path to service disruption in sectors dependent on real-time transactions.' Referring to the Windows DDoS threat as a shift from brute-force to resource-targeted attacks, Malik said it demands evolution in defense. 'Static rule-based protections are inadequate,' Malik concluded, 'the future of cybersecurity defences require real-time relevant and adaptive across all domains."
Forbes
06-05-2025
- Forbes
Windows Memory Exhaustion Network Crash Warning — No Microsoft Fix
Beware this Windows Deployment Services memory exhaustion attack. getty Microsoft is no stranger to vulnerabilities; heck, there were 684 Windows Server security flaws confirmed in 2024 alone. This is, in fact, a positive thing as it's far better to know about a vulnerability than only discover it once it has been exploited. Which is why Microsoft has paid hackers $60 million in bug bounties for such responsible disclosures. But what if I were to tell you that one security researcher has found a vulnerability that enables a remote attacker to crash your enterprise network at will, and Microsoft isn't interested in paying them diddly squat, or fixing the problem for that matter. Welcome to the worrying world of the Windows Deployment Services memory exhaustion attack technique. Forbes Confirmed — 19 Billion Compromised Passwords Published Online By Davey Winder You can read any number of reports and warnings about remote code execution vulnerabilities and exploits against Windows networks. The security research community might be said to be fascinated by them. And for good reason: The ability to execute arbitrary code remotely leaves your network, and ultimately the operation of your organization, vulnerable to ransomware attacks, cyber-espionage, and more. Writing in a detailed technical blog posting, Peng warns of the dangers presented by a denial-of-service attack exploiting a vulnerability pattern in User Datagram Protocol remote services that are employing Windows Deployment associate professor demonstrated how an attacker can crash your Windows enterprise network without any authentication or user interaction by deploying a remote Denial of Service attack in WDS. 'WDS is critical for IT administrators managing corporate networks, data centers, or educational institutions requiring streamlined, secure OS deployments,' Peng said, explaining that an attacker can easily forge client IP addresses and port numbers, to create new sessions until all system resources are exhausted. Forbes Google Issues New Windows Password Security Alert By Davey Winder The full technical methodology is in Peng's report, but just know that this easy-to-exploit vulnerability enables an attacker to disrupt a network rapidly and effectively as it literally collapses from memory exhaustion. You might think that Microsoft would be all over this, but that doesn't appear to be the case. Peng disclosed the vulnerability to Microsoft Feb. 8. and it was confirmed March 4. Come April 23, Microsoft told Peng that the vulnerability is 'moderate' and doesn't meet the bar for security action, including bounty payments. The same day, Peng responded to urge Microsoft to react as it was 'an important DoS bug without authentication (preach) or user interaction (0-click)' but as nothing more was heard, decided to publish the blog. Peng recommends that users abandon Windows Deployment Services as 'there is currently no good way to mitigate this issue unless Microsoft takes responsibility and releases a patch.' I have reached out to Microsoft for a statement. Forbes Government Security Warning Issued As Password And 2FA Hackers Strike By Davey Winder
