Good news ! Hackbusters community is waiting for you !  https://discuss.hackbusters.com
KnowBe4 has been running the HackBusters site for a few years now, providing you with trending IT security news. We are expanding it and have launched a new exciting online community! The forum is divided into four main topics or categories: Social Engineering, Ransomware, Phishing and Security Awareness Training. You are invited to be one of the first to join us at: https://discuss.hackbusters.com.

Large-scale DDoS Attack Abuses HTML's Hyperlink Audit Ping Facility

A new type of DDoS attack that abuses the HTML5 Ping-based hyperlink auditing feature has been detected following a major attack emanating from primarily Chinese-speaking mobile users of the QQBrowser.

Imperva researchers Vitaly Simonovich and Dima Bekerman monitored an attack that peaked at a massive 7,500 requests per second, and delivered more than 70 million requests over a four-hour period from around 4,000 user IPs. To put this in perspective, a similar mobile Android-based DDoS attack in 2016 achieved a peak of just 400 requests per second from 27,000 unique IPs.

The new approach uses the HTML5 ping attribute. This is used legitimately to track clicks on website links -- albeit with some reservations from privacy activists who view it as a form of user tracking. 'Ping=' is included in normal online hyperlink code. When the link is clicked, the invisible 'ping=' url is sent a content variable that is also unseen by the user. Website admins can then monitor, or audit,...(continued)

View All Trending Stories