Cloudflare and Arbor Networks warned yesterday that the Memcached open source memory caching protocol can be abused to amplify distributed denial-of-service attacks. The vulnerability-Cloudflare calls it "Memcrashed"-affects Memcached servers where UDP (User Datagram Protocol) is enabled. Arbor Networks thinks the exploit will soon be available in commodity booter services. Cloudfare urges everyone to disenable UDP if they can possibly do so. Enterprises should use this opportunity to buck up their general resilience to DDoS.
Duo Security has found a new class of vulnerability affecting single-sign-on systems that use the SAML (Security Assertion Markup Language). Exploitation could enable users with authenticated access to induce the system to authenticate them as different users without needing to know the victims' passwords.
According to MalwareHunterTeam, Thanatos ransomware makes it effectively impossible to recover files. Thanatos's masters generate a unique encryption key for each file, but save none of them, which means victims pay ransom in vain. Researchers regard this as a botched process rather than an intentionally added layer of nastiness. Some believe there may be effective, if time-consuming, ways of brute-forcing decryption.
The Senate asks what NSA and Cyber Command are doing about Russian election interference. Admiral Rogers's answer, in brief, is that his organizations lack the authorities to do much (that he can openly discuss, that is).
One reason for attacking under a false flag, even when the deception is fairly obvious? To induce doubt about future attributions, which is probably part of the point in Moscow's recent Olympic hacking maskirovka.