430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Hacking

Google is aware of NTP Exploits publicly available

Security researchers at Google have discovered several serious flaws affecting the NTP protocol, which are remotely exploitable by the attackers. Security experts at Google have uncovered several serious flaws in the Network Time Protocol (NTP), including several buffer overflows that are remotely exploitable. The Network Time Protocol is a networking protocol for clock synchronization between […]

Google is aware of NTP Exploits publicly available

Security researchers at Google have discovered several serious flaws affecting the NTP protocol, which are remotely exploitable by the attackers.

Security experts at Google have uncovered several serious flaws in the Network Time Protocol (NTP), including several buffer overflows that are remotely exploitable.

The Network Time Protocol is a networking protocol for clock synchronization between computer systems accross a network. According to the experts, all the versions of NTP prior to 4.2.8 are affected by the flaw.

The most concerning part of the discovery is that the experts have also found several exploits in the wild exploiting vulnerabilities.

A remote attacker could exploit vulnerabilities to compromise servers running older versions of the NTP protocol.

“Google Security Team researchers Neel Mehta and Stephen Roettger have coordinated multiple vulnerabilities with CERT/CC concerning the Network Time Protocol (NTP). As NTP is widely used within operational Industrial Control Systems deployments, NCCIC/ICS-CERT is providing this information for US Critical Infrastructure asset owners and operators for awareness and to identify mitigations for affected devices,” an advisory from ICS-CERT says.

“These vulnerabilities could be exploited remotely. Exploits that target these vulnerabilities are publicly available.”

NTP.org issued an advisory which explains that a single packet could be enough to exploit a buffer overflow vulnerability in the NTP.

“A remote attacker can send a carefully crafted packet that can overflow a stack buffer and potentially allow malicious code to be executed with the privilege level of the ntpd process,” the advisory says.

It is not the first time that Network Time Protocol is targeted by the hackers, in the past criminal crews exploited it in the wild to run DDoS attacks taking advantage of a weakness in NTP to amplify DDoS attacks.

Earlier 2014, security researchers at Symantec have spotted a series of Network Time Protocol (NTP) reflection DDoS attacks during the Christmas Holidays.

In the following graph is reported the DDoS activity run by nearly 15000 IP addresses involved in the Network Time Protocol (NTP) reflection attack likely belonging to a botnet.

Network Time Protocol NTP reflection DDoS spike 2013 dec

The hackers exploit the NTP reflection attack, because it amplification factor that is nearly 1000. There’s more cause for alarm with NTP attacks because attackers get a better response rate.”

It is important to carefully review every network protocol that could be abused by hackers.

Pierluigi Paganini

(Security Affairs –  NTP protocol, hacking)