DHS warns of two symmetric key authentication vulnerabilities in the NTP protocol that were patched this week. NTP-based DDoS attacks are a relatively simple way of spoofing IP addresses in order to disrupt websites or web-based services. Hackers who specialize in distributed denial-of-service attacks found a way to exploit vulnerabilities in NTP to amplify attacks to, at the time, unprecedented levels. Red Hat’s Miroslav Lichvar reported the issue in early March to NTP, which patched the vulnerabilities yesterday.
Source: https://threatpost.com/two-ntp-key-authentication-vulnerabilities-patched/112067/