The story that has not gone away this month is the memcached amplification attacks. A few weeks back GitHub absorbed what was reported as a record-breaking flood, north of a terabit per second, and then someone else took an even larger one shortly after. The mechanism is the depressing part: memcached, a perfectly good caching server, was listening on UDP, on the open internet, with no authentication, and could be made to reply to a spoofed source with a response thousands of times larger than the request. Free amplification, paid for by whoever owns the spoofed address.
What stings is how avoidable it is. Memcached has no business being reachable from the public internet, and the UDP listener in particular has no business being on at all for most deployments. The maintainers moved quickly to disable UDP by default in the next release, which is the right call, but the boxes already out there do not patch themselves.
I went and checked my own kit, because smugness before checking is how you end up in next week's writeup. Bound to localhost, UDP off, firewall in front. Fine. But I have absolutely deployed a service "just for now" on 0.0.0.0 in the past and told myself I would lock it down later. This is the reminder that "later" is doing a lot of work in that sentence. Default-deny, bind to localhost, and assume anything you leave open will eventually be pointed at someone you have never met. The attackers have all the time in the world. You do not.