Recent Security News
-
October 10, 2023 at 01:12PM – Patch Tuesday: Code Execution Flaws in Adobe Commerce, Photoshop
October 10, 2023 at 01:12PM Adobe has released patches for 13 security vulnerabilities in its products. Critical flaws in Adobe Commerce and Photoshop require immediate attention. The flaws could lead to arbitrary code execution, privilege escalation, and denial-of-service attacks. The affected software versions include Adobe Commerce and Magento Open Source. Adobe has also fixed a…
-
October 10, 2023 at 01:06PM – How Keyloggers Have Evolved From the Cold War to Today
October 10, 2023 at 01:06PM Keyloggers silently track and record keystrokes to collect valuable information, and while they were once used for espionage, they have evolved into easily accessible tools. Different types include USB, acoustic, electromagnetic, smartphone-based, and software-based keyloggers. They can be utilized for both good and bad purposes. Protective measures include software updates,…
-
New One-Click Exploit Is a Supply Chain Risk for Linux OSes
October 10, 2023 at 04:47PM Researchers have discovered a vulnerability in a library used by the GNOME desktop environment for Linux systems. Exploiting the vulnerability through a malicious link could allow attackers to take over machines. The issue lies in a dependency called “libcue” used by a default GNOME application called “tracker-miners.” The researchers have…
-
October 10, 2023 at 12:46PM – Microsoft to kill off VBScript in Windows to block malware delivery
October 10, 2023 at 12:46PM Microsoft plans to phase out VBScript in future Windows releases, after 30 years of use. VBScript will be available as an on-demand feature before being removed from the operating system. This move is likely due to the discontinuation of Internet Explorer and is part of Microsoft’s strategy to mitigate malware…
-
HTTP/2 ‘Rapid Reset’ zero-day exploited in biggest DDoS deluge seen yet
October 10, 2023 at 04:46PM Cloudflare reported that the largest distributed denial-of-service (DDoS) attack ever recorded was launched using a zero-day vulnerability in the HTTP/2 protocol. The attack surpassed 398 million requests per second, more than five times larger than the previous record. Google, Cloudflare, and AWS have disclosed the vulnerability and implemented mitigations to…