Recent Security News

  • October 10, 2023 at 10:33AM – Fresh curl tomorrow will patch ‘worst’ security flaw in ages

    October 10, 2023 at 10:33AM Curl version 8.4.0 is set to be released tomorrow, addressing two security flaws. One of the flaws is considered the worst security flaw in curl in a long time. The update will address CVE-2023-38545, affecting both libcurl and the curl tool, and CVE-2023-38546, affecting libcurl only. The update does not…

    Read More

  • October 10, 2023 at 10:13AM – New ‘HTTP/2 Rapid Reset’ zero-day attack breaks DDoS records

    October 10, 2023 at 10:13AM A new DDoS technique named ‘HTTP/2 Rapid Reset’ has been actively exploited as a zero-day since August, breaking all previous records in magnitude. Amazon Web Services, Cloudflare, and Google report mitigating attacks reaching 155 million requests per second (Amazon) and 201 million rps (Cloudflare). Cloudflare has detected over a thousand…

    Read More

  • October 10, 2023 at 10:13AM – A Primer on Cyber Risk Acceptance and What it Means to Your Business

    October 10, 2023 at 10:13AM This article discusses the concept of risk acceptance in cybersecurity and provides guidelines for making informed decisions about accepting risks. It defines risk acceptance and outlines different levels of risk acceptance, such as accepting the risk forever, accepting temporarily, transferring the risk, and eliminating the risk. The article also emphasizes…

    Read More

  • October 10, 2023 at 10:06AM – Old-School Attacks Are Still a Danger, Despite Newer Techniques

    October 10, 2023 at 10:06AM Many cybercriminals still rely on non-sophisticated attacks because they are effective. These include phishing attacks and credential harvesting, often obtained through social engineering. Automation and AI are increasingly being used by bad actors to conduct attacks more efficiently. To defend against these attacks, organizations need to bolster human defenses through…

    Read More

  • October 10, 2023 at 09:54AM – SecurityWeek to Host 2023 ICS Cybersecurity Conference October 23-26 in Atlanta

    October 10, 2023 at 09:54AM SecurityWeek will host the 2023 Industrial Control Systems (ICS) Cybersecurity Conference from October 23-26, 2023, in Atlanta. The event, now in its 22nd year, focuses on cybersecurity for industrial control systems and operational technology. The conference will feature over 75 sessions, including technical and strategy sessions, and will address various…

    Read More