Recent Security News
-
October 10, 2023 at 12:07PM – Researcher bags two-for-one deal on Linux bugs while probing GNOME component
October 10, 2023 at 12:07PM Researchers have discovered a high-severity remote code execution (RCE) vulnerability in a component of GNOME-based Linux distros. Tracked as CVE-2023-43641, the exploit takes advantage of the libcue library, used to parse cue sheets, and the tracker-miners application. The vulnerability affects all GNOME-based distros and can be triggered by downloading a…
-
Microsoft Exchange gets ‘better’ patch to mitigate critical bug
October 10, 2023 at 04:07PM Microsoft has released a new security update (CVE-2023-36434) to address a critical vulnerability in Microsoft Exchange Server (CVE-2023-21709). The update eliminates the need for additional steps and manual removal of a vulnerable Windows IIS Token Cache module. Admins who have already removed the module must install the new security update…
-
October 10, 2023 at 11:55AM – New critical Citrix NetScaler flaw exposes ‘sensitive’ data
October 10, 2023 at 11:55AM Citrix NetScaler ADC and NetScaler Gateway are affected by two vulnerabilities, CVE-2023-4966 and CVE-2023-4967. The first flaw allows for the disclosure of sensitive information, while the second can lead to denial of service. Upgrading to the recommended fixed versions is advised. Version 12.1 has reached end-of-life and no longer receives…
-
October 10, 2023 at 11:54AM – Mirai Variant IZ1H9 Adds 13 Exploits to Arsenal
October 10, 2023 at 11:54AM A variant of the Mirai botnet, known as IZ1H9, has updated its tools with 13 new exploits targeting vulnerabilities in IoT devices from various manufacturers, including D-Link, TP-Link, Zyxel, and others. This variant is highly active in exploiting these vulnerabilities for distributed denial-of-service (DDoS) attacks. Fortinet observed thousands of attack…
-
October 10, 2023 at 11:30AM – HTTP/2 Rapid Reset Zero-Day Vulnerability Exploited to Launch Record DDoS Attacks
October 10, 2023 at 11:30AM Amazon Web Services (AWS), Cloudflare, and Google have taken measures to address a new distributed denial-of-service (DDoS) attack technique called HTTP/2 Rapid Reset. The attacks, which exploited a flaw in the HTTP/2 protocol, affected the companies’ cloud infrastructures. The attacks overloaded servers by sending and canceling requests in quick succession,…