Xynik October 10, 2023 at 11:54AM A variant of the Mirai botnet, known as IZ1H9, has updated its tools with 13 new exploits targeting vulnerabilities in IoT devices from various manufacturers, including D-Link, TP-Link, Zyxel, and others. This variant is highly active in exploiting these vulnerabilities for distributed denial-of-service (DDoS) attacks. Fortinet observed thousands of attack … Read more
October 10, 2023 at 11:30AM Amazon Web Services (AWS), Cloudflare, and Google have taken measures to address a new distributed denial-of-service (DDoS) attack technique called HTTP/2 Rapid Reset. The attacks, which exploited a flaw in the HTTP/2 protocol, affected the companies’ cloud infrastructures. The attacks overloaded servers by sending and canceling requests in quick succession, … Read more
October 10, 2023 at 10:48AM German software maker SAP has released a total of seven new and two updated security notes as part of its October 2023 Security Patch Day. The most severe note updates the Chromium browser in SAP Business Client, fixing 37 vulnerabilities, including two critical ones. One critical flaw, CVE-2023-4863, is already … Read more
October 10, 2023 at 10:33AM Curl version 8.4.0 is set to be released tomorrow, addressing two security flaws. One of the flaws is considered the worst security flaw in curl in a long time. The update will address CVE-2023-38545, affecting both libcurl and the curl tool, and CVE-2023-38546, affecting libcurl only. The update does not … Read more
October 10, 2023 at 10:13AM A new DDoS technique named ‘HTTP/2 Rapid Reset’ has been actively exploited as a zero-day since August, breaking all previous records in magnitude. Amazon Web Services, Cloudflare, and Google report mitigating attacks reaching 155 million requests per second (Amazon) and 201 million rps (Cloudflare). Cloudflare has detected over a thousand … Read more
October 10, 2023 at 10:13AM This article discusses the concept of risk acceptance in cybersecurity and provides guidelines for making informed decisions about accepting risks. It defines risk acceptance and outlines different levels of risk acceptance, such as accepting the risk forever, accepting temporarily, transferring the risk, and eliminating the risk. The article also emphasizes … Read more
October 10, 2023 at 10:06AM Many cybercriminals still rely on non-sophisticated attacks because they are effective. These include phishing attacks and credential harvesting, often obtained through social engineering. Automation and AI are increasingly being used by bad actors to conduct attacks more efficiently. To defend against these attacks, organizations need to bolster human defenses through … Read more
October 10, 2023 at 09:54AM SecurityWeek will host the 2023 Industrial Control Systems (ICS) Cybersecurity Conference from October 23-26, 2023, in Atlanta. The event, now in its 22nd year, focuses on cybersecurity for industrial control systems and operational technology. The conference will feature over 75 sessions, including technical and strategy sessions, and will address various … Read more
October 10, 2023 at 09:54AM A new zero-day vulnerability called ‘HTTP/2 Rapid Reset’ has been exploited by malicious actors to launch massive distributed denial-of-service (DDoS) attacks. Cloudflare, Google, and AWS have all experienced record-breaking attacks, with the largest reaching 398 million requests per second. The attacks leverage a feature in the HTTP/2 protocol and have … Read more
October 10, 2023 at 09:54AM Gutsy, a new cybersecurity startup founded by the team behind Twistlock, has secured $51 million in seed-stage financing. The company plans to use process mining techniques to address security challenges and provide data-driven insights into an organization’s teams, tools, and processes. Gutsy aims to help security leaders make better decisions … Read more