June 13, 2024 at 10:42AM Microsoft released a patch for a serious denial-of-service (DoS) vulnerability in the Domain Name System Security Extensions (DNSSEC) protocol. The vulnerability (CVE-2023-50868) affects multiple vendors and projects, including Unbound, BIND, dnsmasq, and PowerDNS. Despite patches being released earlier by other vendors, Microsoft issued a fix only recently, making it a … Read more
May 21, 2024 at 01:54PM Infosec researchers have flagged a critical vulnerability (CVE-2024-4323) in Fluent Bit, a widely used logging component. Tenable discovered the flaw, potentially leading to denial of service, information leakage, and remote code execution. The issue affects versions 2.0.7 through 3.0.3 and may compromise the security of major cloud providers and blue … Read more
April 9, 2024 at 01:42PM Adobe issued urgent security updates for its enterprise products, including Adobe Commerce and Magento Open Source, to address code execution vulnerabilities that hackers could exploit. The company also fixed security flaws in Adobe Experience Manager, Adobe Media Encoder, Adobe After Effects, Adobe Photoshop, Adobe InDesign, and Adobe Animate through Patch … Read more
April 4, 2024 at 07:30AM Researcher Bartek Nowotarski has unveiled a new denial-of-service (DoS) attack method named HTTP/2 Continuation Flood, potentially posing a greater threat than the previous Rapid Reset vulnerability. The attack exploits a flaw in the handling of HTTP/2 frames and has affected various implementations. Patches and mitigations are being issued, and the … Read more
April 3, 2024 at 01:31PM Ivanti, an IT security software company, has released patches for multiple high-severity security vulnerabilities in its Connect Secure and Policy Secure gateways. Attackers can exploit these flaws for remote code execution and DoS attacks. The U.S. CISA has issued an emergency directive to secure Ivanti systems following zero-day attacks. Thousands … Read more
March 28, 2024 at 09:12AM Cisco announced patches for multiple high-severity vulnerabilities in IOS and IOS XE software, including denial-of-service risks, privilege escalation, command injection, and protection bypass issues. The flaws could be exploited without authentication, potentially leading to serious consequences if not addressed promptly. Additional details can be found on Cisco’s security advisories page. … Read more
March 20, 2024 at 11:36AM A new DoS attack vector, dubbed Loop DoS attacks, targets UDP-based application-layer protocols, leading to reflected DoS attacks. Researchers discovered that certain UDP protocol implementations can be weaponized, creating self-perpetuating attack loops. Potentially impacting around 300,000 hosts and networks, the attack has been flagged as trivial to exploit. Multiple products … Read more
March 13, 2024 at 02:03AM Microsoft released a monthly security update addressing 61 vulnerabilities, including 2 critical issues in Windows Hyper-V with potential for denial-of-service and remote code execution. None of the flaws were publicly known or under active attack, but updates were also made to the Chromium-based Edge browser. Other vendors have also released … Read more
March 11, 2024 at 10:45PM The French government reported unprecedented cyberattacks targeting several of its services, prompting the activation of a crisis center to restore online services. While the impact has been reduced, details of the attacks and responsible group, supposedly Anonymous Sudan, are not confirmed. France has been enhancing cyber defenses ahead of the … Read more
February 19, 2024 at 08:38AM A serious vulnerability named KeyTrap in the DNSSEC feature could be exploited to deny internet access to applications for an extended period. Tracked as CVE-2023-50387, KeyTrap is a design issue in DNSSEC impacting DNS implementations. Researchers from ATHENE and partners discovered and addressed the issue, working with DNS service providers. … Read more