300,000 Systems Vulnerable to New Loop DoS Attack

March 20, 2024 at 05:51AM Researchers from the CISPA Helmholtz Center in Germany have identified a new DoS attack that affects UDP-based application protocols and internet-facing systems, causing indefinite communication between servers. This self-sustaining loop attack disrupts services and networks, impacting protocols like NTP and DNS. The technique may be used for amplifying DoS or … Read more

The Dynamic DoS Threat

March 19, 2024 at 04:23PM The ENISA report reveals the significant impact of DoS attacks on organizations and public infrastructure, with a focus on political motives and the evolving threat landscape. It emphasizes the need for robust prevention and remediation measures, highlighting the importance of understanding attackers’ motives and developing proactive defense strategies. For more … Read more

Cisco Patches High-Severity Vulnerabilities in Data Center OS

February 29, 2024 at 07:57AM Cisco released its semiannual FXOS and NX-OS security advisory bundle, which includes info on four vulnerabilities. Two high-severity flaws impact NX-OS software: CVE-2024-20321 allows remote attackers to perform a DoS attack, while CVE-2024-20267 could cause a DoS condition. Medium-severity flaws in FXOS and NX-OS software were also patched. Additional details … Read more

Two more Citrix NetScaler bugs exploited in the wild

January 18, 2024 at 10:38AM Two vulnerabilities in Citrix’s NetScaler ADC and Gateway products, CVE-2023-6548 and CVE-2023-6549, have been patched. The first allows remote code execution with authentication and access to specific IPs, while the second can lead to a denial-of-service attack. Customers are advised to update their affected products promptly to prevent exploitation. Key … Read more

Juniper Networks Patches Critical Remote Code Execution Flaw in Firewalls, Switches

January 15, 2024 at 06:12AM Juniper Networks has addressed more than 100 vulnerabilities, including the critical CVE-2024-21591 affecting Junos OS. The flaw could allow attackers to execute arbitrary code or cause a denial-of-service. Additionally, the company has patched high and medium severity flaws in third-party components. No known attacks exploiting these vulnerabilities have been reported. … Read more

Microsoft discovers critical RCE flaw in Perforce Helix Core Server

December 18, 2023 at 03:52PM Four vulnerabilities, including a critical one, were found in the Perforce Helix Core Server, a widely used source code management platform. Discovered by Microsoft analysts, flaws included denial of service issues and remote code execution by unauthenticated attackers. Users are urged to upgrade to version 2023.1/2513900 to mitigate risk and … Read more