Security
Headlines
HeadlinesLatestCVEs

Tag

#ddos

CVE-2023-1802: Docker Desktop release notes

In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed. A targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental Features enabled and have logged in to a private registry are affected.

CVE
#sql#vulnerability#web#mac#windows#apple#microsoft#amazon#ubuntu#linux#debian#ddos#apache#memcached#js#git#kubernetes#intel#rce#perl#nginx#vmware#log4j#amd#auth#ssh#rpm#docker#sap#ssl
FBI Cracks Down on Genesis Market: 119 Arrested in Cybercrime Crackdown

A coordinated international law enforcement operation has dismantled Genesis Market, an illegal online marketplace that specialized in the sale of stolen credentials associated with email, bank accounts, and social media platforms. Coinciding with the infrastructure seizure, the major crackdown, which involved authorities from 17 countries, culminated in 119 arrests and 208 property searches in

F5 Safeguards Digital Services With New AI-Powered App and API Security Capabilities

Enhanced API defenses, granular machine learning capabilities, and new managed service offerings provide comprehensive protection across distributed environments.

Akamai Launches Managed Security Service Updates and New Premium Offering

Customers have increased access to Akamai security experts to help protect from sophisticated cyberattacks.

Sorting Through Haystacks to Find CTI Needles

Clouded vision CTI systems are confronted with some major issues ranging from the size of the collection networks to their diversity, which ultimately influence the degree of confidence they can put on their signals. Are they fresh enough and sufficiently reliable to avoid any false positives or any poisoning? Do I risk acting on outdated data? This difference is major since a piece of

CVE-2023-26112: Snyk Vulnerability Database | Snyk

All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\((.*)\). **Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.

A week in security (March 27 - April 2)

Categories: News Tags: Lock and Code Tags: Anna Pobletts Tags: ChatGPT Tags: World Backup Day Tags: GitHub Tags: accidental breach Tags: DDoS service Tags: Instagram scammer Tags: top cyber threats of 2023 Tags: 3CX Tags: BingBang Tags: Apple Tags: EE phing Tags: phishing Tags: ransomware The most interesting security related news from the week of March 27 to April 2. (Read more...) The post A week in security (March 27 - April 2) appeared first on Malwarebytes Labs.

Cacti, Realtek, and IBM Aspera Faspex Vulnerabilities Under Active Exploitation

Critical security flaws in Cacti, Realtek, and IBM Aspera Faspex are being exploited by various threat actors in hacks targeting unpatched systems. This entails the abuse of CVE-2022-46169 (CVSS score: 9.8) and CVE-2021-35394 (CVSS score: 9.8) to deliver MooBot and ShellBot (aka PerlBot), Fortinet FortiGuard Labs said in a report published this week. CVE-2022-46169 relates to a critical

Pro-Islam 'Anonymous Sudan' Hacktivists Likely a Front for Russia's Killnet Operation

"Anonymous Sudan" has been claiming that its DDoS attacks are in retaliation for anti-Islamic activities, but at least one security vendor is suspicious about its true motives.

German Police Raid DDoS-Friendly Host ‘FlyHosting’

Authorities in Germany this week seized Internet servers that powered FlyHosting, a dark web service that catered to cybercriminals operating DDoS-for-hire services. Fly Hosting first advertised on cybercrime forums in November 2022, saying it was a Germany-based hosting firm that was open for business to anyone looking for a reliable place to host malware, botnet controllers, or DDoS-for-hire infrastructure.