#ddos

`silverstripe/graphql` serves Silverstripe data as GraphQL representations. In versions 4.2.2 and 4.1.1, an attacker could use a specially crafted graphql query to execute a denial of service attack against a website which has a publicly exposed graphql endpoint. This mostly affects websites with particularly large/complex graphql schemas. Users should upgrade to `silverstripe/graphql` 4.2.3 or 4.1.2 to remedy the vulnerability.

By Mor Ahuvia - SASE Solution Expert, Check Point Software The pandemic. A growing gig economy. Rounds of layoffs across industries. It’s no wonder the workforce looks nothing… This is a post from HackRead.com Read the original post: From Power Plants to eWallets: The role of ZTNA in the gig economy

Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking an user to open a crafted malicious docker-desktop:// URL.

By Habiba Rashid The alleged administrator of the website selling NetWire malware has been arrested in Croatia. This is a post from HackRead.com Read the original post: NetWire Malware Site and Server Seized, Admin Arrested

By Habiba Rashid It turns out that the number of women on the darker side of cybersecurity is increasing, and these stats will shock you. This is a post from HackRead.com Read the original post: Gender Diversity in Cybercrime Forums: Women Users on the Rise

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is below - CVE-2022-35914 (CVSS score: 9.8) - Teclib GLPI Remote Code Execution Vulnerability CVE-2022-33891 (CVSS score: 8.8) - Apache Spark Command Injection Vulnerability

By Owais Sultan As technology continues to evolve, the need for businesses to focus more on cybersecurity is becoming increasingly important… This is a post from HackRead.com Read the original post: Why do Businesses Need to Focus More on Cybersecurity

Ghost 5.35.0 allows authorization bypass: contributors can view draft posts of other users, which is arguably inconsistent with a security policy in which a contributor's draft can only be read by editors until published by an editor. NOTE: the vendor's position is that this behavior has no security impact.

Attackers have already targeted electric vehicle (EV) charging stations, and experts are calling for cybersecurity standards to protect this necessary component of the electrified future.

Innocently or not, residential proxy networks can obscure the actual geolocation of an access point. Here's why that's not great and what you can do about it.