Security
Headlines
HeadlinesLatestCVEs

Tag

#ddos

Mantis Botnet Behind the Largest HTTPS DDoS Attack Targeting Cloudflare Customers

The botnet behind the largest HTTPS distributed denial-of-service (DDoS) attack in June 2022 has been linked to a spate of attacks aimed at nearly 1,000 Cloudflare customers. Calling the powerful botnet Mantis, the web performance and security company attributed it to more than 3,000 HTTP DDoS attacks against its users. The most attacked industry verticals include internet and telecom, media,

The Hacker News
Open in Source
#vulnerability#web#mac#microsoft#ddos#dos#botnet#ssl#The Hacker News
Endpoint security for Mac: 3 best practices

In this post, we break down three endpoint security for Mac best practices to help you prevent phishing attacks, DDoS attacks, and much more. The post Endpoint security for Mac: 3 best practices appeared first on Malwarebytes Labs.

GHSA-5pgm-3j3g-2rc7: Error messages leading to potential data exfiltration in Valinor

```php <?php namespace My\App; use CuyZ\Valinor\Mapper\MappingError; use CuyZ\Valinor\Mapper\Tree\Node; use CuyZ\Valinor\Mapper\Tree\NodeTraverser; use CuyZ\Valinor\MapperBuilder; require_once __DIR__ . '/Valinor/vendor/autoload.php'; final class Money { private function __construct(public readonly string $amount) { } public static function fromString(string $money): self { if (1 !== \preg_match('/^\d+ [A-Z]{3}$/', $money)) { throw new \InvalidArgumentException(\sprintf('Given "%s" is not a recognized monetary amount', $money)); } return new self($money); } } class Foo { public function __construct( private readonly Money $a, private readonly Money $b, private readonly Money $c, ) {} } $mapper = (new MapperBuilder()) ->registerConstructor([Money::class, 'fromString']) ->mapper(); try { var_dump($mapper->map(Foo::class, [ 'a' => 'HAHA', 'b' => '100 EUR...

CVE-2022-31140

Valinor is a PHP library that helps to map any input into a strongly-typed value object structure. Prior to version 0.12.0, Valinor can use `Throwable#getMessage()` when it should not have permission to do so. This is a problem with cases such as an SQL exception showing an SQL snippet, a database connection exception showing database IP address/username/password, or a timeout detail / out of memory detail. Attackers could use this information for potential data exfiltration, denial of service attacks, enumeration attacks, etc. Version 0.12.0 contains a patch for this vulnerability.

Russian ‘Hacktivists’ Are Causing Trouble Far Beyond Ukraine

The pro-Russian group Killnet is targeting countries supporting Ukraine. It has declared "war" against 10 nations.

Cybersecurity Has a Talent Shortage & Non-Technical People Offer a Way Out

It's time to tap the large reservoir of talent with analytical skills to help tackle cybersecurity problems. Train workers in cybersecurity details while using their ability to solve problems.

Russia Hackers Abusing BRc4 Red Team Penetration Tool in Recent Attacks

By Deeba Ahmed Palo Alto Networks’ Unit 42 security researchers have discovered that Russian state-sponsored hackers are abusing the latest Brute… This is a post from HackRead.com Read the original post: Russia Hackers Abusing BRc4 Red Team Penetration Tool in Recent Attacks

Teen Hackers on Discord Selling Malware for Quick Cash

By Deeba Ahmed Cybersecurity researchers urge parents to keep track of their children’s online activities. Avast security researchers have discovered a server on… This is a post from HackRead.com Read the original post: Teen Hackers on Discord Selling Malware for Quick Cash