Security
Headlines
HeadlinesLatestCVEs

Tag

#ddos

WordPress sites getting hacked ‘within seconds’ of TLS certificates being issued

Attackers pounce before site owners can activate the installation wizard

PortSwigger
Open in Source
#vulnerability#web#windows#ddos#wordpress#php#auth#ssl
Hackers Using PrivateLoader PPI Service to Distribute New NetDooka Malware

A pay-per-install (PPI) malware service known as PrivateLoader has been spotted distributing a "fairly sophisticated" framework called NetDooka, granting attackers complete control over the infected devices. "The framework is distributed via a pay-per-install (PPI) service and contains multiple parts, including a loader, a dropper, a protection driver, and a full-featured remote access trojan (

Why Security Matters Even More in Online Gaming

As the gaming sector booms, game publishers and gaming networks have been heavily targeted with distributed denial-of-service (DDoS) attacks in the last year.

Cloudflare Successfully Thwarted One of The Largest DDoS Attacks

By Waqas Cloudflare explained that it wasn’t the largest application-layer attack but the largest ever noted in the HTTPS category.… This is a post from HackRead.com Read the original post: Cloudflare Successfully Thwarted One of The Largest DDoS Attacks

Anonymous Leak 82GB of Police Emails Against Australia’s Offshore Detention

By Waqas In total, Anonymous leaked 285,635 confidential emails belonging to the Nauru Police Force of the tiny Nauru Island… This is a post from HackRead.com Read the original post: Anonymous Leak 82GB of Police Emails Against Australia’s Offshore Detention

Ukraine War Themed Files Become the Lure of Choice for a Wide Range of Hackers

A growing number of threat actors are using the ongoing Russo-Ukrainian war as a lure in various phishing and malware campaigns, even as critical infrastructure entities continue to be heavily targeted. "Government-backed actors from China, Iran, North Korea and Russia, as well as various unattributed groups, have used various Ukraine war-related themes in an effort to get targets to open

New Regulations in India Require Orgs to Report Cyber Incidents Within 6 Hours

CERT-In updates cybersecurity rules to include mandatory reporting, record-keeping, and more.

CVE-2022-25844: Snyk Vulnerability Database | Snyk

The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value. **Note:** 1) This package has been deprecated and is no longer maintained. 2) The vulnerable versions are 1.7.0 and higher.

CVE-2022-21227: Denial of Service (DoS) in sqlite3 | CVE-2022-21227 | Snyk

The package sqlite3 before 5.0.3 are vulnerable to Denial of Service (DoS) which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine.

CVE-2022-21144: Denial of Service (DoS) in libxmljs | CVE-2022-21144 | Snyk

This affects all versions of package libxmljs. When invoking the libxmljs.parseXml function with a non-buffer argument the V8 code will attempt invoking the .toString method of the argument. If the argument's toString value is not a Function object V8 will crash.