Security
Headlines
HeadlinesLatestCVEs

Tag

#ddos

CVE-2022-21227: Denial of Service (DoS) in sqlite3 | CVE-2022-21227 | Snyk

The package sqlite3 before 5.0.3 are vulnerable to Denial of Service (DoS) which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine.

CVE
Open in Source
#sql#vulnerability#web#mac#ddos#dos#nodejs#js#git
CVE-2022-21144: Denial of Service (DoS) in libxmljs | CVE-2022-21144 | Snyk

This affects all versions of package libxmljs. When invoking the libxmljs.parseXml function with a non-buffer argument the V8 code will attempt invoking the .toString method of the argument. If the argument's toString value is not a Function object V8 will crash.

CVE-2022-25844: Regular Expression Denial of Service (ReDoS) in org.webjars.npm:angular | CVE-2022-25844 | Snyk

The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value. **Note:** 1) This package has been deprecated and is no longer maintained. 2) The vulnerable versions are 1.7.0 and higher.

One of the Most Powerful DDoS Attacks Ever Hits a Crypto Platform

The onslaught was delivered through HTTPS, which puts more strain on a target, and it suggests that attackers are getting more powerful.

FBI Conducted 3.4 Million Warrantless Searches of Americans' Data

Plus: Trump backers breach election systems, Microsoft tracks Russia's war prep, a new Facebook leak reveals a mess, and Bored Ape Yacht Club gets hacked.

Cloudflare Flags Largest HTTPS DDoS Attack It's Ever Recorded

This scale of this month's encrypted DDoS attack over HTTPS suggests a well-resourced operation, analysts say.

Threat Roundup for April 22 to April 29

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 22 and April 29. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral... [[ This is only the beginning! Please visit the blog for the complete entry ]]

Security Turbulence in the Cloud: Survey Says…

Exclusive Threatpost research examines organizations’ top cloud security concerns, attitudes towards zero-trust and DevSecOps.

Ukraine government and pro-Ukrainian sites hit by DDoS attacks

We can't tell which party made the first move, but both the pro-Ukraine and Russian sides have been exchanging DDoS attacks. The post Ukraine government and pro-Ukrainian sites hit by DDoS attacks appeared first on Malwarebytes Labs.

Indian Govt Orders Organizations to Report Security Breaches Within 6 Hours to CERT-In

India's computer and emergency response team, CERT-In, on Thursday published new guidelines that require service providers, intermediaries, data centers, and government entities to compulsorily report cybersecurity incidents, including data breaches, within six hours. "Any service provider, intermediary, data center, body corporate and Government organization shall mandatorily report cyber