Security
Headlines
HeadlinesLatestCVEs

Tag

#zero_day

Hackers for Hire Hit Both Sides in Israel-Hamas Conflict

DDoS for hire and live attacks hit both sides as cyber campaigns continue.

DARKReading
Open in Source
#vulnerability#ddos#dos#intel#botnet#zero_day
HTTP/2 Rapid Reset Zero-Day Vulnerability Exploited to Launch Record DDoS Attacks

Amazon Web Services (AWS), Cloudflare, and Google on Tuesday said they took steps to mitigate record-breaking distributed denial-of-service (DDoS) attacks that relied on a novel technique called HTTP/2 Rapid Reset. The layer 7 attacks were detected in late August 2023, the companies said in a coordinated disclosure. The cumulative susceptibility to this attack is being tracked as CVE-2023-44487,

GHSA-wqcr-xm43-hpqr: Vulnerable version of libwebp and can be exploited with a malicious source image

### Impact This vulnerability affects deployments of FreeImage that involve decoding or processing malicious source .webp files. If you only process your own trusted files, this should not affect you, but **you should remove FreeImage from your project, as it is not maintained and presents a massive security risk**. If you are using FreeImage via ImageResizer.Plugins.FreeImage, please utilize [Imageflow](https://github.com/imazen/imageflow) or [Imageflow.Server](https://github.com/imazen/imageflow-dotnet-server) instead, or upgrade to ImageResizer 5 and use ImageResizer.Plugins.Imageflow (enable Prereleases on NuGet to access). FreeImage relies on Google's [libwebp](https://github.com/webmproject/libwebp) library to decode .webp images, and is affected by the recent zero-day out-of-bounds write vulnerability [CVE-2023-4863](https://nvd.nist.gov/vuln/detail/CVE-2023-4863) and https://github.com/advisories/GHSA-j7hp-h8jx-5ppr. The libwebp vulnerability also affects Chrome, Android,...

GHSA-f9pm-4g9p-6vm3: Bundled libwebp in pywebp vulnerable

### Impact pywebp versions before v0.3.0 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863. The vulnerability was a heap buffer overflow which allowed a remote attacker to perform an out of bounds memory write. ### Patches The problem has been patched upstream in libwebp 1.3.2. pywebp was updated to bundle a patched version of libwebp in v0.3.0. ### Workarounds No known workarounds without upgrading. ### References - https://www.rezilion.com/blog/rezilion-researchers-uncover-new-details-on-severity-of-google-chrome-zero-day-vulnerability-cve-2023-4863/ - https://nvd.nist.gov/vuln/detail/CVE-2023-4863

Apple Rolls Out Security Patches for Actively Exploited iOS Zero-Day Flaw

Apple on Wednesday rolled out security patches to address a new zero-day flaw in iOS and iPadOS that it said has come under active exploitation in the wild. Tracked as CVE-2023-42824, the kernel vulnerability could be abused by a local attacker to elevate their privileges. The iPhone maker said it addressed the problem with improved checks. "Apple is aware of a report that this issue may have

Atlassian Confluence Hit by Newly Actively Exploited Zero-Day – Patch Now

Atlassian has released fixes to contain an actively exploited critical zero-day flaw impacting publicly accessible Confluence Data Center and Server instances. The vulnerability, tracked as CVE-2023-22515, is remotely exploitable and allows external attackers to create unauthorized Confluence administrator accounts and access Confluence servers. It does not impact Confluence versions prior to

Exim finally fixes 3 out of 6 vulnerabilities

Categories: Business Categories: News Tags: Exim Tags: mta Tags: cla Tags: spf Tags: nltm Tags: cvss Tags: cve-2023-42115 Tags: cve-2023-42116 Tags: cve-2023-42117 Tags: cve-2023-42118 Tags: cve-2023-42119 Tags: cve-2023-42114 Tags: dbs spa Six vulnerabilities in the Exim message transfer agent have been fixed—over a year after they were reported. (Read more...) The post Exim finally fixes 3 out of 6 vulnerabilities appeared first on Malwarebytes Labs.

Linux Vulnerability Exposes Millions of Systems to Attack

By Waqas Dubbed Looney Tunables; the vulnerability has existed since its introduction in April 2021, putting a significant number of systems at risk. This is a post from HackRead.com Read the original post: Linux Vulnerability Exposes Millions of Systems to Attack

ShellTorch Attack Exposes Millions of PyTorch Systems to RCE Vulnerabilities

By Waqas Dubbed ShellTorch by researchers; these PyTorch vulnerabilities are troubling for the artificial intelligence (AI) and machine learning (ML) community. This is a post from HackRead.com Read the original post: ShellTorch Attack Exposes Millions of PyTorch Systems to RCE Vulnerabilities

Qualcomm Releases Patch for 3 new Zero-Days Under Active Exploitation

Chipmaker Qualcomm has released security updates to address 17 vulnerabilities in various components, while warning that three other zero-days have come under active exploitation. Of the 17 flaws, three are rated Critical, 13 are rated High, and one is rated Medium in severity. "There are indications from Google Threat Analysis Group and Google Project Zero that CVE-2023-33106, CVE-2023-33107,