Security News > 2023 > September
Cloudflare's Firewall and DDoS prevention can be bypassed through a specific attack process that leverages logic flaws in cross-tenant security controls. Specifically, the analyst identified two vulnerabilities in the system impacting Cloudflare's "Authenticated Origin Pulls" and "Allowlist Cloudflare IP Addresses."
Microsoft has resolved a known issue that caused Outlook Desktop to unexpectedly prompt users to reopen previously closed windows. On affected systems, users of Outlook for Microsoft 365 were encountering dialogs with prompts like "Outlook closed while you had items open. Reopen those items from your last session?".
The U.S. Federal Bureau of Investigation (FBI) is warning of a new trend of dual ransomware attacks targeting the same victims, at least since July 2023. "During these attacks, cyber threat actors...
Sophisticated cyber actors backed by Iran known as OilRig have been linked to a spear-phishing campaign that infects victims with a new strain of malware called Menorah. "The malware was designed...
Multiple security vulnerabilities have been disclosed in the Exim mail transfer agent that, if successfully exploited, could result in information disclosure and remote code execution. The list of...
This week has been a busy ransomware week, with ransomware attacks having a massive impact on organizations and the fallout of the MOVEit breaches to be disclosed. Kettering logistics firm enters administration with 730 jobs lost September 27th 2023 Building automation giant Johnson Controls hit by ransomware attack.
Cephalopods such as octopuses and squid could soon receive the same legal protection as mice and monkeys do when they are used in research. On 7 September, the US National Institutes of Health asked for feedback on proposed guidelines that, for the first time in the United States, would require research projects involving cephalopods to be approved by an ethics board before receiving federal funding.
Microsoft introduced its Bing Chat AI search assistant in February and a month later began serving ads alongside it to help cover costs. Security outfit Malwarebytes said on Thursday it has identified malvertising - harmful ads - distributed via Bing Chat conversations.
A critical zero-day vulnerability in all versions of Exim mail transfer agent software can let unauthenticated attackers gain remote code execution on Internet-exposed servers. MTA servers like Exim are highly vulnerable targets, primarily because they are often accessible via the Internet, serving as easy entry points for attackers into a target's network.
A PhD student has been found guilty of building a potentially deadly drone for Islamic State terrorists, in part using his home 3D printer. The prosecution said he had designed the single-use, video-transmitting "Kamikaze" drone "Somewhat inspired by the design of the Tomahawk missile," and used a 3D printer to build the wings.