Security News
The financial impacts of cyber breaches continued to drop compared to previous years, with more small businesses reporting losses under $250,000 and fewer reporting higher dollar-value events. Focus on data security grows among small business leaders.
A critical vulnerability in the F5 BIG-IP configuration utility, tracked as CVE-2023-46747, allows an attacker with remote access to the configuration utility to perform unauthenticated remote code execution."This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands," reads F5's security bulletin.
On Wednesday, Apple released security updates for all supported branches of iOS and iPadOS, macOS, tvOS, watchOS and Safari. Another vulnerability of note fixed this Wednesday with the release of iOS 17.1 and iPadOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, tvOS 17.1 and watchOS 10.1 is CVE-2023-42846, a bug that made a privacy-enhancing feature not work as intended.
The attack can be launched against Macs, iPhones, and iPads running Apple's A-series or M-series chips. For macOS, the attack only works on Safari, but for iOS and iPadOS, there's a much larger attack surface.
Cloudflare on Thursday said it mitigated thousands of hyper-volumetric HTTP distributed denial-of-service (DDoS) attacks that exploited a recently disclosed flaw called HTTP/2 Rapid Reset, 89 of...
Cloudflare says the number of hyper-volumetric HTTP DDoS attacks recorded in the third quarter of 2023 surpasses every previous year, indicating that the threat landscape has entered a new chapter. A Cloudflare report shared with BleepingComputer reveals that, during Q3 2023, the internet company mitigated thousands of hyper volumetric HTTP DDoS attacks.
Academic researchers created a new speculative side-channel attack they named iLeakage that works on all recent Apple devices and can extract sensitive information from the Safari web browser. [...]
The Iranian threat actor known as Tortoiseshell has been attributed to a new wave of watering hole attacks that are designed to deploy a malware dubbed IMAPLoader. "IMAPLoader is a .NET malware...
The sharp increase in attacks on operational technology systems can be primarily attributed to two key factors: the escalating global threats posed by nation-state actors and the active involvement of profit-driven cybercriminals. The lack of success on the defense side can be attributed to several factors: the complexity of OT environments, the convergence of information technology and OT, insider attacks, supply chain vulnerabilities, and others.
It provides a vulnerable Active Directory environment for pen testers to practice common attack methods. "When the Zerologon vulnerability surfaced, it highlighted our urgent need for a test lab at work. Furthermore, a training lab became essential to adequately prepare our new pentesters for internal assessments. It's clear: necessity was the birthplace of this idea," Mayfly, pentester at Orange Cyberdefense and creator of GOAD, told Help Net Security.