Security News
American IT software company Ivanti has released security updates to fix three new Cloud Services Appliance (CSA) zero-days tagged as actively exploited in attacks. [...]
The discovery that 95% of advanced bot attacks go undetected points to a weakness in current detection and mitigation strategies. This suggests that while some organizations may have basic...
It's still safe to drink, top provider tells us Updated American Water, which supplies over 14 million people in the US and numerous military bases, has stopped issuing bills and has taken its...
Qualcomm has released security patches for a zero-day vulnerability in the Digital Signal Processor (DSP) service that impacts dozens of chipsets. [...]
Cybersecurity researchers have discovered a new botnet malware family called Gorilla (aka GorillaBot) that is a variant of the leaked Mirai botnet source code. Cybersecurity firm NSFOCUS, which...
Organizations are losing between $94 - $186 billion annually to vulnerable or insecure APIs (Application Programming Interfaces) and automated abuse by bots. That’s according to The Economic...
CLoudflare just blocked the current record DDoS attack: 3.8 terabits per second. (Lots of good information on the attack, and DDoS in general, at the link.) News article.
Cloudflare has revealed that it successfully mitigated a record-breaking distributed denial-of-service (DDoS) attack that peaked at 3.8 terabits per second (Tbps) and lasted 65 seconds. This attack was part of a larger wave of over one hundred hyper-volumetric Layer 3/4 DDoS attacks throughout the month. Many of these attacks exceeded 2 billion packets per second (Bpps) and 3 Tbps, showcasing the increasing scale and intensity of such threats. The attacks, which have been ongoing since early September 2024, primarily targeted customers in the financial services, Internet, and telecommunications industries.Cloudflare has not attributed these attacks to any specific threat actor. However, the scale of the attacks underlines the growing sophistication of cybercriminals, who continue to exploit vulnerabilities in global digital infrastructure. The company emphasized that these hyper-volumetric attacks focus on overwhelming network layers responsible for packet transmission and reception (L3/4).
A new high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable malicious actors to execute arbitrary JavaScript code under certain conditions....
A recently disclosed vulnerability in the Common Unix Printing System (CUPS) open-source printing system can be exploited by threat actors to launch distributed denial-of-service (DDoS) attacks...