Security News

The Cybersecurity and Infrastructure Security Agency has added a critical severity Java deserialization vulnerability affecting multiple Zoho ManageEngine products to its catalog of bugs exploited in the wild."The exploit POC for the above vulnerability is available in public," ManageEngine warned customers in July when it issued security patches to address this issue.

Account takeover attacks on the rise, impacting almost 25% of people in the US. Account takeover attacks can devastate individuals and organizations alike. In a report released Thursday, fraud management company SEON looks at the rise in account takeovers and offers advice to businesses and consumers on how to protect their accounts.

Researchers have observed a surge in hacking attempts targeting CVE-2022-24086, a critical Magento 2 vulnerability allowing unauthenticated attackers to execute code on unpatched sites. According to a report published by Sansec today, we have reached that stage, with the critical template vulnerability becoming a favorite in the hacker underground.

This is an interesting attack I had not previously considered. The variants are interesting, and I think we’re just starting to understand their implications.

While novel attacks seem to emerge faster than TikTok trends, some warrant action before they've even had a chance to surface. This is the case for an attack we'll refer to as Evil-Colon, which operates similarly to the now defunct Poison-NULL-Byte attacks.

Microsoft announced that the Windows 11 SMB server is now better protected against brute-force attacks with the release of the Insider Preview Build 25206 to the Dev Channel. Redmond has enabled the SMB authentication rate limiter by default and tweaking some of its settings to make such attacks less effective, starting with the latest Windows 11 Insider dev build.

According to Gcore, in 2022, the number and volume of DDoS attacks will roughly double compared to 2021. Rew, which business sectors are being attacked more often than others in 2022?

Phishing actors are abusing LinkedIn's Smart Link feature to bypass email security products and successfully redirect targeted users to phishing pages that steal payment information.Smart Link is a feature reserved for LinkedIn Sales Navigator and Enterprise users, allowing them to send a pack of up to 15 documents using a single trackable link.

Cybersecurity company Imperva has disclosed that it mitigated a distributed denial-of-service attack with a total of over 25.3 billion requests on June 27, 2022. The "Strong attack," which targeted an unnamed Chinese telecommunications company, is said to have lasted for four hours and peaked at 3.9 million requests per second.

Internet security company Imperva has announced its DDoS mitigation solution has broken a new record, defending against a single attack that sent over 25.3 billion requests to one of its customers. The DDoS attack unfolded on June 27, 2022, peaking at 3.9 million requests per second and averaging 1.8 million RPS. While this pales compared to the record-breaking attack that Cloudflare mitigated in June, which topped at 26 million RPS, the duration in Imperva's case was unusually long.