Two high-severity vulnerabilities in the OpenSSL software library were disclosed on Thursday alongside the release of a patched version of the software, OpenSSL 1.1.1k. OpenSSL is widely used to implement the Transport Layer Security and Secure Sockets Layer protocols, which support encrypted network connections. "In order to be affected, an application must explicitly set the X509 V FLAG X509 STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose," the OpenSSL advisory explains.
The FBI published this warning on Wednesday as an IC3 public service announcement and as a Private Industry Notification issued to private sector organizations in coordination with DHS-CISA. Attacks on emergency services can lead to loss of lives. "The IC3 has become aware of increased coercion tactics used by the subjects, which have created a threat to emergency services across the nation," the FBI said in a public service announcement from January 2013.
Independent of who uses them, denial of service attacks can be particularly disruptive and damaging for organizations targeted by cybercriminals. TechRepublic's cheat sheet on denial of service attacks is a comprehensive guide to this topic.
A shared memory vulnerability that IBM addressed in its Db2 data management products could allow malicious local users to access sensitive data. Trustwave, which identified the vulnerability and reported it to IBM, says that the issue exists because the developers forgot to include explicit memory protections for the shared memory that the Db2 trace facility uses.
A report released Thursday by Positive Technologies explains how and why existing 4G and new 5G networks can be hurt by Denial-of-Service attacks in particular. Specifically, the company looked at 4G and 5G networks using Diameter signaling protocol, a method for coordinating data among different Internet Protocol network elements.
Protest organizers come under fire from network traffic barrage China is reportedly using the 'cannon' capabilities of its massive domestic internet to try and take down anti-government websites...
Illinois man gets more than a year in the slammer for $550K DDoS scheme A US court has sentenced the operator of a massive DDoS service to 13 months in prison.…
Reassembly of fragmented packets can potentially be exploited against cloud-hosted virtual machine services.
Despite having nearly a year to address the vulnerability, no patch is available for a critical vulnerability, leaving network admins no alternative to disabling IPv6 support.
Applied Risk ICS Security Consultant Tom Westenberg discovered a DoS vulnerability in an emulated version of the Triconex TriStation Software Suite. Triconex is a Schneider Electric brand which...