Security News

OpenSSL shuts down two high-severity bugs: Flaws enable cert shenanigans, denial-of-service attacks
2021-03-25 20:28

Two high-severity vulnerabilities in the OpenSSL software library were disclosed on Thursday alongside the release of a patched version of the software, OpenSSL 1.1.1k. OpenSSL is widely used to implement the Transport Layer Security and Secure Sockets Layer protocols, which support encrypted network connections. "In order to be affected, an application must explicitly set the X509 V FLAG X509 STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose," the OpenSSL advisory explains.

FBI: Telephony denial-of-service attacks can lead to loss of lives
2021-02-18 16:41

The FBI published this warning on Wednesday as an IC3 public service announcement and as a Private Industry Notification issued to private sector organizations in coordination with DHS-CISA. Attacks on emergency services can lead to loss of lives. "The IC3 has become aware of increased coercion tactics used by the subjects, which have created a threat to emergency services across the nation," the FBI said in a public service announcement from January 2013.

Distributed denial of service (DDoS) attacks: A cheat sheet
2021-01-29 19:57

Independent of who uses them, denial of service attacks can be particularly disruptive and damaging for organizations targeted by cybercriminals. TechRepublic's cheat sheet on denial of service attacks is a comprehensive guide to this topic.

Vulnerability in IBM Db2 Leads to Information Disclosure, Denial of Service
2020-08-20 14:43

A shared memory vulnerability that IBM addressed in its Db2 data management products could allow malicious local users to access sensitive data. Trustwave, which identified the vulnerability and reported it to IBM, says that the issue exists because the developers forgot to include explicit memory protections for the shared memory that the Db2 trace facility uses.

How 4G and 5G networks are vulnerable to Denial-of-Service attacks
2020-03-26 13:01

A report released Thursday by Positive Technologies explains how and why existing 4G and new 5G networks can be hurt by Denial-of-Service attacks in particular. Specifically, the company looked at 4G and 5G networks using Diameter signaling protocol, a method for coordinating data among different Internet Protocol network elements.

China fires up 'Great Cannon' denial-of-service blaster, points it toward Hong Kong
2019-12-06 20:07

Protest organizers come under fire from network traffic barrage China is reportedly using the 'cannon' capabilities of its massive domestic internet to try and take down anti-government websites...

Denial of service kingpin hit with 13 months denial of freedom and a massive bill to pay
2019-11-15 19:40

Illinois man gets more than a year in the slammer for $550K DDoS scheme A US court has sentenced the operator of a massive DDoS service to 13 months in prison.…

VM escape flaw in QEMU allows for arbitrary code execution, denial of service
2019-08-26 15:39

Reassembly of fragmented packets can potentially be exploited against cloud-hosted virtual machine services.

Unpatched vulnerability in MikroTik RouterOS enables easily exploitable denial of service attack
2019-03-28 18:37

Despite having nearly a year to address the vulnerability, no patch is available for a critical vulnerability, leaving network admins no alternative to disabling IPv6 support.

Denial of Service vulnerability discovered in Triconex TriStation Software Suite Emulator
2019-03-20 05:45

Applied Risk ICS Security Consultant Tom Westenberg discovered a DoS vulnerability in an emulated version of the Triconex TriStation Software Suite. Triconex is a Schneider Electric brand which...