Security News

Apple Releases iPhone and iPad Updates to Patch HomeKit DoS Vulnerability
2022-01-12 20:58

Apple on Wednesday rolled out software updates for iOS and iPadOS to remediate a persistent denial-of-service issue affecting the HomeKit smart home framework that could be potentially exploited to launch ransomware-like attacks targeting the devices. The iPhone maker, in its release notes for iOS and iPadOS 15.2.1, termed it as a "Resource exhaustion issue" that could be triggered when processing a maliciously crafted HomeKit accessory name, adding it addressed the bug with improved validation.

URL Parsing Bugs Allow DoS, RCE, Spoofing & More
2022-01-10 17:55

Eight different security vulnerabilities arising from inconsistencies among 16 different URL parsing libraries could allow denial-of-service conditions, information leaks and remote code execution in various web applications, researchers are warning. Multiple Parsers in Use: Whether by design or an oversight, developers sometimes use more than one URL parsing library in projects.

Critical Apache HTTPD Server Bugs Could Lead to RCE, DoS
2021-12-22 17:59

Don't duck at the latest mention of Apache: Two critical bugs in its HTTP web server - HTTPD - need to be patched pronto, lest they lead to attackers triggering denial of service or bypassing your security policies. Both vulnerabilities are found in Apache HTTP Server 2.4.51 and earlier.

Third Log4J Bug Can Trigger DoS; Apache Issues Patch
2021-12-20 16:01

No, you're not seeing triple: On Friday, Apache released yet another patch - version 2.17 - for yet another flaw in the ubiquitous log4j logging library, this time for a DoS bug. The latest bug isn't a variant of the Log4Shell remote-code execution bug that's plagued IT teams since Dec. 10, coming under active attack worldwide within hours of its public disclosure, spawning even nastier mutations and leading to the potential for denial-of-service in Apache's initial patch.

Upgraded to log4j 2.16? Surprise, there's a 2.17 fixing DoS
2021-12-18 10:29

Suspicion of a DoS bug affecting log4j 2.16.0 arose on Apache's JIRA project about three days ago, shortly after 2.15.0 was found to be vulnerable to a minor DoS vulnerability. Log4j 2.17.0 out today, fixes DoS. Tracked as CVE-2021-45105, and scored 'High' on the CVSS scale, the DoS flaw exists as log4j 2.16 "Does not always protect from infinite recursion in lookup evaluation."

Apache’s Fix for Log4Shell Can Lead to DoS Attacks
2021-12-15 14:04

Last Thursday security researchers began warning that a vulnerability tracked as CVE-2021-44228 in Apache Log4j was under active attack and had the potential, according to many reports, to break the internet. To its credit, Apache hastily released a patch to fix Log4Shell with Log4j version 2.15.0 last Friday.

Bluetooth Bugs Open Billions of Devices to DoS, Code Execution
2021-09-02 18:32

Researchers have disclosed a group of 16 different vulnerabilities collectively dubbed BrakTooth, which impact billions of devices that rely on Bluetooth Classic for communication. Potentially, billions of devices could be affected worldwide, researchers said.

Vulnerability Exposes MicroLogix PLCs to Remote DoS Attacks
2021-07-20 13:38

A high-severity vulnerability affecting Rockwell Automation's MicroLogix 1100 programmable logic controllers can be exploited to cause a device to enter a persistent fault condition. According to advisories released this month by Rockwell and the U.S. Cybersecurity and Infrastructure Security Agency, a remote, unauthenticated attacker can exploit CVE-2021-33012 to cause a denial of service condition on the targeted controller by sending it specially crafted commands.

Critical Juniper Bug Allows DoS, RCE Against Carrier Networks
2021-07-16 17:17

Telecom providers, including wireless carriers, are at risk of disruption of network service if the bug in SBR Carrier is exploited. A critical remote code-execution vulnerability in Juniper Networks' Steel-Belted Radius Carrier Edition lays open wireless carrier and fixed operator networks to tampering.

Vulnerabilities in Zephyr's Bluetooth LE Stack May Lead to DoS Attacks
2021-06-22 17:00

Multiple vulnerabilities recently patched in Zephyr's Bluetooth LE stack could be exploited to cause denial of service conditions, prevent further connections, or even leak sensitive information, according to a warning from researchers at the Synopsys Cybersecurity Research Center. The platform includes support for multiple network protocols, including the full Bluetooth LE stack.