Security News
A critical flaw in Atlassian Confluence Data Center and Server has been exploited by a state-backed threat actor, Microsoft's threat analysts have pinpointed. CVE-2023-22515 was initially classified as a critical privilege escalation vulnerability affecting Confluence Data Center and Server versions 8.0.0 and later, but then re-classified as an issue stemming from broken access control.
Microsoft has linked the exploitation of a recently disclosed critical flaw in Atlassian Confluence Data Center and Server to a nation-state actor it tracks as Storm-0062 (aka DarkShadow or...
Amazon Web Services (AWS), Cloudflare, and Google on Tuesday said they took steps to mitigate record-breaking distributed denial-of-service (DDoS) attacks that relied on a novel technique called...
Cloudflare, Google, and Amazon AWS revealed that a zero-day vulnerability in the HTTP/2 protocol has been used to mount massive, high-volume DDoS attacks, which they dubbed HTTP/2 Rapid Reset. Based on Cloudflare's data, several attacks leveraging Rapid Reset were nearly three times larger than the largest DDoS attack in Internet history.
Curl and libcurl, a client-side URL transfer library, are developed by the curl project, with the help of contributors and sponsors. CVE-2023-38545, a high severity flaw that affects both the libcurl library and the curl tool, and.
Arm has released security patches to contain a security flaw in the Mali GPU Kernel Driver that has come under active exploitation in the wild. Tracked as CVE-2023-4211, the shortcoming impacts...
Progress Software, the company behind the recently hacked MOVEit file-sharing tool, has recently fixed two critical vulnerabilities in WS FTP Server, another popular secure file transfer solution. CVE-2023-40044 is a.NET deserialization vulnerability that could allow an unauthenticated threat actor to execute remote commands on the underlying WS FTP Server operating system, and can be exploited via a HTTPS POST request.
A high-severity security flaw has been disclosed in the open-source OpenRefine data cleanup and transformation tool that could result in arbitrary code execution on affected systems. Tracked as...
Cisco is warning of attempted exploitation of a security flaw in its IOS Software and IOS XE Software that could permit an authenticated remote attacker to achieve remote code execution on...
Progress Software, the maker of the MOVEit Transfer file-sharing platform recently exploited in widespread data theft attacks, warned customers to patch a maximum severity vulnerability in its WS FTP Server software. The company says thousands of IT teams worldwide use its enterprise-grade WS FTP Server secure file transfer software.