Vulnerability alert: Protecting Against the Newest DDoS Threat In the ever-evolving landscape of cyber threats, the HTTP/2 Rapid Reset Vulnerability has emerged as a significant player in recent record-setting Distributed Denial-of-Service (DDoS) attacks. Amazon Web Services (AWS), Cloudflare, and Google have recently confronted these attacks, urging businesses to be vigilant and proactive. 🔍 Understanding the […]
Category: Vulnerabilities
Microsoft’s Update: A Comprehensive Response to 74 Vulnerabilities
Introduction In its most recent update, Microsoft has addressed 74 flaws across its software spectrum as part of the August 2023 Patch Tuesday. This number, although significant, shows a decrease from the 132 vulnerabilities that were patched in the previous month. Details of the Security Patch This latest security patch encompasses six critical and 67 […]
Microsoft Resolves Significant Power Platform Vulnerability Amid Delay and Controversy
Introduction: Microsoft publicly acknowledged on Friday that it has resolved a critical security flaw within Power Platform. The company faced notable criticism for the delayed response, shedding light on a critical challenge that emphasizes both the significance and complexity of cybersecurity in today’s environment. Section 1: The Vulnerability Microsoft disclosed that the Power Platform flaw […]
Major MikroTik RouterOS Flaw Puts Over Half a Million Devices at High Risk
CVE-2023-30799 MikroTik RouterOS Security Gap An acute privilege elevation vulnerability in MikroTik RouterOS exposes devices to potential remote hacking, allowing attackers to execute arbitrary code and gain total control over the compromised equipment. Labelled as CVE-2023-30799 (CVSS score: 9.1), this weakness is believed to place between 500,000 and 900,000 RouterOS systems at risk of being […]
Exploitation of Windows Search Feature by Hackers to Deploy Remote Access Trojans
As per cybersecurity analysts at Trellix, an authentic Windows search feature has become the latest tool in the hacker’s arsenal. Malicious actors are exploiting this feature to download arbitrary payloads from remote servers and compromise targeted systems with remote access trojans, specifically AsyncRAT and Remcos RAT. The unique attack technique misuses the “search-ms:” URI protocol […]
Zimbra Issues Alert About Actively Exploited Critical Vulnerability in Email Software
CVE-2023-34192 Zimbra, the email software provider, has raised an alert about a severe zero-day vulnerability in its software that’s currently being exploited in real-world attacks. The company has identified a security flaw in the Zimbra Collaboration Suite Version 8.8.15 that could potentially compromise the privacy and integrity of users’ data, according to its advisory. While […]
Attackers Targeting WooCommerce Payments Plugin Security Flaw to Hijack Websites
CVE-2023-28121 A recently disclosed critical vulnerability in the WooCommerce Payments WordPress plugin is actively being exploited by cybercriminals as part of a wide-scale targeted attack. Identified as CVE-2023-28121 (CVSS score: 9.8), the flaw involves an authentication bypass allowing unauthorized attackers to mimic arbitrary users, potentially including administrators. This could lead to the complete takeover of […]
Critical Security Flaws Detected in SonicWall and Fortinet Network Security Tools
Critical Security Flaws Detected in SonicWall and Fortinet Network Security Tools Date: July 13, 2023 | Network Security / Vulnerability SonicWall and Fortinet, the network security giants, have recently alerted their clients about multiple security breaches found in their firewall management and network reporting engine tools – the Global Management System (GMS) and Analytics respectively. […]