Collaborate Disseminate
Denial-of-Service (DoS) amplification. Relatively early in the history of the Internet — it was only 14 years old at the time — the first DoS amplification attack was discovered. [TFreak] …read more Continue reading This Week in Security: DDoS Techniques, Dirty Pipe, and Lapsus$ Continued
The geopolitics surrounding the invasion of Ukraine are outside the scope of this column, but the cybersecurity ramifications are certainly fitting fodder. The challenge here is that almost everything of …read more Continue reading This Week in Security: Ukraine, Nvidia, and Conti
One of the most popular WordPress backup plugins, UpdraftPlus, has released a set of updates, x.22.3, that contain a potentially important fix for CVE-2022-23303. This vulnerability exposes existing backups to …read more Continue reading This Week in Security: Updraft, Termux, and Magento
Running Chrome or a Bhromium-based browser? Check for version 98.0.4758.102, and update if you’re not running that release or better. Quick tip, use chrome://restart to trigger an immediate restart of …read more Continue reading This Week in Security: Chrome 0-day,Cassandra, and a Cisco PoC
Unknown attackers have been exploiting a 0-day attack against the Zimbra e-mail suite. Researchers at Volexity first discovered the attack back in December of last year, detected by their monitoring …read more Continue reading This Week in Security: Zimbra, Lockbit 2, And Hacking NK
Samba has a very serious vulnerability, CVE-2021-44142, that was just patched in new releases 4.13.17, 4.14.12, and 4.15.5. Discovered by researchers at TrendMicro, this unauthenticated RCE bug weighs in at …read more Continue reading This Week in Security: Samba, Wormhole Crypto Heist, And A Bogus CVE
The CIA Hacktivists have launched a sort of ransomware campaign against the Belarusian rail system, but instead of cryptocurrency, they want the release of political prisoners and removal of Russian …read more Continue reading This Week in Security: Geopolitical Hacktivism, Antivirus Mining, and Linux Malware
Let’s imagine a worst case situation for home routers. It would have to start with a port unintentionally opened to the internet, ideally in a popular brand, like Netgear. For …read more Continue reading This Week in Security: NetUSB, HTTP.sys, and 2013’s CVE is Back
We’ve covered quite a few stories about malware sneaking into the NPN and other JavaScript repositories. This is a bit different. This time, a JS programmer vandalized his own packages. …read more Continue reading This Week in Security: NPM Vandalism, Simulating Reboots, and More
If you had the misfortune of running a Microsoft Exchange server this past week, then you don’t need me to tell you about the Y2K22 problem. To catch rest of …read more Continue reading This Week in Security:Y2K22, Accidentally Blocking 911,and Bug Alert