Skip to Content

Cloudflare says it has blocked a distributed denial-of-service (DDoS) attack that peaked at between 50 and 70 million requests per second (rps), at one point reaching 71 rps. Cloudflare says that the attack “is the largest reported HTTP DDoS attack on record.” The record-breaking DDoS was just one of dozens of DDoS attacks over the …

Read More about Cloudflare Blocks 71M rps DDoS

On Monday, February 13, Apple released fixes for multiple products, including iOS, macOS, Safari, iPadOS, tvOS, and watchOS. Updates for iOS and iPadOS 16.3.1 and macOS 13.2.1 an actively-exploited arbitrary code execution flaw in WebKit/Safari. Note The 0-day vulnerability is part of “WebKit”. WebKit is Apple’s open source browser engine that is included in other …

Read More about Apple Updates Include Fix for iOS Zero-day

SonicWall has published a security advisory warning that they “have identified an inconsistency in Capture Client Windows 3.7.6 and older clients on endpoints running Windows 11 version 22H2 … result[ing] in Web Content Filtering (WCF) policies that enforce blocked categories to be no longer effective on impacted endpoints.” SonicWall says the issue will be addressed …

Read More about SonicWall Warns of Web Content Filtering Limitation

The US National Institute of Standards and Technology (NIST) has selected the Ascon cryptographic algorithms to be its lightweight cryptographic standard. Lightweight cryptography algorithms need to be powerful enough to protect small Internet of Things (IoT) and other lightweight devices with limited computational resources. Note It is a very important move by NIST to recognize …

Read More about NIST Announces Choice for Lightweight Cryptographic Standard

The US National Science Foundation (NSF) has filed a Request for Information (RFI) seeking public comment on the 2023 Federal Cybersecurity Research and Development Strategic Plan. The plan must be updated every four years to comply with the Cybersecurity Enhancement Act of 2014. The RFI includes seven questions to consider when providing input. Comments will …

Read More about US National Science Foundation Seeking Comment on Federal Cybersecurity Research and Development Strategic Plan

MITRE’s Cyber Resiliency Engineering Framework (CREF) Navigator, “a relational database of NIST SP 800-160 Volume 2 concepts that is searchable, visualizes resilience relationships & presents a Web UI while utilizing portable, opensource components to enable use in tools. The CREF Navigator distills tons of useful terms, tables, and relationships from the CREF/NIST SP 800-160 Volume …

Read More about MITRE Releases Cyber Resiliency Engineering Framework Navigator

Police in France have arrested Aleksanteri Tomminpoika Kivimäki (formerly Julius Kivimäki), a Finnish individual wanted for numerous cybercrimes. In 2020, Kivimäki allegedly leaked sensitive patient files stolen from Vastaamo Psychotherapy Center. Finnish authorities charged Kivimäki in absentia in October 2022 and issued an international warrant for his arrest. Note Over the past two years, nations …

Read More about Alleged Vastaamo Hacker Arrested in France

Tallahassee (Florida) Memorial Healthcare (TMH) is diverting some Emergency Medical Services (EMS) patients to other hospitals following an “IT security issue.” The incident began late in the day on Thursday, February 2. TMH has taken its IT systems off-line as a precautionary measure and is operating under electronic health record (HER) downtime procedures. Note With …

Read More about Tallahassee Memorial Healthcare IT Systems Offline After “Security Issue”

OpenSSH maintainers have released an updated version of the open-source implementation of the SSH protocol to fix three security issues. OpenSSH 9.2/9.2p1 includes a fix for a pre-authentication double-free memory vulnerability that was introduced in OpenSSH 9.1. Note One of the vulnerabilities may allow remote code execution pre-authentication. It will likely be difficult to exploit, …

Read More about OpenSSH Releases Version 9.2/9.2p1 to Fix Security Issues

In a blog post, researchers from Aqua Nautilus detail their findings about malware called HeadCrab that has infected more than 1,200 Redis database servers in the past year-and-a-half. The threat actor has been using their access to the servers to mine virtual currency. Note Optimized databases like Redis are sometimes “protected” by the limited functionality …

Read More about HeadCrab Malware Has Infected More than 1,200 Redis Servers

Both France’s and Italy’s Computer Emergency Response Teams (CERTs) have issued alerts warning “of attack campaigns targeting VMware ESXi hypervisors with the aim of deploying ransomware on them.” The vulnerability (CVE-2021-21974) affects ESXi 7.0, 6.7 and 6.5. Support for ESXi 6.7 and 6.5 ended in October 2022. The flaw was disclosed, and a fix was …

Read More about Ransomware Campaign Exploits Known VMware Vulnerability

Maryland’s Atlantic General Hospital is experiencing disruptions to some services following a ransomware attack. Healthcare professionals are operating on EHR downtime procedures. Most patients can still be seen; the attack has caused outages affecting the hospital’s pharmacy, outpatient imaging, outpatient walk-in lab, and pulmonary function testing Note The Healthcare Sector was frequently targeted for ransomware …

Read More about Maryland Hospital Suffers Ransomware Attack

Researchers from SaiFlow have detailed vulnerabilities affecting electric vehicle (EV) charging stations that could be exploited to cause denial-of-service or trick them into charging vehicles without payment. The vulnerabilities lie in the Open Charge Point Protocol (OCPP) standard. Note Electric Vehicle chargers are more than high power electric outlets. The cable connecting the car to …

Read More about Electric Vehicle Charger Vulnerabilities

An exploit known as SH1MMER (Shady Hacking 1nstrument Makes Machine Enrollment Retreat) has the capacity to unenroll enterprise- and school-managed ChromeBooks from administrative policies as set in the Google Admin console. Google is working on addressing the issue. Note If you’re reliant on your managed mode for your Chromebook fleet, you’re going to need to …

Read More about SH1MMER ChromeBook Exploit
Ads Blocker Image Powered by Code Help Pro

Your Support Matters...

We run an independent site that is committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we have not implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you are currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.