Mirai Variant IZ1H9 Adds 13 Exploits to Arsenal
A variant of the Mirai botnet has recently updated its arsenal of tools with 13 exploits targeting vulnerabilities in IoT devices from D-Link, TP-Link, Zyxel,…
Category: SecurityWeek
‘HTTP/2 Rapid Reset’ Zero-Day Exploited to Launch Largest DDoS Attacks in History
Cloudflare, Google and AWS revealed on Tuesday that a new zero-day vulnerability named ‘HTTP/2 Rapid Reset’ has been exploited by malicious actors to launch the…
SAP Releases 7 New Notes on October 2023 Patch Day
German software maker SAP this week announced the release of seven new and two updated security notes as part of its October 2023 Security Patch…
SecurityWeek to Host 2023 ICS Cybersecurity Conference October 23-26 in Atlanta
SecurityWeek will host its 2023 Industrial Control Systems (ICS) Cybersecurity Conference from October 23–26, 2023 at the InterContinental Atlanta Buckhead. Now in its 22nd year, the conference…
Twistlock Founders Score Whopping $51M Seed Funding for Gutsy
The team of entrepreneurs that created and sold Twistlock to Palo Alto are peeling the wraps of a brand new cybersecurity upstart focused on redefining…
One-Click GNOME Exploit Could Pose Serious Threat to Linux Systems
GitHub’s Security Lab has warned Linux users about a serious remote code execution vulnerability affecting a component of the popular GNOME desktop environment. The flaw…
Magecart Web Skimmer Hides in 404 Error Pages
A recent Magecart web skimming campaign is using three concealment techniques, including by hiding the malicious code in the targeted website’s ‘404’ error page, Akamai’s…
Cable Giant Volex Targeted in Cyberattack
UK-based cable manufacturing giant Volex (AIM: VLX) has been targeted in a cyberattack that involved unauthorized access to some of the company’s IT systems and…
Recently Patched TagDiv Plugin Flaw Exploited to Hack Thousands of WordPress Sites
A recently patched vulnerability affecting a plugin associated with the Newspaper and Newsmag themes has been exploited to hack thousands of WordPress websites as part…
Credential Harvesting Campaign Targets Unpatched NetScaler Instances
A credential harvesting campaign is targeting Citrix NetScaler gateways that have not been patched against a recent vulnerability, IBM reports. Tracked as CVE-2023-3519 (CVSS score…
Google Expands Bug Bounty Program With Chrome, Cloud CTF Events
Google has announced the expansion of its vulnerability rewards program with two events focused on Chrome’s V8 JavaScript rendering engine and on Kernel-based Virtual Machine…
Patches Prepared for ‘Probably Worst’ cURL Vulnerability
The maintainers of the cURL data transfer project are working on patching two vulnerabilities in the software, including a high-severity bug impacting both libcurl and…