A recently-discovered vulnerability in SLP, a legacy network protocol, can be used for disastrous increasing in DDoS-attack efficiency. As researchers say, the use of SMP vulnerability can push the amplification factor of an attack up to 2200 times – an unseen level. What is SLP? First of all, let’s clear things up. SLP, or Service… Continue reading New SLP Vulnerability Allows 2200x DDoS Amplification
Tag: Vulnerabilities
WhatsApp Hacked, Almost 500 Million Users Exposed
On November 28, 2022, information regarding a new WhatsApp breach appeared. The hacker offers a database with stolen data for sale since November 16. The offered pack contains the data of over 487 million users from up to 84 countries. WhatsApp hacked with used data exposition WhatsApp, one of the most popular messaging applications under… Continue reading WhatsApp Hacked, Almost 500 Million Users Exposed
Vulnerability in HP BIOS causes system takeover
Following recent fixes for a large number of UEFI vulnerabilities, worldwide-known PC and laptop vendor HP is releasing a new BIOS update. This time around, two serious vulnerabilities affecting a wide range of over 200 PC and laptop models that allow code to run with kernel privileges, including driver management and BIOS access, were the… Continue reading Vulnerability in HP BIOS causes system takeover
A DNS vulnerability in uClibc/uClibs-ng libraries jeopardizes IoT devices
A vulnerability has been discovered (CVE not yet issued) in uClibc and uClibc-ng C standard libraries. These libraries are vastly used in IoT devices. The newly found vulnerability makes it possible to place forged data into the DNS cache, allowing to set an arbitrary IP address in that cache with the subsequent rerouting of all… Continue reading A DNS vulnerability in uClibc/uClibs-ng libraries jeopardizes IoT devices
F5 warns of critical BIG-IP RCE vulnerability
F5, Inc warned the users about the critical vulnerability that harms the iControl REST users. That solution is a framework offered by the F5 Corporation as an advanced tool for software developers. The detected flaw is noted as critical, since it makes the device takeover possible for non-authorised users. F5 warns its customers of a… Continue reading F5 warns of critical BIG-IP RCE vulnerability
Hackers Use Fresh Vulnerability in Windows Print Spooler in Real Attacks
The US Infrastructure and Cybersecurity Agency (CISA) warned that a vulnerability in the Windows Print Spooler component, patched by Microsoft in February 2022, is being actively exploited by hackers. The issue in question is tracked as CVE-2022-22718 (CVSS score of 7.8) and, according to Microsoft, affects all versions of Windows. At the same time, the… Continue reading Hackers Use Fresh Vulnerability in Windows Print Spooler in Real Attacks
Dangerous bug in WhatsApp could lead to disclosure of user data
Check Point specialists spoke about a dangerous bug they discovered in the WhatsApp image processing function, which could lead to the disclosure of user data. The problem helped to disable the application, in addition, by applying certain filters to a specially created image and sending it to a potential victim, an attacker could exploit the… Continue reading Dangerous bug in WhatsApp could lead to disclosure of user data
LockFile ransomware adopts ProxyShell and PetitPotam vulnerabilities
The new LockFile ransomware exploits recently discovered ProxyShell and PetitPotam vulnerabilities to increase its chances of hacking and encrypting corporate networks. Experts from TG Soft and well-known information security researcher Kevin Beaumont reported about the new threat. They write that LockFile operators are using recently discovered vulnerabilities, collectively known as ProxyShell, to attack Microsoft Exchange… Continue reading LockFile ransomware adopts ProxyShell and PetitPotam vulnerabilities
Experts list 15 most attacked Linux vulnerabilities
Trend Micro has published a list of the top threats and most attacked vulnerabilities for Linux in the first half of 2021. The results were obtained from honeypots, sensors and anonymous telemetry. In total, the company recorded about 15,000,000 malicious events targeting Linux-based cloud environments and estimates that miners and ransomware account for 54% of… Continue reading Experts list 15 most attacked Linux vulnerabilities
Vulnerabilities in STARTTLS threaten popular email clients
At the USENIX conference, a group of German scientists announced the discovery of more than 40 vulnerabilities in STARTTLS implementations in popular mail clients and servers, including Apple Mail, Gmail, Mozilla Thunderbird, Claws Mail, Mutt, Evolution, Exim, Mail.ru, Samsung Email, Yandex and KMail. Exploitation of these issues allows an attacker to steal credentials, intercept emails,… Continue reading Vulnerabilities in STARTTLS threaten popular email clients